Chuck Everett at Deep Instinct dispels some of the myths surrounding deep learning and AI
Each year, a new ‘up and coming’ cyber-security solution is created and sold to the market as being the most effective technology yet. It’s unsurprising therefore, that different solutions often get banded together in the same category, as they are frequently promoted as working in similar ways.
As technology develops and subsets are created, the lines can become blurred between where the old technology ends, the new technology begins, and what is just marketing hype.
Machine learning and deep learning are prime examples of two technologies that get classed as one and the same. Both technologies are often positioned under the same umbrella term of artificial intelligence (AI), and are therefore often hyped as being the same technology.
The term AI is so frequently used in business, that leaders struggle to understand the differences between each solution. However, whilst deep learning is an advanced subset of machine learning, and they both use forms of mathematical algorithms to manage data classification, this is where the similarities end. Popping the hood on both technologies reveals the main differences in their associated uses to defend against cyber-threats.
Machine learning is commonly used in cyber-security solutions for detection and remediation. However, it’s limited in its preventative capabilities as it cannot detect and prevent attacks early in the ATT&CK chain and struggles to prevent newer zero-day threats emerging. Attacks are often completed before the machine learning systems classify them as malicious, and this can take up to several minutes or more.
Deep learning, however, is the superior design choice due to its ability to classify and prevent even the newest cyber-threats before they can run, in milliseconds. Sometimes referred to as ‘deep neural networks’, deep learning takes inspiration from how the human brain works and is a natural fit for cyber-security.
Getting to grips with true deep learning
There is still the perception that deep learning is essentially glorified machine learning. However, the fundamentals behind both technologies are vastly different and so must be appropriately distinguished.
Machine learning uses manual and supervised datasets fed into the models by human workers (manual feature engineering), to allow systems to make decisions with less human interaction.
Deep learning in contrast, uses autonomous processes modelled on the structure the human brain to input large amounts of raw data through layers to predict and classify information. Independently, the system then learns to identity and classify the malicious code and prevent attacks before they can even run. Over time, the more raw data the teams feed into the system, the smarter it will become at intuitively interpreting the type of new data and whether it is harmful or not.
Currently, 90 percent of cybersecurity executives and business leaders think that the technology used to defend against cyber-attacks is not effective enough. As the next evolution in intelligent security, deep learning offers a step forward in the advancement of cyber security defences.
However, the development process of deep learning technology is not simple. Huge sets of raw data are required for the system to begin the “training” process, as well as sufficient time and computational power for the system to differentiate the harmful data from the safe data. It’s not as easy as simply manually inputting datasets pre-labelled as malicious and benign, like you would with machine learning.
Deep learning is designed to complete this process independently without human interaction. It is this autonomy that demonstrates the true difference between deep learning and machine learning. The time and effort is certainly worthwhile, as it allows the system to predict and prevent attacks without the need for human interaction.
A preventative approach
The results speak for themselves. Whilst machine learning technology takes time, sometimes lasting several minutes to detect malicious code, deep learning can predict and prevent both known and unknown attacks, accurately identifying and preventing potential breaches in under 20 milliseconds.
Criminals are growing more sophisticated in their approaches every day, so businesses are in need of a solution that will prevent these attacks at the door before they get the chance to penetrate critical environments or infrastructures.
The bad news is that cyber criminals have cracked the code for machine learning and are now capable of fooling the ML-based system into classifying malicious code as benign. Criminals can evade the defences and create back doors into environments. Deep learning is naturally resistant on its own and can escape these criminal manipulations and adversarial attacks.
Applying deep learning to an existing security stack is the best approach and has proven to reduce the number of alerts received by a security team by over 25% percent. Security teams are therefore given back valuable time to spend on critical priority items, rather than having to filter through thousands of irrelevant security notifications every day.
Shaping the future
Having broken down the fundamentals of deep learning and how it differs from its predecessor, we can look ahead to how this predictive technology fits into the future of cyber-security. Companies around the world have already deployed deep learning within their own products, like Google, Tesla, and Microsoft. Specifically, within the cyber-security sector, we can expect to see rapid growth in deep learning solutions as the technology becomes more well-known and the benefits are better recognised.
However, there are a couple of major barriers currently delaying the progress of deep learning. Just like with machine learning and artificial intelligence, deep learning is also becoming a popular buzzword.
We’ve noticed more and more organisations releasing products with the word ‘deep’ at the front, but they simply don’t grasp what the true meaning of deep learning is and are just jumping on the marketing hype. This is one of the main obstacles facing companies investing in deep learning, in that there are so many misleading products on the market today.
As long as business leaders recognise the key difference between true deep learning and machine learning solutions, then they are taking the next vital step in the cyber-security journey. Machine learning requires human workers to manually input pre-classified datasets, whereas deep learning uses automatic processes that mimic the human brain to absorb and analyse huge amounts of raw data, leading to the machine being able to identify and classify malicious data, unsupervised.
Aside from the initial set up, human workers do not have to be involved in the deep learning process at all, as the system itself will instinctively ‘learn’ along the way and become more accurate as it learns. Deep learning, when applied with an existing security stack can deliver the critical prevention capability against the ever-increasing number of modern cyber-threats.
As criminals have now learned how to compromise machine learning, businesses need to swap out their legacy cyber technology for more innovative solutions that are capable of meeting dangerous cyber-threats.
Chuck Everette is Director of cyber security advocacy at Deep Instinct
Main image courtesy of iStockPhoto.com