Cybersecurity
Last week, a massive cyber-attack took place across more than 150 countries. The so-called “WannaCry” software would cause a screen to pop up on a victim’s computer demanding a $300 payment in return for access to their files. As of May 17, 2017, the total number of computers attacked had reached 300,000. What’s more, the success of the software is spurring imitators, causing more heartburn for cybersecurity experts the world-round. Enter Deep Instinct, a start-up focusing on using AI to detect zero-day cybersecurity threats. Although secretive about their methods, the firm recently competed in Nvidia’s start-up competition and showed how they were using machine learning techniques to identify malware. This is particularly difficult because parsing code for ill intent (like parsing natural language for the same) is difficult. According to an article written on the subject a“…a new family of malware is only about 30 percent different from the code of something that came before.”
Preventative v. Reactive
Given the difficulty in identification most anti-virus software rely on a combination of human reporting and reactive malware management. Deep Instinct, on the other hand, doesn’t rely on pre-existing knowledge or known virus signatures. One would believe this implies having to process an incredibly large amount of data, but the firm claims to use an ensemble algorithm that follows a two-step classification process. First, the firm removes about 95% of available data on a potential malware in a method the firm keeps secret. However, it seems safe to say this can be done using a variable selection tool such as LASSO or Elastic Net. Second, the firm then runs a second algorithm using the remaining variables (i.e. the 5% of remaining data) to classify a file as malware or not. Similarly, the firm does not disclose this method but a classification method such as random forest is likely to play a part here. The table below shows some of the firm’s self-reported results:
| Detection Rates | False-Positive Rate | |
| Deep Instinct | 99% | 0.1% |
| Competitors | ~80% | ~2-3% |
Next Steps
Deep Instinct is still an early-stage firm, but the need for scalable way to detect and prevent malware is clear from last week’s attack. But more long-term, this is a cat-and-mouse game; hackers will get more clever, forcing cybersecurity firms to get more intelligence, and so on and so forth. This begs the question: is there a better solution? In general, it appears a preventative measure that helps identify a file’s intent (by parsing the underlying code, for example) seems to be a good start. With this method, we prevent ransomware attacks from occurring, but we leave ourselves open to being overly-protective (anyone who works for a firm with an overly-active spam filter will commiserate). As we think about the evolution of this space we believe more investment should be done in preventative security in addition to general consumer education about how to identify and react to malware.
Sources:
8|