"Android versions of Symantec mobile security products are the first to include deep learning, but the access to this big data approach will soon spread to other platforms. Deep learning may be the next frontier for a security industry that's dealing with constant attacks from cyber-criminals who become more sophisticated by the day." http://www.eweek.com/security/syman...o-anti-malware-tools-to-detect-zero-days.html
avast! has been using that for quite a while afaik. But they are very conservative at using it judging by their detection...
It's a buzzword for somewhat existing thing, just like "cloud" was a year or two ago. Basically it means you toss bunch of stuff in one bin and give computer job to sort stuff to good, bad and needs further analysis. So you can just feed suspicious apps into the system and it'll be throwing out file classifications. If found as bad, it can then get sigantue generated automatically, if it's found clean on severala spects it can be feed tot he whitelist and if needs further analysis it'll be sent to the actual human virus analyst. Then you can have tons of stuff in the middle that is fully automated and assists you along the way depending what company needs to do with the data. It can also help finding similarities between files in one group to further increase detection signatures density (generic automatically generated signatures) etc. All this is done on system with massive parallel computation power. avast! guys use several GeForce GPU's to do that in a custom built system dedicated to data crunching. This is what's hiding behind "deep learning" "buzzword". You can read more about it here: https://www.avast.com/technology I think other vendors use similar approach so it most likely applies tot hem as well.
More vendors will use this in the future hence theres more and more malware released every year. It reacts faster and better to new threats. Also Cloud systems which work like a human brain are better in detection http://www.technologyreview.com/new...at-mimics-the-brain-could-catch-more-malware/
Thanks for the detailed explanation of this technology. It does look like it's something useful. Regards, oliverjia
Yep, although the technology can't be compared by throwing data in a bin and let a computer sort it out. Each executable has some characteristics, which can be interpreted and classified. Based on these attributes Avast is generating generic identifyers, like your surname and the postal code are generic. They don't explicitely identify you, but they mark you as a group. Then they apply some magic to combine these factors and classifies them into clusters. So out of 250.000 new PE's, about 150.000 of those new samples can be grouped into 20.000 clusters. Each of these clusters has to be analyzed and the verdict (good or bad) of the cluster is applicable to all of the unique samples in that cluster. The remaining 100.000 are tossed into a (sandbox) bin and analysed by the computer like Rezjor mentioned
Well, I oversimplified it because in the end, that's what it is, a giant junk sorter. You toss stuff in and it then sorts it all out for you in an usable form/shape. How it does that exactly doesn't really matter to most users. Though avast!'s technology page goes in quite some details...
From a distance everything looks the same, so you are right, but that does not outlines the importance of (stage 1) machine based learning combined (stage 2) automatic behavioral analysis in a sandbox. A year ago, researchers of Google claimed that reputation analysis combined with machine based learning would provide 99% accuracy in classifying unknown into good or bad clusters. So it is more than just a buzzword IMO.
