By: Luba Gloukhova, Program Chair, Deep Learning World
In anticipation of his upcoming conference co-presentation, Realtime Malware Detection with CNNs and LSTMs, at Deep Learning World in Las Vegas, June 3-7, 2018, we asked Domenic Puzio, Machine Learning Engineer at Capital One, a few questions about his work in deep learning.
Q: In your work with deep learning, what do you model (i.e., what is the dependent variable, the behavior or outcome your models predict)?
A: Our research uses deep learning to model malware behavior. In particular, we look at domain names and predict if they are likely to be utilized by malware, allowing us to identify sites that should be blocked or machines that may be infected.
Q: How does deep learning deliver value at your organization – what is one specific way in which model outputs actively drive decisions or operations?
A: Deep learning delivers value to our customers and to our business in many ways. My work allows us to identify the most relevant cyber security events from the high-volume, high-velocity traffic. By using models to generate alerts, we accelerate data investigation and allow our analysts to spend more time digging into the important areas.
Q: Can you describe a quantitative result, such as the performance of your model or the ROI of the model deployment initiative?
A: Our model is state-of-the art for detecting the malware families that we target, and is highly effective in detecting domains fitting the profile of malware use. It has also proven highly useful in detecting true positives with few false positives.
Q: What surprising discovery or insight have you unearthed in your data?
A: We were a bit surprised to uncover that certain ad networks use similar obfuscation techniques to avoid being stopped by ad blockers, just like malware tries to evade blacklists.
Q: What excites you most about the field of deep learning today?
A: For me, the democratization of deep learning tools is incredibly exciting. By empowering more people to work on these tools and to use them for their own work, our pace of advancement will only get faster!
Q: Sneak preview: Please tell us a take-away that you will provide during your talk at Deep Learning World.
A: A key point of our research is our combination of two deep learning architectures: long short-term memory (LSTM) networks and convolutional neural networks (CNNs). By creating an ensemble method, we were able to leverage the unique features of both architectures to improve accuracy over methods.
Don’t miss Domenic’s conference presentation, Realtime Malware Detection with CNNs and LSTMs, on Tuesday, June 5, 2018 from 11:20 am to 12:05 pm at Deep Learning World in Las Vegas, June 3-7, 2018. Click here to register to attend.