A Deep Learning Approach for Detecting Unknown Malware Posted on : Feb 10 - 2018

All of the major antivirus vendors at this point are moving towards machine learning approaches to keep up with the evolving threat landscape. That’s the good news. However, with upwards of 1 million new pieces of malware released into the wild per day, traditional machine learning approaches may be not be up to the task. Now a company called Deep Instinct is hoping to take malware detection to the next level by using deep learning.

In the cat and mouse game that is Internet security, cybercriminals and bad actors constantly try to pull one over on the rest of us. If they can sneak a new piece of malicious code past our endpoint detection systems, they can reap the financial rewards.

But here’s the thing: cybercriminals don’t need new code every time. They can use an old piece of malware and make some slight tweaks to get it past security software. Or they can create a new exploit for an old vulnerability, which was the technique used in May’s WannaCry attacks, which impacted 350,000 systems across the world.

Tracking vulnerabilities and the exploit code that hackers write is a huge task that falls to researchers in the cybersecurity industry. In the beginning, signature-based approaches that looked for snippets of code dominated the malware detection racket. When cybercriminals caught on to that approach, security companies were forced to adopt more complex rules-based approaches. But the bad guys got smart to that approach, too.

The next evolution in malware detection involved machine learning. Symantec uses its “advanced machine learning” (AML) to learn to identify attributes of malicious software, while McAfee prefers its approach to “human-machine teaming” to boost malware detection. Kaspersky Labs has been using machine learning to bolster malware detection in its software for about 10 years.

However, the number of new pieces of malware being released continues to skyrocket. In 2015, Symantec said it detected 317 million new pieces of malware the previous year, or nearly 1 million per day. In 2016, Kaspersky Labs said that it was detecting about 323,000 new malware files per day, up from about 70,000 in 2011, according to a story in Dark Reading. In its recent  McAfee Labs Threats Report for the third quarter of 2017, the vendor said it detected 57.6 million new samples, or about 640,000 per day.

The exact number of new malware samples generated each day is not important. What is important to a civil online society is the good guys have a way to detect malware before the bad guys have a chance to do much damage with them.

Going Deep

Three years ago, a pair of Israeli cybersecurity researchers, including Guy Caspi and Eli David, founded the company Deep Instinct with a daring plan to utilize emerging deep learning techniques to improve malware detection capabilities. They idea was to build a system that could scale at the same staggering rate as new malware is being generated. View More