AI Inspired by the human brain. Deep Instinct Founders
Many problems would have been solved (and probably created) if our computers would know not only how to calculate, but also how to think for themselves. This ambition has occupied the imagination of researchers for decades, but nowadays artificial intelligence technologies are no longer science fiction.
Deep Instinct, which was secretly established in 2014 and formally launched only last November, is the first and only company in the world to implement deep learning from the artificial intelligence content world to create systems that protect against cyber attacks.
“Deep learning is the closest thing we’ve ever achieved in computer science that imitates the human brain or takes direct inspiration from it,” says Dr. Eli David, one of the company’s five founders and chief technology officer. “In our brain, there are 30 billion neurons that know how to learn from anything in any field. That’s what we do in the field of deep neuronal networks, or in other words, deep learning. Just like in our brain, there are many artificial neurons that are connected to each other through connectors called synapses, and all learning takes place through them.”
Computers Teaching Computers
According to Dr. David, a lecturer in the faculty of computer science at Bar Ilan University, deep learning is a sub-field of machine learning, which is itself a sub-field of artificial intelligence, but there is a very large conceptual difference between them. “If one wants, for example, to do face recognition using machine learning, he must first take the information from the pixels, and then bring in an image or content processing specialist who will tell you the important characteristics, such as the distance between the pupils, the proportions of the face, etc. That is, taking the raw information and turning it into a list of several dozen or hundreds of characteristics. These are pushed into the machine that knows how to learn and find patterns in them. This is problematic because we throw away most of the information and the expert chooses the simple characteristics. Deep learning, on the other hand, receives raw information, skips the stage of character selection, and the brain then recognizes it because it is exposed to many facial patters throughout its life.”
The results of the use of profound learning presented in the past two years have never been seen in the history of the computer. “In artificial intelligence, we were used to seeing an improvement of 0.5%-1% per year, and suddenly we see an improvement of 20%-30% – in computer vision, in voice recognition, in text comprehension. If two years ago, someone were to show me a text and say that this text was created by a deep learning model that knew nothing about image processing or anything from the English language, yet still got pixels and made a letter – I would say that no such thing exists. You can see incredible accuracy. The computer understands the picture and speaks to us.”
But in the face of these amazing abilities, the field has not yet become public domain, and Dr. David explains that the reason for this lies in the fact that there are several dozen methods of action that are very complicated to understand and even more complicated to use. So far, only a very small number of companies have developed a deep learning infrastructure – Facebook, Google (through the acquisition of DeepMind in 2014) and Baidu, when IBM and Microsoft followed suit.
A Brain Workout for your Hard-Drive
From the very beginning of Deep Instinct, most efforts were devoted to building a quick, deep learning infrastructure. With this infrastructure, as Dr. David explains, almost anything can be done, but the company has decided to use the capabilities to create solutions to the cyber world. “There are a million new malicious programs meant to cyber attack every day. It’s a crazy statistic. More that 99% are small mutations of things that already existed in the past, and even this seemingly entirely new 1% is only 10%-20% different from what it used to be. And still, the solutions that exist today – which are dedicated to detecting loopholes (zero-day detection), find it difficult to catch most of the things.” He says that the most malicious software only becomes apparent in retrospect. They are then blocked, but the attackers invent new software easily. Dr. David describes this as a cat-to-mouse chase, in which the mouse always wins – a metaphor that repeats itself often in the cyber world.
So, unlike other dynamic analysis solutions that require running the software in a closed environment or using a cloud of external server to send files to receive a response, Deep Instinct’s solution is on the device itself – whether the device is a laptop computer, stationary computer, or cell phone. The company relies in fact on the deep learning capabilities it has developed, in order to train a “brain” to be installed on the device that will identify when attacks may occur. The training is carried out in the company’s lab, on advanced graphics cards, which contain a reservoir that approaches one billion files – most of them legitimate files and several million are malware files.
“Intuitively, it’s like a brain workout that detects if there is a cat in the picture or not,” Dr. David explains, “I’ll bring a few million pictures without a cat and a few million with a cat and I’ll tell you to study – the ones with the cat, and the ones without the cat.”
During training, there is no meaning to the types of riles or operating systems or their size, and this is another feature that makes the company’s solution unique. This “brain” learns everything by itself, just as we learn to recognize objects.
The training on the advanced graphics cards takes two days (instead of three months with regular processors), during which the brain learns to identify everything needed to deal with threats. Finally, you get a 20 MB “ripe brain” that can be inserted into any device, give it a file and within a few milliseconds it returns a response – whether it is a malware file or a legitimate file. “The brain has learned, and is now working in a state of prediction, what we human beings call instinct. This explains the name of the company – we use deep learning, and our response to the product is always instinctive, we react immediately,” says Dr. David.
