Even if we choose to believe in smaller estimates , The situation is not optimistic . In particular, these new malware refer to advanced persistent threats （APT） When .APT It's the most complex variant of viruses and malware , Many of the network security technologies we use today are completely undetectable . Even security experts tell companies , Don't worry about the success of the attack , Because that's for sure , Just be prepared to deal with what happens after the attack is successful .
In the past few years , We have witnessed the evolution of many different detection technologies . First of all Signature technology , Detect by comparing unrecognized code with known malware . today , Every day, millions of new malware variants flood the Internet , There is no doubt that this technology is already outdated .
What's next , yes Heuristic detection technology , Identifying malware based on behavioral characteristics in code . This technique evolved to observe the behavior characteristics of the code during software execution , It spawned sandbox Technology , That is to put unknown code into the virtual environment to run , To see if it's malicious .
lately , We've witnessed the rise of machine learning to detect malware .
This technology uses complex algorithm to analyze a series of attributes extracted manually from the file itself , Determine whether the possible behavior of the file is malicious or benign .
Machines want to make decisions , It's up to humans to tell it what parameters to observe 、 Variables or functions . Usually , Machine learning network security solutions are used to identify suspicious situations , But the final decision on what to do , Or leave it to human analysts .
Now? , The new evolution of malware detection has entered the market . among Deep Instinct The solution is amazing .
It's on the market The first network security solution based on deep learning . Deep learning is an advanced form of artificial intelligence , Using a process similar to human brain learning to recognize things . Deep learning can have a huge impact on future security , Especially in detecting zero day malware 、 New malware and very complex APT On .
Once the machine knows what malicious code might look like , It can identify whether the unknown code is malicious or benign in real time with high accuracy . then , You can determine whether to delete or isolate the file , Or perform other specified actions .
that , How do machines learn to recognize malware ？ It's roughly the same as human learning . Suppose you take a child to the park , Show him a dog , He said to him “ This is a dog ”. Then you show him all kinds of different dogs , This supervised training process can help children learn . You don't have to explain why this is a dog , Just tell him it's a dog . In due course , A child can tell that an animal he has never seen is a dog , And this perception is real-time and highly certain . Show him a picture of the dog and he'll recognize it as a dog , Remove the photo 20% Even more pixels , He was able to quickly recognize it as a dog .
Deep Instinct Use this process to help its core engine learn to identify malicious code .
The company collects hundreds of millions of documents ——Word file 、PDF、 Executable file , Etc., etc. . The file format doesn't matter , Because data types are agnostic for deep learning . The researchers tested the files , Classify them as malicious or legitimate . then , They feed this massive data set back into their engines （ Artificial brain ） Training . final result , It was the company that became “ instinct ” A prediction model for .
“ instinct ” It is very similar to the above situation that children can accurately identify unknown things in real time after training .
Predictive models can be packaged into a small client . The client can be applied to any type of device ：PC、 laptop 、 Flat 、 A smart phone 、 Servers and so on —— Just run an operating system . When a file is opened or downloaded , It triggers a process , The client will split the file into the smallest pieces , Use the prediction model to go through all the pieces . then ,“ instinct ” You'll use what you've learned from the training to determine if the file is malware . It all happened around 5 In milliseconds . Everything that happens on the device is real-time , Delete all right , Blockade is good , All right , All in all , Malware can use the enterprise's strategy to kill it before it destroys . and , No impact on user experience .
Because the client encapsulates everything needed to analyze unknown files , It's independent of corporate networks and even the Internet . It means , Whether it's connected or not , Devices can be protected . for instance , An employee is in the cabin , The device in hand is set to flight mode . If he inserts a malware infected U disc , The client on the device can also analyze in pre execution mode U Files on disk , Detect malware before it infects the device .
Deep Instinct There is also a no client version of our solution , You can also use predictive models , It has protection function , It's just , Not on the device itself . Company said , This version is available through API（ Application programming interface ） and SDK（ Software development package ） Connect to any type of gateway . for instance , Can be integrated into FireLayer In the cloud access security agent , Malware detection and prevention for cloud based files and Applications .
Through continuous training of AI engine , The prediction model can be improved , Improve the ability to identify new types of malware . Although the client on the device is in the absence of updates , It can also maintain high accuracy for months . Deep Instinct call , The client is in 4 In the case of no update for six months , Malware detection capability only declines 0.5%~1%.
Testing by the University of Durbin and Siemens computer emergency response team , take Deep Instinct Positioned on the benchmark of the top security defense solutions in the market .
Mobile malware identification test ,10 The average accuracy of big security companies is 61.5%.Deep Instinct The solution is
99.86%. In another, it contains 1.6 m APT In the test done on the dataset of ,Deep Instinct Identified
98.8% Of malware .
Deep Instinct Implementation of the solution , A client needs to be installed on the device , Install the policy management device in the network 、 Monitoring panel and reporting system . The company said , The dataset file will be used for a proof of concept for potential customers , So that customers can compare this solution with existing network security tools .