'Deep Learning' Technology Sees Through Security Software Blind Spots

NEWS ANALYSIS: There are many things that your current security software simply can't see and stopping emerging threats requires a new approach.

Deep Learning 2

A week ago I got a surprise in my email. Someone sent me a gift of malware that purported to be a scanned fax, but which really was a JavaScript file that would download malware to my computer if I clicked on it.

Fortunately, my instincts took over and I was immediately suspicious of the attachments and instead of executing the JavaScript, I inspected it, then sent it off to others for a more thorough look.

It's worth noting that none of my antivirus packages picked up on this malware. Norton Internet Security, for example, said when I scanned it that the file was perfectly safe. Of course it wasn't, and this pointed out the reason why you can't put all of your trust into malware scanners that depend on signature scanning.

But that experience also points out why your instincts can play a vital role in security. Unfortunately, one person's instincts, which are based on that one person's experience, can't possibly detect all of the malware that's out there.

But there's a way that instincts can play a critical role in defeating malware and cyber-attacks, and that's to teach instinctive behavior to a powerful computer and then find a way to share everything there is to know about malware and cyber-attacks with that computer.

This is basically what Israel-based cyber-security company Deep Instinct is trying to do in its effort to apply deep machine learning to security. Deep learning is an area of artificial intelligence in which vast quantities of data are loaded into a computer, which then works to determine what is significant in the data by looking for connections in the way the data behaves.

According to the company's CTO, Eli David, the company loads decomposed examples of every piece of malware it can find into its deep learning software, which looks for connections and characteristics in the malware so that it can learn what malware looks like in the real world.

The difference is that the deep learning process isn't the same thing as searching for signatures. The idea instead is to determine what a wide range of malware has in common so that it becomes possible to identify malware just by looking at its components.

Dr. David compared it to being able to identify a photo of a cat by being able to see only portions of a photo of a cat. Once certain characteristics of the cat can be seen, such as the shape of an ear, the pupil of an eye or the pattern of the fur you can tell that it's a cat. You don't need to see the whole thing or wait to hear the meow to know this.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...