Understanding the Limits of Artificial Intelligence for Warfighters
Volume 2, Distributional Shift in Cybersecurity Datasets
ResearchPublished Jan 3, 2024
The Department of the Air Force has become increasingly interested in the potential for artificial intelligence (AI) to revolutionize different aspects of warfighting. But in the context of cybersecurity, distributional shift—the divergence of current data from the data on which an AI system was trained—can significantly reduce the longevity of AI applications. This could be especially dangerous as the threat of cyberattacks continues to grow.
Volume 2, Distributional Shift in Cybersecurity Datasets
ResearchPublished Jan 3, 2024
The Department of the Air Force has become increasingly interested in the potential for artificial intelligence (AI) to revolutionize different aspects of warfighting. For this project, the U.S. Air Force asked RAND Project AIR FORCE to consider broadly what AI cannot do—to understand the limits of AI for warfighting applications. This report presents a discussion of the application of AI systems to perform two common cybersecurity tasks—detecting network intrusions and identifying malware—and the effect of distributional shift on those tasks, a phenomenon that can significantly limit AI effectiveness. Distributional shift occurs when the data that an AI system encounters after it is deployed differ appreciably from the data on which it was trained and tested.
This report describes the importance of distributional shift, how it can and does significantly limit AI effectiveness in detecting network intrusions and identifying malware, how to test for and quantify its effects, and how those effects could be mitigated. This work is aimed primarily at larger organizations, such as headquarters facilities, that have the bandwidth and computing power to implement AI-enabled cybersecurity systems and to update their systems regularly.
This report is the second in a five-volume series addressing how AI could be employed to assist warfighters in four distinct areas: cybersecurity, predictive maintenance, wargames, and mission planning. This volume is intended for a technical audience; the series as a whole is designed for those who are interested in warfighting and AI applications more generally
This research was prepared for the Department of the Air Force and conducted within the Force Modernization and Employment Program of RAND Project AIR FORCE.
This publication is part of the RAND research report series. Research reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND research reports undergo rigorous peer review to ensure high standards for research quality and objectivity.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.