FOR EFFECTIVE CYBERSECURITY, A GENERIC DEEP LEARNING FRAMEWORK JUST ISN’T ENOUGH

FOR EFFECTIVE CYBERSECURITY, A GENERIC DEEP LEARNING FRAMEWORK JUST ISN’T ENOUGH

Mar 7, 2018

Not All Frameworks Were Created Equal

A house is a house, right? And a car is a car? Well, that doesn’t appear to always be the case. They both might seem to suit every purpose. But, they don’t.

For example, the house that is suitable for urban living won’t fair well as a beachside getaway. The windows will need to be much bigger to let in the light, view, and breeze. You would also need to consider building the beachfront abode on stilts to protect against the risk of flooding or storm surge. And, as an ocean front property owner – you will also need to take precautions and protect your home against salt air corrosion.

Clearly, not every house can be a beach house.

Same goes for cars. While there are many modern road cars that offer race car-level performance, the engineering behind each of these is very different. Race cars are designed to be driven in demanding conditions for short periods of time. Everyday cars, on the other hand, need to perform for many more miles with minimal maintenance.

The framework for houses and cars may seem to be generic and equally applicable for multiple purposes. The reality, however, is very different. For more demanding and specific applications, a new kind of engineering is required.

This is also the case with deep learning frameworks. Not every framework is suitable for cybersecurity. The reality, here too, is very different.

Let’s take a closer look.

A Quick Deep Learning Primer

But first, a quick primer about deep learning (DL) and its benefits for cybersecurity.

Deep learning is the most advanced subset of artificial intelligence (AI), going much further in its capabilities and performance than machine learning. Deep learning takes inspiration from the way the human brain works, where raw input (e.g., pixel color) is fed into  layers of neurons (mathematical functions) connected to each other, where each layer builds higher and higher abstractions of the low level features (Pixel -> Edge -> Texton -> Motif -> Part -> Object) in turn, which is eventually used for the task at hand (object recognition).”That is, it can learn independently and intuitively, automatically delivering predictions, without the need for the intervention and training by an expert, as is the case with machine learning.

Deep learning is so effective, in fact, that is seeing a 20%-30% performance improvement across most benchmarks in computer vision, speech recognition, and text understanding. Thus, with unprecedented speed in delivering the highest accuracy levels with the lowest false positives – it is the optimal approach to many applications, including cybersecurity.

How Deep Learning Applications Are Developed

There are many consumer and business areas today that are using deep learning. For example, image recognition (e.g. for Facebook’s face recognition and for refining Google’s image search results’ accuracy), augmented reality games, autonomous cars, and more.

When looking to develop a deep learning application, there are a number of publicly available Deep Learning frameworks, including TensorFlow by Google (probably the most popular), PyTorch by Facebook, and CNTK by Microsoft

The availability of these frameworks has significantly boosted research in deep learning, as they enable applications and programs to be implemented directly on these frameworks and experiments to be executed without having to write a single line of low-level code on the GPUs.

While these frameworks certainly do have their advantages for research, the downside for cybersecurity is that they cannot serve as an effective neural network for learning and predicting cyberattacks.

The Limitations of Generic Deep Learning Frameworks

The three main limitations of such generic frameworks for cybersecurity are:

They Are Inefficient with Predictions

Publicly available frameworks cannot deliver on the special performance requirements for the predictions that cybersecurity demands. This is because these frameworks usually require dedicated hardware to enable real-time predictions. However, when Deep Learning application moves from development to the real world, running on devices with standard CPUs, and without the support of the dedicated hardware, performance is naturally limited – as is the ability to deliver accurate and timely predictions of cyberattacks.

They Are Not Production Ready

The publicly available frameworks noted above are mostly research vs. production oriented. This means that many features that are relevant for research are added. But, these same features harm performances. For example, the features that may enhance translation programs, working at speeds of 0.1 or 0.2 seconds, which provides reasonable performance when running on a single file at a time, result in a performance penalty in terms of speed and memory, when running on thousands of open files at any given point, as well as their dependence on dozens of external libraries.

Furthermore, , among many others, require a large memory footprint. While this may not be a big concern for research-driven activities, this can certainly be prohibitive in production environments, as they present a heavy workload on servers and low power laptops.

An additional implication of the research orientation of these frameworks is that the algorithms used in the cybersecurity field are not yet implemented in the publicly available frameworks.

They Are Not Sufficiently Secure

Finally, the generic deep learning frameworks have many features which provide a large attack surface, making them more vulnerable to the very cyberattacks developers would be aiming to prevent.

Deep Instinct’s Neural Network: Specifically Designed for Cyber

Developed by the company’s big data engineers, data scientists and mathematicians together with our cyber research team, Deep Instinct offers the first and only deep learning framework that is specifically designed for cybersecurity. Our proprietary deep learning computing infrastructure and algorithms are optimized for detecting and preventing cyber threats, overcoming the main limitations of publicly available deep learning networks:

  • Highest accuracy with real-time predictions
  • Optimized for inference mode
  • Designed for commercial production
  • Highest levels of security

With this unique deep learning framework, our solution provides end-point and mobile prevention and detection-and-response, against any file-based or file-less attack, for every operating system, on any device, in one unified platform, delivering unmatched accuracy and efficacy.

To learn more about how Deep Instinct can help you prevent what others can’t find, we invite you to reach out to us at contact@deepinstinct.com.