Cybersecurity firms battling hackers are now in a game of AI vs AI.
Cyberattacks are coming at a blinding pace: at least four new malware variants are created each second, according to security researchers. Hundreds of millions of people use services that have been hacked. Traditional security isn’t keeping up.
Blue Hexagon has developed deep learning-based platforms capable of spotting new attacks in a split second. That’s become necessary to thwart AI-mutated malware attacks.
“Hackers are taking advantage of AI and automation to gain the upper hand,” said Nayeem Islam, founder and CEO at Blue Hexagon, a member of the NVIDIA Inception virtual accelerator program. “As an industry, we’re seeing about 300,000 to a million new malware variants per day.”
The two-year-old Silicon Valley-based startup, which has raised over $30 million in funding, recently launched a real-time deep learning platform for network threat protection. The platform detects threats within subseconds to prevent further propagation into the network.
It’s no easy task creating deep neural networks capable of outfoxing the world’s hackers. But Islam, who led research and development for deep learning and security efforts at chipmaker Qualcomm, is ready for such a battle.
Security Before Algorithms
Traditionally, security researchers identify malware and then put it on a blacklist. Such malware is known to have a unique signature to make it identifiable. With slight variations to malware, however, hackers can evade detection by a signature-based system.
A typical security system directs suspicious files not already on a blacklist into a sandbox environment, where it is quarantined off the network for analysis in order to identify malicious behaviors.
This may take days because of the manual efforts required to create, test and then deploy signatures after a sandbox analysis is completed.
But that’s too slow for the current pace of threats, says Islam.
GPU-Powered AI Security
Founded in 2017, Blue Hexagon launched its network threat protection product last month.
Unlike signature-based detection systems and malware sandboxes, the startup’s deep learning platform inspects 10-Gigabit network traffic and delivers threat verdicts in less than a second.
Blue Hexagon has created deep neural nets that can inspect PDFs, Microsoft Word documents and executables for viruses, as well as network headers (the source and destination for a file), URLs and command and control communications (how threats communicate back to the attacker).
The company’s product can learn from past attacks to understand the properties of an unknown attack without further input from analysts or security researchers.
“We’re training the system on massive threat data, and it’s learning what malicious intent looks like,” said co-founder and CTO Saumitra Das, also previously at Qualcomm.
New Detection Versus Old
That matters in the new era of threats. Emotet, for example, is known as a malware exploit that can modify itself to evade detection from traditional software. Blue Hexagon, however, is able to learn its mutation characteristics on-the-fly and identify it as malicious among benign and other malicious threats.
Blue Hexagon trains hundreds of models by tapping into NVIDIA V100 GPU instances on AWS, said Ali Ahmadzadeh, head of AI and data science at the company. Once the models are trained and optimized in the cloud, they’re deployed in the network perimeter for threat detection.
With the ability to detect threats in a fraction of a second, prevention can be enabled on firewalls, across computing devices and on network appliances.
“If you’re still using signatures and sandboxes, you won’t stand a chance” said Das.