Machine Learning vs. Deep Learning in Cybersecurity – Demystifying AI’s Siblings

Beginning in the 1950s, artificial intelligence (AI) was used as an umbrella term for all methods and disciples that result in any form of intelligence exhibited by machines. Today, nearly all software in every industry – especially in security – use at least some form of AI, even if it is limited to basic manually coded procedures. ESG research found that 12 percent of enterprise organizations have already deployed AI-based security analytics extensively, and 27 percent have deployed AI-based security analytics on a limited basis. It is expected that these implementation trends will only gain momentum in 2018.

During the past few years, the major subsets of AI – machine learning and deep learning – have progressed, transforming nearly every field they touch. Nowadays the terms "artificial intelligence, "machine learning," and "deep learning" are used widely, however differentiating between the three, and knowing which is best for your business goals, can be confusing. To fully understand each term and what they mean, it's worth taking a look at each subfield's advantages and limitations.

The Challenges of Machine Learning

For the last 25 years, machine learning was the leading sub-field within AI. The technology allows computers to learn without being explicitly programmed and in the 2000s, machine learning methods completely dominated AI by outperforming all non-machine, learning based results.

Despite its success, the technology comes with obstacles, especially when applied to security. One of the major limitations of traditional machine learning is its reliance on feature extraction, a process through which human experts dictate what the important features (i.e., properties) of each problem are. This means that in order for a machine learning solution to recognize a malware, experts need to manually program the various features that are associated with a malware. For the cybersecurity field in particular, this means that solutions are limited in detecting unknown attacks. Due to the need for humans to define specific features, the features of attacks that haven't been revealed yet still need to be analyzed, leaving them unable to be detected.

However, this reliance on human involvement introduces one of the biggest challenges of machine learning – the potential for human error. Given feature engineering requires a human domain expert to define features – features can often be overlooked. In thinking about the example of the malware given above, if during programming certain characteristics are omitted, the system breaks down. In order for a machine learning system to be accurate, human domain experts must be methodological in defining features, and continuing to define them. This is because machine learning is a linear based model, meaning the features selected by a human domain expert can only lean on simple linear properties. Given these confines, companies have been shifting to deep neural networks (DNN) to better secure their infrastructures and prepare for impending attacks.

Deep Learning Evolves

Deep Learning, also known as deep neural network, is a sub-field of machine learning, and takes inspiration from how our brains work.The big conceptual difference between deep learning and traditional machine learning is that deep learning is capable of training directly on raw data without the need for feature extraction. For example, when applying machine learning to face recognition, the raw pixels in the image cannot be fed into the machine learning module, but instead they must first be converted into features such as distance between pupils, proportions of the face, texture, color, etc. On the other hand, deep learning is capable of training directly on the raw data without any need for feature extraction.Additionally, deep learning scales to hundreds of millions of training samples, and continuously improves as the training dataset becomes larger and larger.

Over the past few years, deep learning has reached a 20-30 percent improvement in most benchmarks of computer vision, speech recognition, and text understanding – the greatest leap in performance in the history of AI and computer science. This is in part due to deep learning's ability to detect non-linear correlations between data that are too complex for humans to define. Unlike traditional machine learning, deep learning supports any and new file types and has the ability to detect unknown attacks, a huge benefit to cybersecurity.

While these advantages surpass those of machine learning based solutions, deep learning does face some challenges. Researchers work with a very large data sample of millions of files to train the neural network and are dealing with highly complex algorithms. In many cases, deep learning is an "art" that relies on scientist'sexperience and knowhow, and unfortunately there is a scarcity of experts available.

The Impact of Deep Learning on Security

Deep learning has been implemented across a variety of industries making a big impact, especially in cybersecurity. The biggest malware attacks of 2017 – think WannaCry, NotPetya, DDoS incidents – made companies rethink their security strategies and reactive approach to future attacks. Throughout the cybersecurity industry, there is an ongoing need to respond to cyberattacks in real-time with minimal human interaction. As a result, organizations are turning to deep learning-based solutions due to the fact that eliminates human interaction.