In fact, the product the company offers – the brain, is a small program that monitors the system of the device on which it is installed, checks files before installing them, and detects new threats and APT (advanced persistent threat) attacks. If a problematic file is detected, the brain immediately stops and prevents (Prevention) before installation. The computer use cannot sense the slowdown that has been created for a few milliseconds, so you get a sense of action in real time. The brain is updated every few months and, unlike other solutions, can detect new malware, even without connecting to the corporate or Internet network. The company is proud of the fact that a trained brain, which was put into operation four to five months after the end of training, was able to detect malware and prevent them from entering the end station with 99.2% accuracy, compared to 30%-50% in other programs. Tests on popular files, such as PDF and Office, showed an even higher result – about 99.86%.
Deep Instinct’s capabilities attracted much attention in the world, with the company’s research group being defined by the Artificial Intelligence Organization as one of the best in the world. The group of founders includes mathematicians specializing in artificial intelligence and intelligence personnel with years of experience in the field.
The company’s CEO, Guy Caspi, came with 15 years of experience in implementing mathematics and deep learning in the IDF, financial institutions and intelligence organizations around the world. He has led several of the largest government projects in Israel and abroad in the fields of cyber and big data, and served as president of the product division of the Comverse Technology/Verint Systems and at Tamares Telecom. The idea of establishing Deep Instinct was born when he realized that the “field of handling endpoint programs and mobiles is almost non-existent in the world, there are almost no companies in the field, yet that is where the world is going and solutions are needed. That was the reason I decided to establish the company,” he explains.
Caspi was joined by Dr. David and three other founds: Nadav Maman, VP of Research and development, who served in a technological intelligence unit and is a Check Point graduate; Yoel Ne’eman, Deputy General Manager, who brought with him more than 20 years of legal and business experience; and chairman of the company, Doron Cohen, who joined after 25 years of experience in the intelligence community, during which he participated in complex projects that combine cyber technologies with the most advanced data processing in the world.
Caspi is involved in several other companies. One of them is the “Fifth Dimension”, which he founded together with Cohen in 2014. The company, which they hold far away from the media, also uses deep learning to develop tool and algorithms designed to analyze real-time information from large organizations on a large scale. Caspi serves as its CEO, and the company’s chairman is former IDF chief of staff Benny Gantz.
Trying to apply old world solutions on new world problems won’t work.
Alone at the Front
Currently, the company is working on developing a traffic analysis test to detect unusual fluctuations. Deep Instinct is expected not only to break into other areas, but also to take the market share of large and veteran companies such as Cisco, IBM, Check Point, and Palo Alto Networks.
“A few more years from now there will be a lot of cyber security companies here who will protect our refrigerator, air conditioner and electricity, because service is very sensitive, no matter where,” Caspi explains. “Companies bring a solution from the old content world and try to apply it to a new content world, but everything is moving so fast and it’s creating problems. This world is huge and growing, so Deep Instinct’s greatest success is its ability to crawl into any field of cyber security, and its ability to quickly enter new fields. We do this all by ourselves well.
According to Caspi, it will take a long time for Deep Instinct to develop significant competition, but there is no doubt that they are headed in the right the direction. “We invited the world – that someone would dare say that they, too, are doing deep learning. Nobody is doing it. Today, the company that puts all of the emphasis in this field, it would still take years to reach the point where it can do it. But in our opinion, in ten years, every respectable company needs to practice deep learning,” he says.
Do you think the attackers will also use deep learning?
“The entry barriers are very high,” says Dr. David. “In the field of computerized vision, 25% of the tests are wrong without using deep learning. Humans are about 5% error, and deep learning systems stand at 3% error. There are studies on how we can confuse such systems – presenting things that look like a cat, but are not actually a cat, like optical illusions. In the picture, it should be easy, it’s just a collection of pixels,” he explains, “but in the case of malware, it’s more complex, but theoretically possible.”
For the time being, Caspi believes, this ability is reserved for countries.
Running a Marathon. And Then Another
Deep Instinct is currently completing a second financing round, with tens of millions of dollars raised so far, and according to the company, which has about 50 employees, significant US funds have entered the current round. In addition to the local center, it operates two additional offices in California and its clients include some of the largest financial and government institutions in the world.
“When you look at the cyber security industry, you see a lot of companies that are established, a lot of old companies that go into all kinds of fields, and another improvement in the percentage of locating here, another improvement in prevention there, they caught this attack, they published news about a weakness in the iPhone,” Caspi describes. “This doesn’t interest the customers, because in the end, when we take our system, it is the best in the world. We are going to make a huge change in the cyber security industry,” he declares assertively from his office on the 28th floor of the Levinstein Tower in Tel Aviv.
“Once a decade, there is a technological event that disrupts the whole worldview, and we are that event. We weren’t established to bring another improvement, another virus. That’s not our game. Our game is long, big, and strategic. Compare it to people who do a 400-meter run. We’re a company that runs marathons. We finish the marathon, drink water, and go run another marathon.”
With such determination, it is safe to say we will be hearing about this company quite a bit.