How deep learning is changing cybersecurity
“We’re entering an era in which our enemies can make it look like anyone is saying anything at any point in time.”
— Barack Obama (or a fabrication of his)
By now, you have figured out the above is fake — generated by neural networks — to have the target convincingly say whatever the puppeteer wishes them to say. In August this year, it was revealed a cybercriminal used deepfake technology (i.e., deep learning) to scam a company out of $243,000. The fraud began back in March 2019 when the scammer created a deepfake imitating the voice of the CEO of the victim’s parent company.
The lesson here is clear. The use of machine learning for cybercrime is no longer a future threat. It is a present threat, and an important part of cybersecurity.
The threat of deep learning to organizations
The adoption of deepfake methods and technology by hackers means the ability of basic human intuition to prevent attacks is at an all-time low, whereas the need for training and specialists in cybersecurity is at an all-time high.
In addition to video and voice impersonation, deep learning allows hackers many other devious methods to wreak havoc. They can:
- Leverage generative adversarial networks (GANs), a cleverly-designed, self-learning deep learning system, to generate increasingly furtive malicious samples
- Utilize neural networks to successfully answer CAPTCHA systems, which were specifically designed to prevent bots from spamming and scraping
- Employ recurrent neural networks (RNNs) to generate convincing fake reviews
- Increase the potency of phishing techniques
But there is a flip side to the malicious use of deep learning.
Using machine learning for good
To quote Abhijit Naskar, one of the leading neuroscientists, “We need machines, but more than that we need humans who know how to use those machines for the greater good.”
For every tool that utilizes deep learning for offensive purposes, there is a tool that uses deep learning to benefit humanity. But beyond the many applications of deep learning to medicine, finance, law and self-driving cars, deep learning is also heavily utilized on the light side of cybersecurity:
- Deep-learning-based malware detection is gaining traction, with malware classifiers such as MalConv being used to stop zero-day samples
- Intrusion detection and financial fraud detection have improved tremendously in catching zero-day attacks thanks to the use of neural networks
- CAPTCHA system responses are actually used behind the scenes to train Google’s machine learning systems
- Deepfake technology is used to enhance movies and other entertainment
- The same technology that creates deepfakes and fake reviews is being used to detect and stop them
With the technology of deep learning making huge leaps on a monthly, if not weekly, basis, it is important not to be caught off guard by its rapid progress — like the company swindled by a deepfake impersonation. In the same vein, knowing its latest achievements and how to utilize them is of great value to anyone. For these two reasons, it is important to keep on top of one’s education on the developments of this technology.
Improving cybersecurity through deep learning
To help security-conscious practitioners in this task, I have, in collaboration with Infosec, created the Cybersecurity Data Science learning path, which covers a great number of use cases of deep learning, both for defensive and offensive purposes.
The series of courses cover a large number of exciting applications of machine learning and deep learning, including intelligent automated spearphishing, automatic speech recognition and impersonation, deepfake video creation and automatic personality analysis. In addition, the courses teach you how to perform neural network-assisted fuzzing, how to break CAPTCHA systems and how to deanonymize the browsing activity of Tor users, all using machine learning.
The learning path is included with an Infosec Skills subscription and available to anyone interested in learning how to use deep learning in cybersecurity. The bad guys are already learning how to use deep learning. So don’t wait — stay ahead of the game.
P.S. We also cover how to detect deepfakes.
About Emmanuel Tsukerman
Dr. Tsukerman graduated from Stanford University and UC Berkeley. In 2017, his machine-learning-based anti-ransomware product won Top 10 Ransomware Products by PC Magazine. In 2018, he designed a machine-learning-based malware detection system for Palo Alto Network’s WildFire service (over 30k customers). In 2019, Dr. Tsukerman authored the Machine Learning for Cybersecurity Cookbook and launched Infosec Skills Cybersecurity Data Science learning path.