Deep Learning's ability to prevent new, never before seen malware in real-time without any human involvement, all while maintaining low false positive alerts, is a huge benefit to securing enpoint, mobile devices, data and infrastructures. After the malware is prevented, deep learning technology helps companies understand what kind of malware it is i.e. ransomware, backdoor or spyware to take further security actions needed. In most cases this takes experts to properly analyze the information, however deep learning software identifies and analyzes the data automatically, without any need for human involvement.

Similarly, the technology can be leveraged to determine where a specific attack originated from. In the past, this has been a difficult task for IT and Security teams to do for a variety of reasons. For example, each nation-state has usually more than one cyber unit that develops such advanced malware, rendering traditional authorship attribution algorithms useless. In addition, APT's use state-of-the-art evasion techniques. However, DNN has the ability to learn high level feature abstractions of the APTs itself.

It will be exciting to observe deep learning's continued success in security throughout 2018, and it won't stop there. Beyond security, deep learning is revolutionizing many other industries, from climate mapping to combatting aging and disease – the implications of the technology are far reaching.

About the auyhor: Mr. Caspi is a seasoned CEO and leading global expert in cybersecurity, big data analytics and data science. A pioneer technologist by the world economic forum in Davos.

Copyright 2010 Respective Author at Infosec Island

via Infosec Island Latest Articles https://ift.tt/2MmJB6m
RSS Feed

If New feed item from http://www.infosecisland.com/rss.html, then send m

IFTTT

Comments

Post a Comment

Popular posts from this blog

Evernote cuts staff as user growth stalls

Image
Note-taking app Evernote has fallen on hard times of late, culminating in its latest spate of job cuts impacting 15 percent of its workforce (54 employees). CEO Chris O' Neil -- an ex-Googler who took the reins in 2015 -- announced the firings at an all-hands meeting earlier today, reports TechCrunch . In a message on the Evernote blog , O' Neill admitted he'd set "incredibly aggressive goals" for the company in 2018. He continued: "Going forward, we are streamlining certain functions, like sales, so we can continue to speed up and scale others, like product development and engineering." The layoffs follow an exec exodus just weeks ago and the company's recent brand refresh (complete with a refined logo and wordmark). But critics are more concerned about its product, especially the free tier, which they claim lacks the perks to
Read more

The best air conditioner

Image
By Liam McCabe This post was done in partnership with Wirecutter . When readers choose to buy Wirecutter's independently chosen editorial picks, it may earn affiliate commissions that support its work. Read the full article here . After six summers of researching, testing, and recommending window air conditioners, we've learned that quiet and affordable ACs make most people the happiest—and we think the LG LW8016ER will fit the bill in most rooms. This 8,000 Btu unit cools as efficiently and effectively as any model with an equal Btu rating, and runs at a lower volume and deeper pitch than others at this price. Little extra features like a fresh-air vent, two-axis fan blades, and a removable drain plug help set it apart, too. The LG LW8016ER is a top choice for an office or den, and some people will find it quiet enough for a bedroom, too. If our main pic
Read more

We won't see a 'universal' vape oil cartridge anytime soon

Image
Pre-loaded cartridges of cannabis concentrate are currently among the most popular means of consumption, and for good reason. They're discreet to use and easy to handle, a far cry from the dark days of 2016 when we had to dribble hash oil or load wax into narrow-mouthed vape pens by hand. But, frustratingly, an ever increasing number of oil cartridge manufacturers employ one-off design standards so that their products won't work with those of their competitors, thereby locking customers into proprietary ecosystems. We've already seen this with nicotine vaporizers -- which has a seen a massive rise in "pod systems" in the last few years, each outfitted with a unique canister and battery built to be incompatible with those of their competition. Is it too late for the burgeoning cannabis industry to set a universal standard for their product designs?
Read more