Deep learning is the most advanced subset of
artificial intelligence. Also known as “deep neural
networks,” it takes inspiration from how the
human brain works.
Namely, the more data that is fed in to the machine
the better it is at intuitively understanding the
meaning of new data. It therefore does not
require a (human) expert to help it understand
the significance of new input.
Data scientists prepare data samples that are used for training the deep learning neural network – the ”brain”. Those data samples contain millions of labeled files, malicious and benign – including malware “mutations”, scripts, macros etc.
The “self learning loop” is a process during which the “brain” is exposed to “raw data” of the files, learning to instinctively identify malicious code. Harnessing the power of GPUs (graphic processing units) dramatically shortens the training phase (24-48 hours, instead of months).
As the training phase goes by, the brain begins to instinctively detect and identify malware by scanning their “DNA” (raw data).
The brains reaches the prediction level. From now on it can predict whether or not a file is a threat. This works with any sort of files.
This phase compresses the brain with all its abilities into a lightweight powerful agent. Turning TeraBytes of insights into MegaBytes of instincts.
The agent is domain agnostic so it can be inserted into organization mobile devices, end-points and servers.
From now on the agent checks every file, script, macro etc. before it executes. The process is so fast (less than a millisecond) so it doesn’t effect the user experience or system performance.
The agent knows how to detect any type of malware – known, zero-days and APTs – so innocent files can run and malicious one will be prevented.
How does Deep Instinct use deep learning to
protect against zero-day threats?
Using deep learning, we are able to identify even the slightest mutations and evasion techniques, thus detect and prevent Zero-Days and APT in real-time.
Deep Instinct’s solution is based on a two- phase approach, similar to way that the brain learns and then acts in an instinctive mode:
• Training phase: The training process is performed with hundreds of millions of malicious and legitimate files that takes place at Deep Instinct’s headquarters. The output of this process is the prediction model.
• Prediction phase: Once a device has the deep learning prediction model (D-Brain), it becomes an autonomous analysis entity, allowing it to predict in real-time malicious intents and prevent them at a pre-execution level. There is no need for any supplementary analysis in a remote server or sandboxing appliance.
The entire analysis and the determination of whether it is malicious or benign is done on the device within milliseconds.
What is the difference between Deep Instinct
and sandboxing solutions?
Several years ago, sandboxing was the state-of-the-art solution for detecting cyber threats. However, hackers have learned to determine which features the sandboxing solution analyzes or detect when a malware is running in a sandbox environment. 30% of zero-day attacks are sandboxing evasive, which means that malicious files can avoid sandboxing detection.
In addition, sandboxing solutions take a minimum of a few minutes to determine the maliciousness of unknown files; so the malware may create delays performing typical activities, such as receiving emails (attachments need to be analyzed by the sandbox prior to receiving the email ). Deep Instinct’s solution only takes a few milliseconds to make this determination.
Due to these delays, sandboxing solutions are typically implemented with detection-only capabilities.”
How does Deep Instinct handle
Deep Instinct’s solution uses a technology that does not rely on known threat methods, such as signatures or heuristics. It detects malicious threats regardless of whether they are known or unknown. In fact, the solution does not even know whether the file is known or unknown.
Can Deep Instinct detect installed malicious
applications on iOS devices?
Yes. Deep Instinct can detect installed malicious applications on iOS devices.
Is there any training on the
No, Deep Instinct provides the customer with a solution that has already been trained and provides immediate protection. All training is performed at Deep Instinct’s lab.
Can Deep Instinct detect ARP poisoning,
SSL stripping or any other MitM attacks?
Sure. Deep Instinct can detect MitM attacks on Android and iOS devices.