Heuristic Rules

What Are Heuristic Rules?

Heuristic rules are shortcuts that deliver quicker decisions than traditional methods when problem-solving in computing and elsewhere – we could even say they are used to reach educated guesses. 

Heuristic rules, also known as heuristics, are particularly important in computer science as they provide opportunities to work much faster, also using fewer resources and minimizing load on the system. 

However, heuristics involve trade-offs, because you are prioritizing speed over precision, accuracy or completeness. In a sense, they embrace the concept of “good-enough” calculations, to help processes along, with speed making up for these shortcomings. 

For example, this can be a system that blocks transactions quickly based on a blacklisted data point such as user ID, email, browser hash or other.

How Do Heuristic Rules Work?

Heuristic rules help enable faster decision making in models by:

1. Studying historical data 
2. Monitoring new and/or real-time data
3. Comparing new and old data patterns
4. Making assumptions to fill in the blanks – the unknowns 
5. Triggering an action when a pre-set threshold has been reached

As such, heuristics find application in machine learning (whitebox and blackbox alike), machine reasoning and related models, especially when they have to work with new and diverse data, big data and incomplete information. 

Sectors that employ heuristic rules regularly include fraud detection and prevention, cybersecurity, trading and finance, and increasingly others looking to make use of advanced tech in their efforts to scale up or simply increase productivity and efficiency.

Examples of Heuristic Rules

In fraud detection, heuristic rules can mean a system that blocks transactions quickly based on previously flagged data points such as user IDs, browser hashes, cookie hashes, email addresses – or even specific action sequences. 

Let’s break down a simple example: 

1. A fraudster signs up for an online casino, hoping to abuse the bonus system.
   
2. They have tried this before, but from a different device and a different email address – which they hope will conceal their intentions.
   
3. However, they are on the same IP address as the last attempt, provide almost the same home address, and they follow the same steps on the platform.
   
4. The system uses heuristics to consider how a lot of data points in the new attempt have been observed in a previous fraud attempt, filling in the blanks and making connections.
   
5. Based on these estimates, the risk tolerance threshold is reached and the system blocks the user.
   

In this example, the assumption is that because this exact IP address recently attempted fraud in the past by taking the same steps, its owner is now trying the same. 

This might be a false positive, but the risk analyst – after considering risk vs reward – has already decided they prefer false positives (blocking legitimate users) to false negatives (missing the opportunity to block fraudsters) in this particular company and scenario, and adjusted the tolerance threshold accordingly. 

This happens in the unlikely example that the fraudster’s household has a good user, or that the fraudster is operating from a shared internet access spot which good users have been using as well.

Simply put, they’re playing it safe. It is during browser and device fingerprinting that such data points are identified, with heuristics picking up from there to find connections and make assumptions.

When Are Heuristic Rules Useful?

Computer heuristics are particularly useful:

1. When speed is a priority
2. In real-time analysis
3. To facilitate decisions based on big data
4. For preliminary results to be manually reviewed later
5. To minimize system load 
6. To free up system resources for other uses
7. When there are a lot of unknowns 
8. To spot hidden connections a human wouldn’t be able to
9. To catch new variations not observed previously

Heuristic rules can be very useful as long as those who employ them are aware of their limitations and particularities, and select the right framework in which to use them. After all, heuristics involve trade-offs and educated guesses, not certainties. 

It’s worth noting that heuristic rules use algorithms that trade accuracy for speed. This makes them particularly useful for time-sensitive requests, for instance when trying to decide whether a transaction is fraudulent or not, as quickly as possible.

Heuristic reasoning is also ideal when we want to get a general assessment of a situation where there are no known algorithms that work, as Michael Apter noted in his seminal work, The Computer Simulation of Behavior, originally published all the way back in 1970.

Advantages and Disadvantages of Heuristics  

Speed, real-time monitoring and the ability to work with big data are the most notable advantages of heuristic rules in computing, cybersecurity and risk prevention. 

Importantly, they are a great solution for when we have incomplete information, as they’re more likely to detect new variations of past issues, combining huge sets of data points to spot connections and reach conclusions that, depending on the configuration, can help us err on the side of caution. 

Compared to traditional algorithms and decision making methods, heuristic rules involve more guesswork, cut corners and return more errors. Overall, they are known to produce less reliable, less accurate results, and they are prone to bias. 

However, keeping these characteristics in mind when configuring rules and setting up processes will help offset the inherent shortcomings of heuristic rules, enabling us to choose those situations in which heuristics are an ideal solution to speed things up and free up resources. 

Sources

Ericsson Blog: An introduction to machine reasoning in networks

Routledge: The Computer Simulation of Behaviour by Michael J. Apter

Related Terms

Related Articles