Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

What Deep Learning Means for CyberSecurity

If you’re a film buff like me, you’ve probably seen The Imitation Game, with Benedict Cumberbatch in the role of Alan Turing. The movie tells the story of Turing who, In 1939,  was recruited by the newly created British intelligence agency MI6 to crack the Nazi’s cryptography machine Enigma, which cryptoanalysts of the day thought unbreakable.

If you’re a film buff like me, you’ve probably seen The Imitation Game, with Benedict Cumberbatch in the role of Alan Turing. The movie tells the story of Turing who, In 1939,  was recruited by the newly created British intelligence agency MI6 to crack the Nazi’s cryptography machine Enigma, which cryptoanalysts of the day thought unbreakable. In fact, Turing was obsessed with the idea of building a machine that could perform the math and engineering computations that his team of human analysts were doing. In the film, he builds a machine called Christopher (in reality it was actually named Bombe).

Bombe was a computer of sorts, and was used to eventually break the Enigma code and help the Allies win the war. It was also the genesis of the digital revolution. Because of Bombe, Turing is credited as the father of computer science. Today the Turing Award, established in 1966, is considered to be the Nobel Prize of computing. This year, the Turing award and its $1 million prize went to Geoffrey Hinton, Yann LeCun, and Yoshua Bengio for their work on neural networks.   

Why is their work on neural networks so significant? The groundbreaking work Bengio, Hinton, and Lecun have done with deep learning and neural networks has paved the way for many technical innovations such as autonomous driving cars, novel cancer treatments, and a variety of image and speech recognition applications. And beyond those high-profile developments, deep learning is proving to be a transformative factor in addressing challenges in cybersecurity. 

What is Deep Learning

Since there seems to be a lot of confusion as to what deep learning is and how it’s different from traditional machine learning, let’s set the record straight. Deep learning is a family of methods within machine learning that uses available data to learn a hierarchy of representations useful for certain tasks. While in traditional machine learning, a lot of human expertise is needed to define the set of features to represent the data, there is no feature engineering involved in deep learning. The system learns the best representation of the data by itself to produce the most accurate results. As a result, no human bias is introduced and the deep learning system is inherently more scalable and accurate.  

Here’s what I mean: imagine a security product that is being built to identify “threats” by inspecting network traffic. With machine learning, threat analysts are defining what constitutes a threat, and will need to handcraft these manually when a new attack takes place.  With deep learning, labeled data constituting “threat” and “not-threat” is used to train the system. This deep learning model can then be used to detect a variety of different threats, even ones that seemingly look novel. 

With deep learning, the curation of the threat data used, as well as the “training” and “validation” of the models is vital to the accuracy of the outcomes. In fact, deep learning was stymied for many years until two adjacent developments made it possible to effect deep learning theory in a practical way, propelling this technology to its current applications and successes. These were: 

● GPUs – Advancements in processing and  the lowering of the costs of the underlying technology made it possible for deep learning model training and validation to be performed in days when it used to take weeks or months. 

● Big Data – Enormous threat data sets comprising hundreds of millions of samples are now available. This is a much bigger training set than is available for vision applications and is being used to inform deep learning-based systems to recognize threat patterns, including unique strains of malware. 

How Deep Learning Can Help in Cybersecurity

What does all this mean to those facing the challenges inherent with cybersecurity today? It turns out that deep learning is an ideal technology to address the volume and velocity of the current threat environment. Today, hackers are using automation to generate and deliver new strains of malware on a global scale at a rate of almost a million a day. In contrast, our traditional threat defenses based on signatures and sandboxes are manual in nature. 

Signature-based threat detection works only for known threats and signature creation takes time once patient zero is detected. Additionally, there are only a limited number of signatures that can be stored on any security product at any time (try multiplying a million variants a day for 365 days). Sandbox-based threat detection that performs dynamic analysis on files in a virtual environment also have limitations. Certain file types (DLL) and large file sizes just cannot be analyzed in malware sandboxes. Hackers have also developed many techniques for evading sandboxes. 

All this means a new approach is needed–one that is automated, and can offer the speed and accuracy of threat detection that we defenders need today. Deep learning is not the panacea for all your security problems, but it is ideal for detecting known and unknown network threats, and can do so in a fraction of a second to keep pace with the onslaught of attacks. 

The natural reaction to these developments by many CISOs may be skepticism because of the overhyped nature of AI and the history of security systems that have fallen short of expectations. So how do you know if something is legit? In my next column, I’ll talk about evaluating AI claims in security–how to separate fact from fiction.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...