Human Factors in Interactive Machine Learning: A Cybersecurity Case Study

Abstract

Cybersecurity is emerging as a major issue for many organizations and countries. Machine learning has been used to recognize threats, but it is difficult to predict future threats based on past events, since malicious attackers are constantly finding ways to circumvent defences and the algorithms that they rely on. Interactive Machine learning (iML) has been developed as a way to combine human and algorithmic expertise in a variety of domains and we are currently applying it to cybersecurity. In this application of iML, implicit knowledge about human behaviour, and about the changing nature of threats, can supplement the explicit knowledge encoded in algorithms to create more effective defences against cyber-attacks. In this paper we present the example problem of data exfiltration where insiders, or outsiders masquerading as insiders, who copy and transfer data maliciously, against the interests of an organization. We will review human factors issues associated with the development of iML solutions for data exfiltration. We also present a case study involving development of an iML solution for a large financial services company. In this case study we review work carried out on developing visualization dashboards and discussing prospects for further iML integration. Our goal in writing this paper is to motivate future researchers to consider the role of the human more fully in ML, not only in the data exfiltration and cybersecurity domain but also in a range of other applications where human expertise is important and needs to combine with ML prediction to solve challenging problems.