Applying Deep Learning to Cybersecurity

Applying Deep Learning to Cybersecurity

Written by  Guy Caspi, CEO, Deep Instinct

The reality of “not if but when” approach to cybersecurity breaches that companies have come to adopt stems from a variety of valid reasons, not for lack of effort on their part. Zero-day threats are growing at an exponential rate; Advanced Persistent Threats (APT) – the most advanced malware, are no longer only the concern of nation-state cyber-attacks; hackers are becoming more sophisticated, and cybercrime-as-a-service has become more accessible to criminals who can now easily purchase DIY hacking kits for prices as low as $500. The defense against these developments continues to lag behind, lacking true protection in real time. However, recent developments in algorithmic research and hardware, are paving the way for a solution: deep learning.

The progression of cybersecurity solutions

The detection capabilities of malware have evolved over the years. Signature-based solutions (legacy solutions) have remained largely unchanged in their protection methods. In signature-based solutions, the antivirus engine compares the contents of an unidentified piece of code to its database of known malware signatures. If the malware has not been seen before, a handcraft signature is generated using manually-tuned heuristics, which is then released as an update to clients. Since this process is time consuming, signatures are sometimes released months after initial detection. This method cannot keep up with the million new malware created daily, leaving organizations vulnerable to the new threats, even those already detected.

Heuristics techniques identify malware based on the behavioral characteristics in the code. This has led to behavioral-based solutions that base their detection of malware on its behavior at run time, as opposed to analyzing the characteristics in the malware’s code. These solutions provide partial protection because they are limited to detecting malware only once its malicious actions have begun. Thus, prevention only occurs at a later stage, often when it’s too late.

Instead of detecting the malware’s behavioral fingerprint at runtime, newer and more sophisticated sandboxing solutions rely on running the malware in a virtual (sandbox) environment to obtain more information about it and determine whether it is malicious or not. While this allows for more accurate detection, it is achieved at the cost of genuine protection due to the time-consuming process that thwarts instant prevention once malware has been identified. Furthermore, some newer types of malware can evade sandbox detection by means such as stalling code.

More advanced solutions flaunt artificial intelligence’s machine learning technology. These solutions apply elaborate algorithms to classify a file’s behavior as malicious or legitimate according to manually selected features, providing more sophisticated analyses and detection capabilities. However, this process is time-consuming and requires massive human resources to manually teach the technology on which parameters, variables or features to focus for file classification. Furthermore, the rate of malware detection using this technology, although much higher, is still lacking.
Therefore, even with newer solutions applying more sophisticated technologies with better detection rates, prevention is delayed or detection is far from optimal, leaving organizations exposed to data breaches, data theft, seizure for ransomware, data corruption, and infections.

Protecting Against Cyber-Attacks with an Artificial Brain

While deep learning has successfully been applied to computer vision, speech, and text understanding, cybersecurity is a challenging domain which deep learning can potentially revolutionize. Deep learning is a novel branch of artificial intelligence that is inspired by the brain’s ability to learn to identify an object, turning its identification into second nature. Using powerful GPUs, large-scale neural nets are trained with billions of synapses that process raw data for less time in the past and with higher accuracy. This is very similar to the way our brain learns; it is fed with raw data from our sensory inputs and learns the high level features on its own.

When applied to cybersecurity, instead of conducting manual feature engineering as is done in machine learning, datasets of many millions of malicious and legitimate files are fed into the deep learning core engine. This enables self-learning on the useful high-level, non-linear features necessary for accurate classification. Furthermore, since deep learning is data-agnostic, the technology is fed with hundreds of millions of files of any type. The result of the training is a prediction model that can instinctively detect any malicious file type, even if it is an entirely new one or slight modification to an existing one, that has never been seen before. This immediate detection enables instant blocking on the threat, resulting in thorough real-time protection. In cybersecurity, deep learning has shown groundbreaking results vs. classical machine learning in detection of first-seen malware, on any device, platform, and operating system, superseding any solution currently available on the market.

Summary of the article that incorporates the article key words and author’s name

Current cybersecurity solutions fail to fully protect against new and sophisticated cybersecurity attacks. Applying deep learning, a novel branch of AI, enables real-time protection against unknown and evasive cyber-attacks from any source, providing unprecedented protection. Guy Caspi is CEO of Deep Instinct, the first company to apply deep learning to cybersecurity, offering real-time detection and prevention of zero-day threats and APT attacks with unmatched accuracy.


Guy Caspi – CEO – Guy Caspi is a leading mathematician and a data scientist global expert. Mr. Caspi has 15 years of extensive experience in applying mathematics and machine learning in a technology elite unit of the Israel Defense Forces (IDF), financial institutions and intelligence organizations around the world. He also led some of the largest government cyber and Big Data projects in Israel and other countries. In addition, Mr. Caspi was the president and general manager of a leading division at Comverse/Verint Group. He brings substantial management background in leading innovative technological challenges from R&D through commercialization. Mr. Caspi holds B.Sc., M.Sc., and MBA degrees in Mathematics, Machine Learning and Business from leading universities in Israel and the U.S.

Leave a Comment

Your email address will not be published. Required fields are marked *