Using deep learning to thwart malware - even WannaCry

Last week was already turning into an especially good one for Israeli cyber security startup Deep Instinct, but Friday's massive, headline-grabbing WannaCry ransomware outbreak delivered the proverbial cherry on top. The company, co-founded in 2014 by security researcher and university lecturer Dr. Eli David, had just beat out dozens of other AI companies to win the $375,000 prize for most innovative startup in Nvidia's Inception competition. The presentation occurred at  Nvidia's GTC event, which I summarized in my last column, and came on the strength of Deep Instinct's deep learning malware detection software that is amazingly accurate in filtering out even previously unseen zero-day exploits.

Then, as if on cue two days later, the most aggressive, voracious ransomware attack yet seen is unleashed, spreading via a Windows flaw that was initially believed to have been discovered and stockpiled by the NSA. After the Shadow Brokers hacker group found and released the vulnerability, it was only a matter of time until it was weaponized into an attack like WannaCry that could infiltrate potentially millions of unpatched systems.

People can blame the victim by berating them for using obsolete versions of Windows that in some cases had ceased receiving security updates from Microsoft. But as we've seen in so many security incidents, the situation isn't uncommon, and not always their fault, particularly when it comes to embedded systems for industrial or medical devices. For those organizations, having security software like Deep Instinct that automatically learns the characteristics common to all malware and is effectively self-updating would have come in handy late last week and saved a lot of time and money.

If a system that can identify an arbitrary executable as malware or not, whether running on Windows, Android or OS X, sounds too good to be true, it's because all deep learning software seems like something of a magical black box. These systems take massive amounts of raw, typically labeled and categorized data and turn it into models that are incredibly accurate at identifying and even predicting patterns and objects sharing like attributes.

How Deep Instinct works

Deep Instinct applies the same techniques used by Facebook, Google and Microsoft to automatically tag and label images, but applies them to executable files. In both cases, deep learning models based on convolutional neural networks (CNNs) are trained against a labeled set of data — image pixels with a set of subject matter metadata in the case of the online sites, binary executables in the case of Deep Instinct. Regardless the data type, CNNs act like brain neurons, building connections of various strengths between a mesh of nodes in response to a set of inputs.

With enough data, the neural network converges to a stable condition, i.e. additional data doesn't change its configuration. Once trained, the CNN can then be used to identify new, arbitrary inputs with uncanny accuracy. In the case of image recognition, with a large enough network and massive training data set like ImageNet, CNNs can identify even obscure features and objects in a new photo. Drag a picture into the Google image search bar some time and see what happens.

Deep Instinct applies the same technique to executables, however as David told me at GTC, one problem is that it didn't have a ready database of labeled data to start with. Instead, the company built a team to collect and label malware that it then uses to train and improve its deep learning model. Although the company is sketchy with the details, David says its technique is similar to those used in image and speech recognition, however "applying it to cyber security is much harder." Indeed, it took the company a year to develop its model and training framework on top of Nvidia's CUDA parallel programming platform. However, once the deep learning model has been sufficiently trained, it's amazingly accurate at identifying malicious code on virtually any OS.

I was skeptical, but David assured me that much like a sufficiently-trained speech recognition engine can recognize the word "Alexa" from virtually any speaker, regardless the accent or background noise, Deep Instinct can spot malware code in the midst of all the other applications running on a PC or mobile device. While the company does not quote specific detection statistics, David said it is accurate well over 90% of the time on previously unseen exploits, i.e. the types of files that traditional signature-based or heuristic detection methods will miss.

Why it could have blocked WannaCry

As I write this, security researchers don't yet know how the WannaCry code enters a machine in virgin territory, i.e. in an environment where other infected systems don't already exist. Although it most likely wasn't seeded with a phishing link, given the effectiveness of the Windows networking exploit at spreading WannaCry over a network and the fact it randomly probes Internet addresses for new targets using the Windows file sharing defect exposed by Shadow Brokers, it's possible the code was initially planted on only a small number of machines that infected others at public hotspots, universities or within corporate LANs. Nevertheless, once on a system, the ransomware takes a series of steps to hide its activity before encrypting all your files, which is where local protection like Deep Instinct would come into play.

According to a recent post on the company's blog, Deep Instinct wasn't fooled by WannaCry.

Since the outbreak of this attack, Deep Instinct’s Research Team has been collecting and reviewing all samples associated with it.

We are happy to report that Deep Instinct’s solution successfully detects all known samples of WannaCry. This, once again, demonstrates the power of Deep Instinct’s deep learning technology – identifying new, previously unseen, malware based on its strong predictive capabilities and preventing the attack.

There are already one or more variants, with more to come, designed to evade signature-based malware scanners, which underscores the value of a universal protection measure like Deep Instinct.

My take

There are other approaches to blanket zero-day malware protection that are equally valid, however they typically use some form of client-side virtual sandbox to isolate untrusted software from system resources and personal data. For example, Bromium uses what it calls micro-virtualization to create secure environments in which applications are isolated from one another, the OS and network. Similarly, Bufferzone creates virtual application containers as a temporary runtime environment for untrusted workloads, with a secure gateway controlling data sharing with the rest of the system. Sandboxie and GeSWall are alternatives using the same technique. The problem with using Type 2 (hosted mode) virtualization is that it is dependent on the underlying OS and not easily ported to other platforms. Thus, all the examples cited only work on Windows, and some of them don't yet support Windows 10.

In contrast, a deep learning approach is universalizable since the actual training part of the process is independent of the endpoint implementation. Thus, Deep Instinct already supports all popular PC and server OSs (Windows client and Server, Linux, OS X), along with Android clients. David says limited support for iOS is also available, however Apple's native application sandboxing, limits both the malware threats and what code scanners like Deep Instinct can do. Also, because a deep learning client just executes the pattern matching CNN model, so-called inferencing, it consumes few system resources and can be very fast.

The fact that all malware executables share some hidden traits that a neural network can be trained to spot initially seemed outrageous to me, however we have existence proofs in other image, video, voice and music recognition engines that work off of similar binary data. No matter how unintuitive deep learning systems are, the fact is that they work. Nevertheless, I would encourage Deep Instinct to publish independent testing results against a diverse corpus of attacks, including the recent WannaCry ransomware, to assuage the rightful skepticism of CISOs and technology analysts and quantify the superiority (if any) of a deep learning approach to endpoint protection.