In anticipation of their upcoming conference keynote co-presentation, Realtime Malware Detection with CNNs and LSTMs, at Deep Learning World in Las Vegas, June 3-7, 2018, we asked Domenic Puzio and Kate Highnam, Machine Learning Engineers at Capital One, a few questions about their work in deep learning.
Q: In your work with deep learning, what do you model (i.e., what is the dependent variable, the behavior or outcome your models predict)?
A: Our research uses deep learning to model malware behavior. In particular, we look at domain names and predict if they are likely to be utilized by malware, allowing us to identify sites that should be blocked or machines that may be infected.
Q: How does deep learning deliver value at your organization – what is one specific way in which model outputs actively drive decisions or operations?
A: Deep learning delivers value to our customers and to our business in many ways. My work allows us to identify the most relevant cyber security events from the high-volume, high-velocity traffic. By using models to generate alerts, we accelerate data investigation and allow our analysts to spend more time digging into the important areas.
Q: Can you describe a quantitative result, such as the performance of your model or the ROI of the model deployment initiative?
A: Our model is state-of-the art for detecting the malware families that we target, and is highly effective in detecting domains fitting the profile of malware use. It has also proven highly useful in detecting true positives with few false positives.
Q: What surprising discovery or insight have you unearthed in your data?
A: We were a bit surprised to uncover that certain ad networks use similar obfuscation techniques to avoid being stopped by ad blockers, just like malware tries to evade blacklists.
Q: What excites you most about the field of deep learning today?
A (Domenic Puzio): For me, the democratization of deep learning tools is incredibly exciting. By empowering more people to work on these tools and to use them for their own work, our pace of advancement will only get faster!
A: (Kate Highnam) Personally, I am fascinated by explainable AI techniques. It is crucial to understand the models we develop and use, especially as they increase in complexity. In this vein, I have found visualization is crucial, especially within a corporate context. The tools and research involved continue to advance, bringing further insight to our creations as we show others the capabilities of deep learning models.
Q: Sneak preview: Please tell us a take-away that you will provide during your talk at Deep Learning World.
A: (Domenic Puzio) – A key point of our research is our combination of two deep learning architectures: long short-term memory (LSTM) networks and convolutional neural networks (CNNs). By creating an ensemble method, we were able to leverage the unique features of both architectures to improve accuracy over methods.
A: (Kate Highnam) – Our novel research combines two deep learning architectures: a long short-term memory (LSTM) network and a convolutional neural network (CNN). We leverage both models as components to extract varying features to improve accuracy over other methodologies.
This talk is designed for people who are cyber experts and people who are new to the field. We hope our use of modern architectures inspires the audience to explore recent modeling techniques and apply them to new areas in ways that has never been done before.
Don’t miss Domenic and Kate’s conference keynote co-presentation, Realtime Malware Detection with CNNs and LSTMs, on Tuesday, June 5, 2018 from 11:20 am to 12:05 pm at Deep Learning World in Las Vegas, June 3-7, 2018. Click here to register to attend. Use Code PATIMES for 15% off current prices (excludes workshops).
By: Luba Gloukhova, Program Chair, Deep Learning World
Luba Gloukhova facilitates and accelerates advanced research projects at a major R&D hub of the Silicon Valley. She supports Stanford GSB faculty by conceiving and generating innovative solutions that drive their cutting edge research. Luba also serves as the founding program chair of Deep Learning World, the premier conference covering the commercial deployment of deep learning.