Friday, August 25, 2023

The 3 Types Of AI Bias You Need To Know About & How To Fix Them

 


AI, AI, AI, blah, blah, blah.  These are the hot buzzwords in Cyber today, and it will be for some time yet to come.  I have blogged about this I think rather extensively, and this is what I am going to do today as well.  But this time, I am taking a different angle. 

I am going to talk about the errors that AI can actually make.  One such area is what is known as “bias”.  We pretty much all know what this term means, but when it comes to AI, it can be defined as follows:

“Machine learning bias, also known as algorithm bias or AI bias, is a phenomenon that occurs when an algorithm produces results that are systemically prejudiced due to erroneous assumptions in the machine learning (ML) process.”

(SOURCE:  https://www.techtarget.com/searchenterpriseai/definition/machine-learning-bias-algorithm-bias-or-AI-bias#:~:text=Machine%20learning%20bias%2C%20also%20known,machine%20learning%20(ML)%20process.)

Simply put, this is where your output gives you something else, because it has been slanted, or even favored in one direction or another.  Heck, even human bias can be a huge factor, as we will later see.  In general, there are three types of AI Bias, which are:

1)     In the Training Data:

AI systems need a lot of data at first in order to for it to learn, and make predictions.  If this initial training data is not a representative set or is skewed in some fashion, all of the other subsequent outputs will also be “biased” to some degree or another.  It is important to note that the training data is the foundation for all of the other datasets that will be collected and used.

2)     In the Algorithms:

This can be considered to be at the heart of any AI system.  This is where the data is processed, and from there, the outputs will be derived.  If the algorithms are not fine-tuned and optimized after the initial training run, there will be a certain level of skewness in later runs, which of course is not wanted.

3)     In our own Minds:

This is technically referred to as “Cognitive Bias”.  This is where human prejudice comes into play, and you either consciencely or subconsciously favor the datasets you are selecting, or in the way you design your algorithms.  The basic premise here is that you want a certain outcome to happen, and you will feed in the data that way in order for it to happen.

But the fear here is that these kind of AI biasness, if not corrected, can lead to some grave security consequences, especially as businesses today are making a full force move to the Cloud (such as Azure or AWS).  Here is a sampling of some of these fears:

1)     The correct types of warnings and alerts will not be sent:

AI is being used heavily today to help filter out false positives and present only the real ones to the IT Security team for appropriate triaging.  But if there is a certain level of bias the AI system could either overstate or even understate the actual severity level of a threat.  As a result, the IT Security team may respond to the wrong alerts and warnings, thus leading to a cataclysmic security breach.  Worst yet, if the IT Security team is implicitly trusting the AI system in this regard, it could even lead to greater cases of what is known as “Alert Fatigue”.  AI systems have been created in order to prevent this exact thing from happening but once again, any kind of biasness can defeat this whole purpose all together.

2)     The inability to see new threat variants:

One of the greatest benefits of an AI system in Cybersecurity is its ability to try to project what the future threat landscape could potentially look like.  But once again, any form of biasness, whether it is in the data or the algorithms, could make the AI system lose this kind of effectiveness very quickly, thus giving the IT Security team an extreme false sense of security.

3)     Less compliance with the data privacy laws:

Another key area where AI is being used in Cybersecurity is in detecting potential leaks.  If a biased AI system cannot get the clues in time, your company will be faced with yet another kind security breach that you don’t want to happen, because if it does, you will fall in the crosshairs of regulators, and possibly face very harsh penalties and fines, as mandated by the GDPR and the CCPA.

My Thoughts On This:

At this point, you are probably wondering what can be done to help mitigate AI biasness.  Here are some quick tips for you:

1)     Educate:

To truly understand what AI biasness is all about, you have to teach it to your IT Security team.  As much as security awareness training is important, so is this area also, at least for those employees of yours that are helping to fortify the lines of defenses for your business.

2)     Run QA checks on the datasets:

Although this might be a time-consuming process, it will pay its dividends in the end.  As it was stated earlier, the first datasets you feed into your AI system  is the most important.  So make sure all of the data that you feed into it is optimized and cleansed as  much as possible.

3)     Don’t depend alone on technology:

As much as we would like to think that AI systems don’t humans, the bottom line is that it does,  and this will always be the case.  So make sure to get your IT Security involved in all aspects of the AI system development and deployment.

4)     Use multiple AI systems:

Remember, you don’t have to use just one AI system.  You can use multiple ones, and it is even recommended that you do so to help eliminate the possibility of bias.  This can be likened  to having multiple layers of security in order to decrease the odds of the Cyberattacker breaking through to your crown jewels.

5)     Use biasness technology:

As much as AI is advancing, so are the tools that are being used to support them.  So in this regard, be on the lookout for any kind of AI biasness components that you can integrate into your AI system.

In the end, there will always be some biasness in AI systems, that is just the nature of it.  But the trick here is to mitigate that level as much as possible, in a way that is similar to mitigating the risks of being a victim of a Cyberattack. 

But remember, AI systems are nothing but garbage  in and garbage out.  It is only as good as the data that you need!!!

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...