Deep learning is the most advanced subset of
artificial intelligence. Also known as “deep neural
networks,” it takes inspiration from how the
human brain works.
Namely, the more data that is fed in to the machine
the better it is at intuitively understanding the
meaning of new data. It therefore does not
require a (human) expert to help it understand
the significance of new input.
Data scientists prepare data samples that are used for training the deep learning neural network – the ”brain”. Those data samples contain millions of labeled files, malicious and benign – including malware “mutations”, scripts, macros etc.
The “self learning loop” is a process during which the “brain” is exposed to “raw data” of the files, learning to instinctively identify malicious code. Harnessing the power of GPUs (graphic processing units) dramatically shortens the training phase (24-48 hours, instead of months).
As the training phase goes by, the brain begins to instinctively detect and identify malware by scanning their “DNA” (raw data).
The brains reaches the prediction level. From now on it can predict whether or not a file is a threat. This works with any sort of files.
This phase compresses the brain with all its abilities into a lightweight powerful agent. Turning TeraBytes of insights into MegaBytes of instincts.
The agent is domain agnostic so it can be inserted into organization mobile devices, end-points and servers.
From now on the agent checks every file, script, macro etc. before it executes. The process is so fast (less than a millisecond) so it doesn’t effect the user experience or system performance.
The agent knows how to detect any type of malware – known, zero-days and APTs – so innocent files can run and malicious one will be prevented.
How does Deep Instinct use deep learning to
protect against zero-day threats?
Using deep learning software and technology, we are able to identify even the slightest mutations and evasion techniques, to detect and prevent zero-days and APTs in real-time.
Deep Instinct’s solution is based on a two-phase approach; similar to the way the brain learns and then acts in an instinctive mode.
• Training phase: The training process is performed with hundreds of millions of malicious and legitimate files that take place at Deep Instinct’s headquarters. The output of this process is the prediction model.
• Prediction phase: Once a device has the deep learning prediction model (D-Brain), it becomes an autonomous analysis entity, allowing it to predict in real-time malicious intents and prevent them at a pre-execution level. There is no need for any supplementary analysis in a remote server or sandboxing appliance.
The entire analysis and the determination of whether it is malicious or benign, are done on the device within milliseconds.
What is the difference between Deep Instinct
and sandboxing solutions?
Several years ago, sandboxing was the most innovative solution for detecting cyber threats. In time, hackers have learned to determine which features a sandboxing solution analyzes or detects when malware is running in a sandbox environment. 30% of zero-day attacks are sandboxing evasive, which means that malicious files can avoid sandboxing detection.
In addition, sandboxing solutions take a minimum of a few minutes to determine the maliciousness of unknown files; so the malware may cause delays when users are performing typical activities, such as receiving emails (attachments need to be analyzed by the sandbox prior to receiving the email). Deep Instinct’s solution only takes a few milliseconds to make this determination and therefore causes no discernable business interference.
Due to these delays, sandboxing solutions are typically implemented with detection-only capabilities.
How does Deep Instinct handle
Deep Instinct’s solution uses a technology that does not rely on known threat methods, such as signatures or heuristics. It detects malicious threats regardless of whether they are known or unknown. In fact, the solution does not even know whether the file is known or unknown.
Can Deep Instinct detect installed malicious
applications on iOS devices?
Yes. Deep Instinct can detect installed malicious applications on iOS devices.
Is there any training on the
No, Deep Instinct provides the customer with a solution that has already been trained and provides immediate protection. All training is performed at Deep Instinct’s lab.
Can Deep Instinct detect ARP poisoning,
SSL stripping or any other MitM attacks?
Sure. Deep Instinct can detect MitM attacks on Android and iOS devices.
How to Train a Neural Network?
Deep Instinct’s deep learning neural network algorithm sets it apart from anything offered by competitors, but creating a deep learning framework for cybersecurity isn’t easy.
First: The deep learning model needs data to train, but with more than 350K new types of malware generated daily, there are hundreds of millions of malicious data files in which to train.
Then: Finding the deep learning experts needed to develop the model is challenging because few know the technology well enough to be able to modify the algorithm for cybersecurity.
Finally: Deep Instinct creates its deep learning framework from scratch, which requires a software library that enables the writing of deep learning models, programming and running them.