Deep Learning

Figure 1-1: Deep learning, a subset of a subset of AI.

What is Deep Learning?

Deep learning is an advanced branch of artificial intelligence (AI), and is inspired by the brain’s ability to learn. Once a brain learns to identify and object, its identification becomes second nature. Deep learning is a great name for this dazzling variety of AI, because it implies the computer is doing pretty much what our brains do. The computer is learning, not just memorizing or following rote instructions, but looking at something it doesn’t know and truly learning all about it. On its own.

What is Deep Learning for Cybersecurity?

Deep learning, when applied to cybersecurity, is using neural networks to instinctively and autonomously predict threats to stop unknown malware and zero- day attacks by identifying and preventing them before they can execute and enter an environment.

There are only six major Deep Learning frameworks in the world — and only one dedicated to cybersecurity: Deep Instinct. The power of Deep Instinct rests in our ability to understand and identify the DNA of an attack – detecting and stopping it before it can execute on an endpoint.

How Does Deep Learning Work in Cybersecurity?

On the face of it, deep learning addresses all the limitations of traditional machine learning in cybersecurity. Specifically, deep learning processes raw data and does not rely on feature extraction. That doesn’t make it easy, though. Applying deep learning is much more challenging in the domain of cybersecurity.

For example, unlike in computer vision, where different image sizes can be adjusted to a pre-specified size and fed into a neural network, a computer file can be of any size, from a few kilobytes up to many gigabytes. Also, different file formats have different file structures, and none of these structures has any obvious local correlations that could be used by neural network types such as convolutional neural networks.

Despite these challenges, deep learning has been successfully applied to cybersecurity. Deep Instinct has demonstrated how a dedicated deep learning framework adapted specifically for cybersecurity can overcome difficulties and can train a deep learning model on raw files. The training phase is performed in the laboratory, using hundreds of millions of malicious and legitimate files of different file formats.

This training process takes only a single day or so using GPUs (graphics processing units). After the training has converged, the resulting deep learning model is only a few tens of megabytes in size, and it can provide a prediction for any given file within a few milliseconds. And it achieves that speed on the average CPU. The GPU is used only in the training phase, not the prediction phase. Because of that, it can be deployed on any endpoint using only a negligible amount of resources, and provide full pre-execution prevention.

The deep learning-based model is capable of obtaining a much higher detection rate and a much lower false positive rate for new, previously unseen files, when compared with the best traditional machine learning solutions available. And because deep learning is agnostic to file types, it can be applied to any file format, and even to any operating system, without requiring substantial modifications or adaptations. Compare that to traditional machine learning, where each effort pretty much has to start from scratch, and you can see one more reason why deep learning is so powerful.

In addition to determining whether a file is malicious or not, deep learning can be used to identify what type of malware it is (for example, ransomware or Trojan).

How Does Deep Instinct Use Deep Learning?

Deep Instinct's core technology is called Deep Learning. Similar to the brain, as Deep Instinct's artificial brain learns to detect any type of cyber threat, its prediction capabilities become instinctive. As a result, zero-day threats and APT attacks are immediately detected with unmatched accuracy and prevented.

Deep Instinct’s Deep Learning Framework

Deep Instinct’s pioneering use of deep learning prevents >99% of unknown threats and is incredibly precise, ensuring false positives remain <0.1%. Deep learning is not dependent on human-led feature engineering, nor does it require frequent updating to maintain an extremely high level of prevention efficacy.

Deep Instinct’s deep learning framework is protected by five international patents and our relentless pursuit of cybersecurity innovation ensures we will maintain a distinct competitive advantage around deep learning moving ahead.

Related Resources