Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/13/2017
10:30 AM
Pete Hunt
Pete Hunt
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Deep Learning's Growing Impact on Security

Neural networks are now practical for real-world applications, cutting back on work needed from analysts.

Deep learning is one of the buzziest buzzwords of 2017, and for good reason. Deep learning (more accurately called deep neural networks) attempts to mimic the activities of the brain. The basic principles of neural networks have existed since the late 1950s, yet it wasn't until around 2010 that computers became powerful enough (and data got big enough) for highly complex "deep" neural networks to become practical for real-world applications.

Today, this technique is revolutionizing natural language processing and malware detection. Deep learning can figure out how to solve tough problems, such as identifying suspicious online behavior. This technique and related systems and tools will play an increasingly greater role in anti-fraud and security applications.

Compared with other forms of machine learning, deep learning requires less manual programming to solve problems. The most expensive part of leveraging traditional machine learning algorithms is a stage called feature engineering. An engineer, analyst, or data scientist needs to write code to extract interesting features from the data for the machine learning algorithm to learn from, such as the number of transactions that a person makes per day, or how far away from home his or her credit card is being used. The analyst must intuit which features would indicate fraud or a security breach.

Deep learning changes this equation; it imports raw transaction and user data and applies neural network technology to automatically do this feature engineering. For some problems (such as image recognition) it's very hard for humans to write code to extract these features. Deep learning opens new opportunities for innovative products in many fields, but this is especially exciting in security, fraud, and abuse detection. Some of its applications include the following:

1. Spotting inappropriate behavior. Social networks and other forums where users can contribute content sometimes attract deviant behavior, such as people posting pornographic or violent images. With deep learning, companies can automatically spot prohibited content instead of employing people to manually review images reported from users. This saves money and time and is a more proactive way of ensuring that users aren't violating company policies.

2. Photo verification: Cybercriminals often create fake photos and IDs. This gives them access to a new identity, so they can create fake accounts to dupe users into sharing data or signing up for bogus services. Large-scale marketplaces such as Airbnb are increasingly affected by these attacks. Deep neural networks can be trained to identify manipulated or duplicate images, and since 2015, neural networks have been outperforming humans on similar image-recognition tasks.

3. Phishing emails: Phishing — the practice of sending emails that appear to come from legitimate senders such as UPS or a bank — continue to trick people into clicking on the links and opening their PCs to data-stealing viruses. Some of us unwittingly give up our personal data, including account numbers and passwords, to these scammers. Deep-learning systems can be trained to recognize these phishing emails and prevent them from getting delivered to anyone's inbox.

4. Spam detection: Deep learning can root out all forms of unwanted email by learning the difference between junk and legitimate messages. Deep neural networks can understand the concepts included in the email's text and can, for example, identify if the email includes a call to action to purchase a product.

5. User and entity behavior analytics: User and entity behavior analytics (UEBA) focuses on analyzing the behaviors of people who are connected to an organization's network as well as entities such as servers, accounts, laptops, and so on. UEBA is used for external breach detection and for identifying rogue insiders by analyzing what is normal behavior — such as where users normally log in from and what applications they access — and looking for what isn't. Deep learning reduces the feature engineering required for UEBA, and neural networks can learn patterns of user behavior that may indicate a malicious session.

Check out the all-star panels at the 'Understanding Cyber Attackers & Cyber Threats' event June 21 and get an in-depth look at your cyber adversaries. Click here to register. 

6. Account takeover mitigation: Like UEBA, security engineers and researchers are beginning to see the power of training recurrent neural networks on an individual user's behavior. If that user's behavior sufficiently deviates from the model, it may indicate that the account has been compromised.

Deep learning, however, has a few problems. First, it requires a vast quantity of labeled data to be effective. This requires people to select and feed data to the system so it can learn patterns to recognize, such as phony logos or email addresses used in phishing emails. Second, deep learning is extraordinarily computationally expensive.

That's why deep learning was a nascent field until around 2010, when Google started publishing state-of-the-art results. It could do this because of the advent of cheaper, more powerful processors called GPUs (the graphics cards that gamers use to render impressive 3-D visuals). Additionally, Google and other large corporations had amassed a vast quantity of training data by 2010, which is required for deep learning to be effective. As the world's data is doubling every two years, this presented a unique opportunity for a new type of machine learning to be successful.

Fortunately, you often don't need a huge data set to realize the benefits of deep learning. Many research groups publish pre-trained models on the Web under a permissive open source license. Additionally, you can use a strategy called transfer learning to start from one of these pre-trained networks and refine it on your own data. For example, you can take a pre-trained deep neural network that can recognize different animals and refine it on a data set of landscapes, and with just a few hundred or thousand samples it may achieve state-of-the-art performance.

Deep learning's potential for security and fraud detection is still in its early stages. Deep learning could change the math on machine learning; on most problems, not just the malware detection of today, we'll be able to get better results with less work from analysts.

Related Content:

Pete Hunt is co-founder, CEO, and product engineer at Smyte. Prior to Smyte, Pete led the Instagram Web team at Facebook and built Instagram's suite of business analytics products. Before that, he was one of the original members of the Facebook React.js team. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2019
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10100
PUBLISHED: 2019-07-16
NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43.
CVE-2019-10100
PUBLISHED: 2019-07-16
BigTree-CMS commit b2eff67e45b90ca26a62e971e8f0d5d0d70f23e6 and earlier is affected by: Improper Neutralization of Script-Related HTML Tags in a Web Page. The impact is: Any Javascript code can be executed. The component is: users management page. The attack vector is: Insert payload into users' pro...
CVE-2019-10100
PUBLISHED: 2019-07-16
PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is: after commit 09f0ab871...
CVE-2019-13612
PUBLISHED: 2019-07-16
MDaemon Email Server 19 skips SpamAssassin checks by default for e-mail messages larger than 2 MB (and limits checks to 10 MB even with special configuration), which is arguably inconsistent with currently popular message sizes. This might interfere with risk management for malicious e-mail, if a cu...
CVE-2019-10100
PUBLISHED: 2019-07-16
Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3.