Sometimes we do things “without thinking” and take for granted that we can do them. When you see a picture of a dog, you identify it immediately, in real-time and with high confidence. Even if a percentage of the pixels is modified, you will still easily recognize that the image is that of a dog, in no less time and in the same degree of confidence. This is not the case for cybersecurity solutions. Hundreds of thousands of new malware are launched daily, with nearly all of them based on small mutations of known malware (by some estimates the vast majority of new malware are mutated by less than two percent in comparison to known malware). Yet, many security solutions are incapable of detecting most of them. With so many breaches reported on almost a daily basis, is there a way to combat these zero-day threats? We believe that the answer is yes and it lies in applying deep learning.
Deep learning is a novel branch of artificial intelligence that is inspired by the brain’s ability to learn. Once a brain learns to identify an object, its identification becomes second nature — the dog is recognized. When applied to cybersecurity, deep learning facilitates new predictive capabilities of detecting, with unmatched accuracy, any type of cyber threat, including malware that has never been seen before.
Most current detection methods fail to detect new malware and APT (Advanced Persistent Threats, the most a sophisticated malware) because they rely on manually-tuned heuristics. More advanced solutions use manually selected features, which are then fed into classical machine learning modules to classify the file as malicious or legitimate (and even then the malware detection rates are abysmal). Several methods rely on running the malware in a sandbox environment to obtain more information about it. While this allows for more accurate detection it comes at the cost of protection, due to the time consuming process.
Deep learning has shown groundbreaking results, even compared to classical machine learning, in detecting first-seen malware, superseding any solution currently available on the market. In deep learning, it takes just a few milliseconds to feed the technology with raw data and pass it through the deep neural network to obtain the prediction. This enables not only detection, but also prevention in all cases (the moment a malicious file is detected; it is already removed as well). Our brain works in a similar way as well; it takes us a long time to learn something, but once we learn it, we can use it very quickly in prediction mode.
Furthermore, when applying deep learning, as opposed to machine learning, there is no need to conduct manual feature engineering. Instead, datasets of many millions of malicious and legitimate raw files are fed into the infrastructure, enabling deep learning to learn on its own the useful high-level, non-linear features necessary for accurate classification. Moreover, due to the input-agnostic nature of deep learning, any malicious file type (e.g., EXE, DLL, PDF, DOC, Android APK, etc.) is detected.
The application of deep learning to cybersecurity results in cutting-edge capabilities of highly accurate detection and real-time prevention – instinctive protection – on any device, platform, and operating system. Deep Instinct, the first company to apply deep learning to cybersecurity, is blazing the trail to a new level of protection that effectively overcomes the growing sophistication of cyber-attacks.