Deep Neural Networks for Hackers: Methods, Applications, and Open Source Tools

The presentation discusses the use of deep neural networks in intrusion detection and introduces open source tools for security deep learning research.

• Deep neural networks are achieving breakthroughs in intrusion detection
• The presentation demystifies deep neural network concepts and introduces open source tools for security deep learning research
• A case study is presented on a deep neural network that uses a convolutional neural network approach to detect previously malicious URLs at higher accuracy than any previously reported techniques
• The team at SoPost is introduced and the book 'Malware Data Science' is promoted

The speaker uses a toy example of a machine learning malware detector to explain the basic set up for how all machine learning detection works. The example involves gathering a data set of known bad and known good binaries, extracting attributes from them, and plotting the data in a feature space to find a decision boundary that captures the pattern. The speaker then goes on to describe how real decision boundaries tend to be wonky distorted curvy shapes, and introduces the idea of a nonlinear feature space.

Anyone who keeps up with technology news has read about deep neural networks beating human champions at Go, achieving breakthrough accuracy at voice recognition, and generally driving today's major advances in artificial intelligence. Little has been said, however, about the ways deep neural network approaches are quietly achieving analogous breakthroughs in intrusion detection. My goal with this presentation is to change this, by demystifying deep neural network (deep learning) concepts, presenting research that shows that we can use deep learning methods to achieve breakthrough cyber-attack detection, and by introducing open source deep learning tools, so that attendees can leave equipped to start their own security deep neural network research.The presentation will start with an intuitive overview of deep neural networks, introducing the ideas that allow neural networks to learn from data and make accurate decisions about whether, for example, files are good or bad, or a given URL or domain name is malicious. After introducing deep neural networks, I'll go on to describe a case study: a deep neural network that uses a convolutional neural network approach to detect previously malicious URLs at higher accuracy than any previously reported techniques, which we have evaluated on live, real world data. Finally, I'll introduce the open source tools available for doing security deep learning research, giving attendees a starting place for incorporating deep neural networks into their own security practice.