TEL AVIV - In the past few years, end-to-end applied deep neural networks have resulted in some of the most mindboggling breakthroughs in computer vision, speech recognition, and text understanding. One domain after the next is producing amazing breakthroughs, from machine vision
to speech and text recognition.
Applying deep neural networks to cybersecurity, however, isn’t easy—and that’s largely thanks to the data in question.
[caption id="attachment_11218" align="alignleft" width="300"] Dr. Eli David, PhD - CTO and Co-Founder of Deep Instinct[/caption]
Founded three years ago, Deep Instinct claims to be the first company to apply deep learning to cybersecurity. The company has created a proprietary deep learning framework from scratch to meet the specific needs and requirements of cybersecurity, with a focus on endpoint and mobile security.
Following their awards for ‘Best Deep Learning Company’ and ‘Most Disruptive Startup’ at NVIDIA’s 2017 Inception Awards late last year, we caught up with Eli David, Deep Instinct CTO and Co-Founder, to find out why cybersecurity is such a ripe field for AI. From his office in Tel Aviv, he explained to us why deep neural networks hold the key to the future of cybersecurity - and why, in his 15 years of deep learning research, the advances being made today are so unprecedented.
Deep learning for cybersecurity
While machine vision applications can easily sift through image data, or speech recognition can integrate human voice into conventional neural network architectures, cybersecurity is a different kettle of fish altogether—and that’s because for a cybersecurity application to be effective, it must be able to test the entirety of any dataset for weaknesses or exploits.
“When you’re using traditional machine learning, whether that’s for vision, for speech, or for text, you must conduct feature engineering first,” David says. “If you’re using machine learning to detect a malicious executable file, you have to decide in advance what the important features to look out for are. In cybersecurity, we are working with different file formats, file sizes, and applications.”
Machine learning techniques look for the key features within datasets. These are narrowly defined by human operators, meaning that much of the granularity of a dataset is easily missed out. This, David explains, is part of the reason that it is so easy for adversaries to evade detection.
“Imagine you have a big executable file. By performing traditional machine learning, you’re only looking at several hundred feature locations within the file, and you can quite easily disregard most of the raw data. So it’s quite easy for the attacker to very slightly modify the raw data and evade detection,” says David. “On the other hand, end-to-end deep learning applied to raw data does not require feature extraction. Traditional machine learning solutions tend to do much better than antivirus solutions, but in our case, we have an even bigger margin over traditional machine learning solutions.”
Every single byte
The key advantage of deep learning for cybersecurity is that deep neural networks are able to process every single raw byte within a file without ignoring anything. They are capable of looking at entire datasets and finding very complex relations within those datasets, whereas traditional machine learning only examines a small set of human specified, linear features.
Implementing deep learning for cybersecurity isn’t easy, though. Whereas frameworks for machine vision and voice recognition abound through open source APIs and publicly available cloud services, David explains that the moment you modify a conventional deep learning method for cybersecurity purposes, you have to abandon publicly available frameworks altogether. This is why Deep Instinct had to spend over a year developing their own, entirely new deep learning framework.
“Taking the family of the most complex algorithms, modifying them for a new domain to be able to apply complex data, and then implementing directly on low-level hardware… that is a very difficult task. On top of that, we had to make sure that we can put a neural network on the device itself, whether it’s a laptop, desktop, mobile, or the IoT.” This, David says, is the reason why NVIDIA were so excited by what Deep Instinct are doing—and why they selected the firm as the best deep learning company of 2017.
Enterprises at risk
The opportunity for enterprises today is huge, thanks partly to the advances being made by companies like Deep Instinct, but also by a major shift in attitude among executives in some of the world's biggest companies. "Two years ago, many senior executives from the largest companies in the world were not convinced that they needed additional protection for end-point and edge devices. Many believed that merely having antivirus protection was sufficient. Major ransomware exploits in the last year caused unbelievable damage to enterprises as a result, including 200 million dollars worth of damages to Maersk, the world's largest shipping firm. These kinds of attacks will never be detected by traditional antivirus."
[caption id="attachment_11221" align="aligncenter" width="660"] Last year's ransomware attacks, such as the Wanna Cry exploit (pictured), caused hundreds of millions of dollars in damages to businesses.[/caption]
"Two years on, the market is completely educated. Today, you won't come across any senior executive in any large company that does not have at least an additional endpoint solution designed to detect new malware. CIOs and CSOs today actively test to see which solutions are better. My recommendation to them, and to any medium and small businesses too, is to actively test anyone who has claims that seem very promising - including us. Measure their solutions' detection rates, false positives, performance, and reaction times. Doing all these tests are not complex - they take a few hours - and you can very quickly reach a conclusion as to which is the best designed solution for them."
David points out that despite the catastrophic damage caused by last year's ransomware attacks, these were not targeted malware attacks. The attackers used exploits from Wikileaks and started attacking attacking people randomly. "Imagine how devastating it could be if these were specifically targeted at a certain company. This is the trend we're seeing: attacks are becoming much more sophisticated and much more damaging."
Based in London, Ciarán Daly is the Editor-in-Chief of AIBusiness.com, covering the critical issues, debates, and real-world use cases surrounding artificial intelligence - for executives, technologists, and enthusiasts alike. Reach him via email here.