Machine Learning vs. Deep Learning in Cybersecurity – Demystifying AI’s Siblings

Wednesday, June 13, 2018

Guy Caspi


Beginning in the 1950s, artificial intelligence (AI) was used as an umbrella term for all methods and disciples that result in any form of intelligence exhibited by machines. Today, nearly all software in every industry – especially in security – use at least some form of AI, even if it is limited to basic manually coded procedures. ESG research found that 12 percent of enterprise organizations have already deployed AI-based security analytics extensively, and 27 percent have deployed AI-based security analytics on a limited basis. It is expected that these implementation trends will only gain momentum in 2018.

During the past few years, the major subsets of AI – machine learning and deep learning – have progressed, transforming nearly every field they touch. Nowadays the terms “artificial intelligence, “machine learning,” and “deep learning” are used widely, however differentiating between the three, and knowing which is best for your business goals, can be confusing. To fully understand each term and what they mean, it’s worth taking a look at each subfield’s advantages and limitations.

The Challenges of Machine Learning

For the last 25 years, machine learning was the leading sub-field within AI. The technology allows computers to learn without being explicitly programmed and in the 2000s, machine learning methods completely dominated AI by outperforming all non-machine, learning based results.

Despite its success, the technology comes with obstacles, especially when applied to security. One of the major limitations of traditional machine learning is its reliance on feature extraction, a process through which human experts dictate what the important features (i.e., properties) of each problem are. This means that in order for a machine learning solution to recognize a malware, experts need to manually program the various features that are associated with a malware. For the cybersecurity field in particular, this means that solutions are limited in detecting unknown attacks. Due to the need for humans to define specific features, the features of attacks that haven’t been revealed yet still need to be analyzed, leaving them unable to be detected.

However, this reliance on human involvement introduces one of the biggest challenges of machine learning – the potential for human error. Given feature engineering requires a human domain expert to define features – features can often be overlooked. In thinking about the example of the malware given above, if during programming certain characteristics are omitted, the system breaks down. In order for a machine learning system to be accurate, human domain experts must be methodological in defining features, and continuing to define them. This is because machine learning is a linear based model, meaning the features selected by a human domain expert can only lean on simple linear properties. Given these confines, companies have been shifting to deep neural networks (DNN) to better secure their infrastructures and prepare for impending attacks.

Deep Learning Evolves

Deep Learning, also known as deep neural network, is a sub-field of machine learning, and takes inspiration from how our brains work.The big conceptual difference between deep learning and traditional machine learning is that deep learning is capable of training directly on raw data without the need for feature extraction. For example, when applying machine learning to face recognition, the raw pixels in the image cannot be fed into the machine learning module, but instead they must first be converted into features such as distance between pupils, proportions of the face, texture, color, etc. On the other hand, deep learning is capable of training directly on the raw data without any need for feature extraction.Additionally, deep learning scales to hundreds of millions of training samples, and continuously improves as the training dataset becomes larger and larger.

Over the past few years, deep learning has reached a 20-30 percent improvement in most benchmarks of computer vision, speech recognition, and text understanding – the greatest leap in performance in the history of AI and computer science. This is in part due to deep learning’s ability to detect non-linear correlations between data that are too complex for humans to define. Unlike traditional machine learning, deep learning supports any and new file types and has the ability to detect unknown attacks, a huge benefit to cybersecurity.

While these advantages surpass those of machine learning based solutions, deep learning does face some challenges. Researchers work with a very large data sample of millions of files to train the neural network and are dealing with highly complex algorithms. In many cases, deep learning is an “art” that relies on scientist’sexperience and knowhow, and unfortunately there is a scarcity of experts available.

The Impact of Deep Learning on Security

Deep learning has been implemented across a variety of industries making a big impact, especially in cybersecurity. The biggest malware attacks of 2017 – think WannaCry, NotPetya, DDoS incidents – made companies rethink their security strategies and reactive approach to future attacks. Throughout the cybersecurity industry, there is an ongoing need to respond to cyberattacks in real-time with minimal human interaction. As a result, organizations are turning to deep learning-based solutions due to the fact that eliminates human interaction.

Deep Learning’s ability to prevent new, never before seen malware in real-time without any human involvement, all while maintaining low false positive alerts, is a huge benefit to securing enpoint, mobile devices, data and infrastructures. After the malware is prevented, deep learning technology helps companies understand what kind of malware it is i.e. ransomware, backdoor or spyware to take further security actions needed. In most cases this takes experts to properly analyze the information, however deep learning software identifies and analyzes the data automatically, without any need for human involvement.

Similarly, the technology can be leveraged to determine where a specific attack originated from. In the past, this has been a difficult task for IT and Security teams to do for a variety of reasons. For example, each nation-state has usually more than one cyber unit that develops such advanced malware, rendering traditional authorship attribution algorithms useless. In addition, APT’s use state-of-the-art evasion techniques. However, DNN has the ability to learn high level feature abstractions of the APTs itself.

It will be exciting to observe deep learning’s continued success in security throughout 2018, and it won’t stop there. Beyond security, deep learning is revolutionizing many other industries, from climate mapping to combatting aging and disease – the implications of the technology are far reaching.

About the auyhor: Mr. Caspi is a seasoned CEO and leading global expert in cybersecurity, big data analytics and data science. A pioneer technologist by the world economic forum in Davos.

Possibly Related Articles:
Enterprise Security Security Awareness Vulnerabilities
Detection security analytics Machine Learning artificial Intelligence Deep Learning
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.