Nowadays, the scene of cybersecurity is not the most hopeful one, If we consider the continuous growing and spreading of new kinds of malware through all types of devices and operating systems. Based on the statistics from sources such as Karspersky or GDATA, it is possible to check that the malware is not under control and still growing in new variants, with the objective of avoiding security measures and taking advantage of all types of vulnerabilities. According to the GDATA report, it is estimated that along 2017, more of 7.4 million of new threats will rise. This number exceeds the same data respect to the last year.
It is possible to illustrate, as an example of one of the types of malware that had more importance and impact during last couple of months, the ransomware, a threat which reached in the first term of this year the same amount than all the second half of 2016.
Due to this, it should be necessary to continue using efforts and resources for improving and creating new security methods to handle this threat’s creation, in the most efficiency way.
From JTSEC we want to analyse one of the current topics and its application in the cybersecurity’s world.
Deep Machine Learning: an alternative
Currently, one of the fields of investigation in cybersecurity consists in the implementation of artificial intelligence (AI) technics for detection and response of threats. With this, we could improve the efficiency and speed for handling the raising number of security incidents that exists nowadays. In short terms, the trends of AI for cybersecurity are:
- Prediction and prevention systems, with the objective of taking advantage of the functionality of Big Data for processing high amounts of information from the traffic of one specific network.
- Solutions for AI applied to the security in IoT (Internet of Things), with the aim of avoiding the malware’s spreading through different networks.
- Automatic learning for generating flexibility in cybersecurity systems, and adapt it to any type of devices and tools capable of identifying all the malware changes.
If we focus our attention in the capability of self-learning, it is possible to find technics such as Machine Learning, which consists in the use of algorithms for parsing large amounts of information, implementing learning during the process, and then to be able to predict specific features. One of the variants of this technic is Deep Machine Learning. As basic definition, this Machine Learning variant consists in the concept of learning by examples, making with this a constant improvement of the intelligence of one tool for handling new threats automatically. It consists in a group of learning algorithms which use technics of neural networks, which are able to obtain as result a specific learning of the input information and, thanks to this, to obtain relevant results.
Examples of application of Deep Machine Learning. Intrusion Detection Systems (IDS)
Several investigations exist about implementation of this methodology in cybersecurity and there are several solutions for handling the mentioned problem.
One example of use consists in detection and classification of malware in an automatic way, by using technics of Deep Learning, with the objective of adapt it to the constant changes of malware.
Another example of application of Deep Learning is based in Intrusion Detection System (IDS), trying to improve the detection capability of this type of tools through artificial intelligent for better handling network security threats.
Those IDS are important tools for the network administrators to detect security holes in the organization network. There are two challenges: providing flexibility and precision in an IDS in relation to detection of new unknown attacks.
At first place, the self-selection of the features of network traffic for detecting anomalies is a difficult task. Due to the complexity of attack’s environments, at sense of evolution and changes in those environments, the features selected for one type of attack could not properly for other type of attacks.
In a second place, the difficulty of identifying or setting labels in the network’s traffic is another challenge, because it is necessary a big amount of resources to generate a group of labels for all this traffic in a specific period of time.
The use of Deep Learning technics contributes to a good selection of features and it has made possible that the necessary training of this type of technics is the correct one, through the process of erasing of redundant features and noises.
Methods such as AutoEncoder and DBN (Deep Belief Networks) are used for detection of malicious code, as a hybrid scheme. This scheme consists in use the first method, as Deep Learning method, with the objective of reducing the amount of data and it selects only the necessary information. Then, it uses the DBN learning method for detects the malicious code by the selected information for the last method.
Future of Deep Machine Learning
Nowadays, there are several investigations with the objective of improving and standardizing the mentioned concepts in relation of Deep Learning’s use. Also, this type of technics and methods are used in automated detection of vulnerabilities in all operating systems. This way, its aims to find the vulnerability and solve it before any malware taking advantage of it. This type of technics and methods are used in automated detection of vulnerabilities in all operating systems. This methodology provide the objective of improving the testing phase and to provide hardening of systems which take part of one network and assure the existence of solutions for any type of hole in the topology of one network. With this, it is possible to prevent that one malware takes advantage of any vulnerability and obtains important information.
Some investigations, are starting to include proposals as tools, for implementing and developing those methodologies in Deep Learning field. They are using some technics from Machine Learning to develop the investigations performed in the field. Some examples are DBN (Deep Belief Network), LSTM-RNN (Long Short-Term Memory – Recurrent Neural Network), ANN (Artificial Neural Networks), SVN (Support Vector Machine) and NB (Naive-Bayesian).
Those technics are mostly based in neural networks with the objective of create algorithms able to implement artificial intelligence automatized with the aim of provide a self-learning without the necessity of any supervision. From this point, it will be possible the resolution of the classification and detection of different threats (new and well-known) practically automatized.
Finally, it is possible to deduce the final objective of this type of technics is introducing the artificial intelligence in the cybersecurity field, with the aim of improving the performance and capability of response of the currently implemented methodologies and, with this, to handle the constant growing and spreading of malware and avoiding the loose of economics, information and human resources.
From JTSEC, we believe that this kind of technics will be an important part of cybersecurity in the future.