Deep learning and machine learning to transform cybersecurity
By Soumik Roy
CYBERSECURITY specialists have been betting on artificial intelligence (AI) to defend their organizations against sophisticated cyberattacks for quite a while now — and it seems as though deep learning and machine learning have the potential to deliver.
AI is a broad term that encompasses computer vision, machine learning, and deep learning, and generally offers the ability to mimic human actions, intelligently, and at incredible speed.
For hackers trying to “guess” a password, it means AI can not only use “trial and error” to break into a victim’s account much faster but also do it intelligently so that that the account doesn’t get locked before the right password is guessed.
On the other side of the fence, or network, cybersecurity professionals didn’t immediately benefit from AI because systems in place don’t automatically lend themselves to the technology — however, experts bet on two niche elements of AI to find a solution.
Those niche areas are machine learning and deep learning.
Machine learning, simply put, is an algorithm that learns from a chunk of structured, labeled data to produce insights.
In the world of cybersecurity, for example, machine learning can help spot anomalies in user behavior or network usage because the range of what’s possible is quite limited — enough for training data to be structured and labeled sufficiently well.
Deep learning is generally considered similar to a human where the algorithm doesn’t need structured data to learn something.
For example, in the world of cybersecurity, if a deep learning algorithm is shown a number of examples of what good user and device behavior look like and what malicious user and device behavior look like, it should be able to — on its own — identify and raise alarms about users and devices displaying potentially malicious behavior.
Experts believe deep learning shows more promise
While there’s a place for machine learning as well as deep learning in cybersecurity, experts believe that the latter shows more promise.
“DL can provide new approaches for addressing cybersecurity problems. It has shown significant improvements over traditional signature-based and rule-based systems as well as classic machine learning-based solutions,” said a recent academic paper from John Hopkins University Applied Physics Laboratory titledA Survey of Deep Learning Methods for Cyber Security.
According to experts, deep learning has significant advantages in the detection of malware and network intrusion given its ability to quickly differentiate between good behavior and bad.
Researchers from John Hopkins University also found that there was a dearth of structured, labelled data in the world of cybersecurity — which might be a contributor to the growing importance of deep learning as a technology which does not need such data.
Overall, deep learning has significant potential to help organizations get ahead of looming threats in cyberspace. However, efforts need to be made to create and access data to train systems.
Academic research found that a “critical factor that impacted performance across all domains was the ratio of benign data to malicious data in the training set. This problem arises from the fact that it is difficult to obtain legitimately malicious data. Often, data is created from simulations and reverse engineering of malware because real data can be hard to obtain.”
To develop meaningful trust in deep learning methods, large, researchers believe that regularly updated, benchmark datasets will be critical to advancing cybersecurity solutions.
Further, the ability to test proposed deep learning methods in real operational scenarios will be needed in order to compare detection rates, speed, memory usage, and other performance metrics.
“The cybersecurity industry has just begun to appreciate the value of DL, and new datasets are emerging,” concluded the academics from John Hopkins University.
In the future, more intelligent deep learning-powered solutions are expected to make their way into organizations and allow cybersecurity professionals to better guard against cyberthreats.