Professional development

How deep learning is changing cybersecurity

December 16, 2019 by Emmanuel Tsukerman

“We’re entering an era in which our enemies can make it look like anyone is saying anything at any point in time.”
— Barack Obama (or a fabrication of his)

https://www.youtube.com/watch?v=cQ54GDm1eL0

By now, you have figured out the above is fake — generated by neural networks — to have the target convincingly say whatever the puppeteer wishes them to say. In August this year, it was revealed a cybercriminal used deepfake technology (i.e., deep learning) to scam a company out of $243,000. The fraud began back in March 2019 when the scammer created a deepfake imitating the voice of the CEO of the victim’s parent company. 

The lesson here is clear. The use of machine learning for cybercrime is no longer a future threat. It is a present threat, and an important part of cybersecurity.

Infosec IQ

Infosec can empower your company and employees with education to spot and avoid phishing emails with our award-winning Infosec IQ security awareness training platform. Request a demo of Infosec IQ security awareness and phishing simulation platform to see for yourself.

GET A DEMO

The threat of deep learning to organizations

The adoption of deepfake methods and technology by hackers means the ability of basic human intuition to prevent attacks is at an all-time low, whereas the need for training and specialists in cybersecurity is at an all-time high. 

In addition to video and voice impersonation, deep learning allows hackers many other devious methods to wreak havoc. They can:

  • Leverage generative adversarial networks (GANs), a cleverly-designed, self-learning deep learning system, to generate increasingly furtive malicious samples
  • Utilize neural networks to successfully answer CAPTCHA systems, which were specifically designed to prevent bots from spamming and scraping
  • Employ recurrent neural networks (RNNs) to generate convincing fake reviews
  • Increase the potency of phishing techniques

But there is a flip side to the malicious use of deep learning. 

Using machine learning for good

To quote Abhijit Naskar, one of the leading neuroscientists, “We need machines, but more than that we need humans who know how to use those machines for the greater good.”

For every tool that utilizes deep learning for offensive purposes, there is a tool that uses deep learning to benefit humanity. But beyond the many applications of deep learning to medicine, finance, law and self-driving cars, deep learning is also heavily utilized on the light side of cybersecurity:

  • Deep-learning-based malware detection is gaining traction, with malware classifiers such as MalConv being used to stop zero-day samples
  • Intrusion detection and financial fraud detection have improved tremendously in catching zero-day attacks thanks to the use of neural networks
  • CAPTCHA system responses are actually used behind the scenes to train Google’s machine learning systems
  • Deepfake technology is used to enhance movies and other entertainment
  • The same technology that creates deepfakes and fake reviews is being used to detect and stop them

With the technology of deep learning making huge leaps on a monthly, if not weekly, basis, it is important not to be caught off guard by its rapid progress — like the company swindled by a deepfake impersonation. In the same vein, knowing its latest achievements and how to utilize them is of great value to anyone. For these two reasons, it is important to keep on top of one’s education on the developments of this technology. 

Improving cybersecurity through deep learning

To help security-conscious practitioners in this task, I have, in collaboration with Infosec, created the Cybersecurity Data Science learning path, which covers a great number of use cases of deep learning, both for defensive and offensive purposes.

Infosec Skills Cybersecurity Data Science learning path by Emmanuel Tsukerman

The series of courses cover a large number of exciting applications of machine learning and deep learning, including intelligent automated spearphishing, automatic speech recognition and impersonation, deepfake video creation and automatic personality analysis. In addition, the courses teach you how to perform neural network-assisted fuzzing, how to break CAPTCHA systems and how to deanonymize the browsing activity of Tor users, all using machine learning. 

The learning path is included with an Infosec Skills subscription and available to anyone interested in learning how to use deep learning in cybersecurity. The bad guys are already learning how to use deep learning. So don’t wait — stay ahead of the game. 

Learn Cybersecurity Data Science

P.S. We also cover how to detect deepfakes.

About Emmanuel Tsukerman
Dr. Tsukerman graduated from Stanford University and UC Berkeley. In 2017, his machine-learning-based anti-ransomware product won Top 10 Ransomware Products by PC Magazine. In 2018, he designed a machine-learning-based malware detection system for Palo Alto Network’s WildFire service (over 30k customers). In 2019, Dr. Tsukerman authored the Machine Learning for Cybersecurity Cookbook and launched Infosec Skills Cybersecurity Data Science learning path.

Posted: December 16, 2019
Articles Author
Emmanuel Tsukerman
View Profile

Notice: Undefined index: visitor_id12882 in /www/resourcesinfosecinstitute_601/public/wp-content/plugins/infosec-user-info/infosec-user-info.php on line 117