The cybersecurity industry is one of the many areas that have benefited significantly from AI and deep learning. When used effectively, artificial intelligence improves the ability of cybersecurity solutions to detect a wide range of threats, including brand new or unclassified threats.
The process of using AI efficiently includes, among other things, typically state-of-the-art models, an iterative method to improve the accuracy of the model, and accurately labeled data.
In many cybersecurity companies that use AI, these requirements - especially the process of accurately labeling data - are supported by threat experts. In addition to other manual tasks or processes that produce hand-made inputs, these take care of the preprocessing of the data and the extraction and development of functionality. Essentially, these expert hand-crafted inputs allow models to run more clearly by accurately depicting the underlying structure of the data, thereby improving threat detection capabilities.
Experts replace inputs from automated processes
However, the emergence of new methods of detecting threats using AI calls into question the need for artisanal input from experts. Specifically, these methods include end-to-end, deep learning solutions, which some have touted as the next big milestone in malware detection. In such solutions, the inputs worked out by experts are replaced by those provided by automated processes. While this is arguably becoming more and more accepted in some industries that use AI for various purposes, the lack of artisanal input from experts raises the question of whether or not that input from experts is still relevant in developing an efficient AI-powered cybersecurity solution.
One approach examined malware binaries represented as grayscale images, revealing the textual and structural similarities and differences either between binaries of the same and other malware families, or between malware and benign software. This avoids manual feature engineering, which saves time and reduces the workload for cybersecurity companies. Another approach involves a process of feeding the engine raw data, which consists of raw byte values, and producing output that indicates the classification of a malicious or benign file.
More about deep learning for cybersecurity at Trendmicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.