Here’s how cyber threats are being detected using deep learning

One of the most common and critical applications for deep learning algorithms is to improve cybersecurity solutions.
15 September 2021

Deep learning is the most advanced subset of artificial intelligence, leveraging deep neural networks that take inspiration from how the human brain works. Source: AFP

  • Deep learning could be a game-changer in applying machine learning techniques to solve computer security challenges
  • Since deep learning shows great potential in constructing security applications, it has been widely used in detecting malware, intrusion, phishing, spam detection, and traffic analysis

Security attacks are becoming more prevalent as cyber attackers exploit system vulnerabilities for financial gain. Some defense techniques even fall short of detecting complicated or sophisticated attacks. Although machine learning techniques to solve computer security challenges are not a new idea, the rapidly emerging deep learning technology has recently triggered a substantial amount of interest in the computer security community.

Despite having to use various kinds of machine learning methods to classify network attacks over the past several years, traditional machine learning methods have not been capable of providing distinctive feature descriptors to describe the problem of attack detection, due to their limitations in model complexity. 

Fortunately, machine learning in recent times has made a great breakthrough by simulating the human brain with the structure of neural networks, which are named deep learning methods for their general architecture of deep layers to solve complicated problems. 

Basically, deep learning is the most advanced subset of artificial intelligence, leveraging deep neural networks that take inspiration from how the human brain works. As more data is fed into the neural network, it becomes better at intuitively understanding the meaning of new data – this allows it to predict and prevent increasingly advanced threats. 

It does not require a human expert to help it understand the significance of new features. One of the most common and critical applications for deep learning algorithms is to improve cybersecurity solutions. Here we’ve gathered how deep learning applications can help with security.

Deep learning with malware

In a paper published in 2019, experiments by researchers at the University of Plymouth and the University of Peloponnese showed that the deep learning model was especially good at detecting malware in .doc and .pdf files, which are the preferred medium for ransomware attacks. 

Typically, traditional malware solutions such as regular firewalls detect malware by using a signature-based detection system. A database of known threats is run by the company which updates the ledger frequently to incorporate new threats that were introduced recently. While this technique is efficient against these threats, it struggles to deal with more advanced threats.

That is where deep learning algorithms are capable of detecting more advanced threats and are not reliant on remembering known signatures and common attack patterns. Instead, they learn the system and can recognize suspicious activities that might indicate the presence of bad actors or malware.

Spam and social engineering detection

Natural language processing (NLP), a deep learning technique, can help one to easily detect and deal with spam and other forms of social engineering. NLP learns normal forms of communication and language patterns, and uses various statistical models to detect and block spam.

A good use case would be how Google used TensorFlow to enhance the spam detection capabilities of Gmail. According to the Mountain View-based company, the protections catch an additional 100 million spam messages every day. This includes image-based emails, emails with hidden embedded content, and messages from newly created domains that try to hide a low volume of spammy messages inside legitimate traffic.

User behavior analytics

One of the most important security practices for any organization is tracking and analyzing user activities and behaviors. Contrary to popular belief, it is much more challenging than recognizing traditional malicious activities against the networks since it bypasses security measures and often doesn’t raise any flags.

For example, when insider threats occur and employees use their legitimate access with malicious intent, they are not infiltrating the system from the outside, which renders many cyber defense tools useless against such attacks. Experts reckon that user and entity behavior analytics (UEBA) can be a great tool against such attacks. After a learning period, it can pick up normal employee behavioral patterns and recognize suspicious activities, such as accessing the system at unusual hours, that could possibly indicate an insider attack and raise alerts.