Deep Learning App Targets Malware
Deep Instinct has designed a program which identifies bad code on it’s own, as opposed to most programs requiring someone to tell them that something is malicious. It works with a technology called “deep learning” which “draws its inspiration from the human mind. It organises itself into a structure of synthetic neurons,” explained Bruce Daley, principal analyst at Tractica.
Classical neural networks in the 1980s and 90s had one or two layers of several hundred neurons. Now with advances in hardware, processing power and algorithms, deep neural networks that are more than 10 layers deep with hundreds of millions of neurons can be created. This power can be harnessed to approach software development in a different way.
“With traditional programming, as you code, you have to anticipate all the situations that arise that you have to deal with. What deep learning does is take the data and build a model from what it finds in the data that’s statistically relevant,” Tractica’s Daley said.
An example involves chess players and chess programs. Computer chess masters play the game by brute forcing every move. This a person can’t do, however chess masters have held their own against computers and with deep learning, the program approaches a problem more like the chess master than chess program.
This method of thinking can be very important in a security app, as a slight change in malicious code can fool a program.
Deep Instinct’s security solution has a small agent, it takes up about 10MB of memory, and is installed on each endpoint with deep learning technology in it.
“Most of the time this agent does nothing. When it detects a new file, any type of file, it passes it through the deep learning module on the device. If the file is malware, it will remove it or quarantines it,” David said. It currently has a 98 to 99 percent detection, as opposed to the 79 percent detection rate of other solutions.
It requires a network appliance. It is used for collecting information so a network administrator can have a bird’s-eye view of a network down to the individual user. It’s also used to upgrade the agents on the endpoints.