Deep Learning: It can beat the European go champion and defend against malware

Source: Internet
Author: User

Deep Learning: It can beat the European go champion and defend against malware

 

 

At the end of last month, the authoritative science magazine Nature published an article about Google's AI program AlphaGo's victory over European go, which introduced details of the AlphaGo program.ActuallyIs a program that combines deep learning with tree-search. Although the confrontation occurred in last October, it still caused a sensation on the Internet and in the circle of friends: did the last pride of human intelligence collapse?

?? Before answering a question, let's take a look at these concepts .??

FreeBuf Encyclopedia: What is Ai, machine learning, and deep learning

 

 

Image Source: Starting from machine learning

Artificial Intelligence (AI ):

As a branch of the computer science, artificial intelligence refers to the intelligence represented by systems with artificial manufacturing, which is usually achieved by ordinary computers.

At present, the goal of AI has been to develop a system or software that simulates human reactions and behaviors in a certain environment ". As this field involves a wide range of sub-goals, each sub-goal is developed into an independent research branch. The main goals of AI are as follows (also known as the AI problem ):

1. Reasoning; 2. Knowledge representation (Knowledge representation); 3. Automatic planning and scheduling; 4. Machine learning ); 5. Natural language processing (Natural language processing); 6. Computer vision (Computer vision); 7. Robotics (Robotics ); 8. General intelligence or strong AI (General intelligence or strong AI );......

Machine Learning (ML ):

The machine learning field is developed by a sub-goal of AI to help machines and software learn themselves to solve problems encountered.

Machine Learning is a science that enables computers to correctly respond without prior explicit programming.

As for how to implement machine learning, I would like to summarize the answer from zhihu:

Simply put, machine learning requires data and models. With these two features, training is the process of automatically adjusting model parameters through optimization algorithms to put the model on the data. The trained parameters are the parameters in the model.

Deep Learning (DL ):

Deep Learning is a branch of machine learning. It attempts to use a column algorithm that high-level abstracts data using multiple processing layers that contain complex structures or composed of multiple nonlinear transformations. It may be a bit abstract. In fact, the concept is very simple. "It is the situation that traditional neural networks have developed into multiple hidden layers ".

Use "deep learning" to defend against malware

Signature-based or heuristic Malware detection methods are getting weaker. This means that most anti-virus (AV) programs have little effect on mutating malware, especially when they defend against APT (advanced persistent threat) attacks. Malware usually consists of about 1000 lines of code, and 1% of the changes make most of the AV helpless.

Before Year 56, machine learning began to be used to solve non-linear problems, such as face recognition, recognition of malware, and program capturing through certain features. Sandbox and other machine-based technologies cannot be faster and more accurate than deep learning.

Deep Instinct is a security company founded by Guy Caspi and Eli David, two retired veterans of the Israeli defense network security force "8200". They use artificial intelligence learning algorithms to detect software structures and program features, malware discovered. Deep Instinct can simultaneously detect and prevent "first-time" malicious activities in all assets. Most employees of the company have advanced mathematics degrees, and both Tel Aviv and Silicon Valley in Israel have their offices.

 

Deep Instinct built a giant neural network in the laboratory using Deep learning and trained the program with a group of samples containing 8000 malware. This aims to train the software and detect the special program calls and combinations of small modules of the malware. Deep Instinct's learning method breaks down malware samples into a large number of small "fragments" that can be mapped by malware, just as the genome sequence is composed of thousands of smaller sequences. These decomposed samples are still binary strings used to train a neural network for systematic identification. After millions of computations, the neural network runs in a GPU cluster, and finally produces a static neural network that points to the destination.

Because the solution cannot be updated, it runs very fast and occupies very few computer resources at the same time. Therefore, the network administrator decides to update at intervals based on the current threat ecosystem.

Deep Instinct malware recognition rate far exceeds that of traditional security companies

G? The ttingen University conducted a recognition test on 16000 malware samples, from Siemens CERT, Bit-Defender, McAfee, and Trend Micro) AVG, Kaspersky, Sophos, and other security companies have an average recognition rate of 61%, while Deep Instinct has a recognition rate of 98.86% for malware. The test uses the DERBIN test developed by Germany, which is described here. Some malware samples change independently, but their functions are not affected. The recognition rate of PDF malware is 99.7%, And the executable file detection rate is 99.2%. To be fair, Deep Instinct uses only 8000 of all samples for training and still produces surprising results.

Cylance and FireEye also use machine learning to apply more advanced detection software. However, they use sandboxes, at least much more than Deep Instinct, and they do not perform real-time monitoring with a low false positive rate.

 

The British Dark Trace company used machine learning to completely change its threat detection method for network traffic threat indicators. Cybereason developed a different detection method, analyze other threat modes, such as external indicators, different domains, and threat intelligence.

Compared with other emerging security companies that adopt advanced scientific and technological means, what advantages does Deep Instinct stand out from? Deep Instinct is expected to have a traffic module that is said to "Replace the firewall" by the second quarter of this year, which can be used to detect malware and APT, it is more like a helpful helper.

Security Detection industry: houlang qianlang

According to Guy Caspi, cyber attacks by North Korean hackers against Sony Pictures are based on a new type of malware. The attacker only slightly modifies existing malware and the process is not very complex. As the boundaries of various organizations expand infinitely, Malware detection becomes increasingly difficult. New threats and mobile access have spread to the network edge of many organizations.

Therefore, large companies, including Samsung, Qualcomm, and Nvidia, may invest in Deep Instinct ". The products of Deep Instinct adopt a relatively conservative price and are highly competitive in their counterparts.

Signature-based Malware detection becomes increasingly inaccurate, and there is no room for expansion. After the malware is crushed into tiny particles, Deep Instinct can discover the true face of a malware through neural networks for analysis ", any mutation cannot mask the features that malware requires. Once the challenge succeeds, Deep Instinct's security product will rewrite the game rules in the Security Detection market. I don't know who is going to dive into this game.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.