Congratulations! Now Smarter Than Ever, We Got a New Brain!

Dec 2, 2018

By: Shimon Noam Oren

We’re excited to announce the release of a new and updated D-brain version!

D-Brain is a critical part of Deep Instinct’s Deep Learning based malware detection and prevention engine. D-Brain, built of Deep Instinct’s proprietary deep learning architecture, is the core component of our cybersecurity solution. D-Brain provides unparalleled accuracy in known and unknown malware detection and prevention and covers a wide range of attack vectors and file types. A new D-Brain version with new capabilities and improved performance is now released as part of our continued efforts to provide the best malware prevention and detection available.

Background

D-Brain training cycles, in which millions of benign and malicious samples are fed into deep neural network architecture, occur in Deep Instinct’s labs. In the training process D-Brain learns to identify, recognize and distinguish between malware and good-ware. This process happens only a few times a year due to deep learning’s powerful prediction capabilities and resilience to the ever-changing threat landscape.

The end- result of a training cycle is a production-ready D-Brain. D-Brain containing a trained neural network, can then be deployed, and run in prediction (inference) mode. Prevention and detection decisions made by D-Brain are used to prevent and detect the newest, most evasive and most challenging attacks in today’s threat landscape, across multiple file types, ranging from PE (executables, DLLs, drivers) to document files and additional formats carrying sophisticated exploits. D-Brain is used to prevent even the most unique and rare attack vectors such as exploits in malicious font and TIFF files.

From Collection to Training in Deep Instinct’s deep learning architecture of neural network

Data Collection and Labeling

Data-sets used for training the latest D-Brain version were sourced from a sample collection that includes well over a billion files, both malicious and benign. This sample collection, along with all associated metadata, file reputation and prevalence data is processed, labeled and stored in D-Cloud, Deep Instinct’s threat-intelligence and file reputation cloud. D-Cloud is continuously fed with samples and metadata from many different threat intelligence and file reputation sources. D-Cloud’s wide accessibility and accurate triage and classification schemes, enable us to create training data-sets which are not only extensive in numbers, but also highly accurate in labeling, and provide the widest possible coverage of the threat landscape from various aspects such as attack vectors, threat actors, regions, mutations and more.

Challenging the Brain

In addition to collecting massive amounts of in-the-wild malware, we challenge D-Brain as it’s trained even further, by introducing never-seen-before and highly evasive samples and exploits. These samples are curated based on several sources: unique access to dark-web forums and communities, publicly available malware which we independently mutate, and our very own home-made, self-developed (never to be used ?) malware.

Deep Learning and Training infrastructure

Publicly available DL frameworks are not intended and indeed cannot deliver the performance, adaptation, scale and data-handling requirements for cyber-security related implementations. Therefore, Deep Instinct, has internally developed an end-to-end deep learning framework customized to meet cybersecurity needs and deliverables. Our deep learning framework allows us to train on hundreds of millions of files in a matter of 24-48 hours.

Latest improvements introduced to the framework make it faster than ever and more robust. During the creation of the latest D-Brain version, multiple training cycles based on a few dozen different data-sets were run, which resulted in dozens of different neural network model versions. We selected the very best D-Brain version for production release.

Performance and detection capabilities

Here are just a few examples for some of the improvements and capabilities of the new D-Brain version:

Office and RTF

D-Brain detects the newest, most widely used and most challenging threats and exploits found in today’s landscape of document-based attacks, including those based on embedded or dynamically loaded OLE objects. The detection of more traditional malicious document using Macros (VBA) and older Office/RTF related exploits is higher than ever. The unparalleled detection is matched with a false-positive rate as low as several digits after the percentage point.

PE files

D-Brain now demonstrates detection rates that are better than ever, across threat types, attack vectors and threat-actors. This ranges from simple unwanted applications (PUA) to sophisticated ransomware, crypto-miners, financial malware and APTs. In addition, accuracy has been improved in the PE landscape as-well, with false-positive rates lower by an order of magnitude compared to competing solutions.

Summary

D-Brain is the only static engine that is purely based on deep learning and has the widest coverage of the threat landscape based on artificial intelligence. D-Brain 109 is another milestone in our continued efforts to provide the best prevention technology ever.

 

Do learn more about deep learning architecture and neural networks, and how it is reinventing prevention – download this free whitepaper >>

New call-to-action