What are Artificial Neural Networks?
Artificial neural networks (ANNs) are a subset of machine learning and are at the core of deep learning algorithms. The structure and name are inspired by the way that biological neurons signal to one another in the human brain. ANNs are comprised of node (artificial neuron) layers that contain an input layer, hidden layer/s, and an output layer.1 Each node connects to another and has an associate weight and threshold. If the output of any individual node rises above a specified threshold value, that node is activated and sends data to the next layer of the network. If the output of any individual node does not rise above a specified threshold value, no data is passed along to the next layer of the network.
ANNs rely on training data in order to learn and improve their accuracy over time, which helps them to develop into deep learning algorithms that are fine-tuned for accuracy. At that point, they become powerful tools in AI that allow analysts to rapidly classify and cluster data. One of the most critical applications for these deep learning algorithms is the development of improved cybersecurity solutions. Examples of cybersecurity threats that can be addressed with deep learning algorithms include phishing, malware, data breaches, social engineering attacks, SQL injections, DOS attacks, Advanced Persistent Threats (APTs), and insider threats. The following are examples of deep learning applications that can help to address the aforementioned cybersecurity threats:
Insider threats. User and Entity Behavior Analytics (UEBA) defends against insider threats by systematically learning normal user behavior patterns and using that information to identify suspicious activities on the network. When suspicious activities are identified that may indicate insider threats, alerts are generated that allow cybersecurity teams to quickly identify and investigate the activities, possibly averting cyberattacks.
Intrusion. Intrusion detection and intrusion protection systems (IDS/IPS) detect malicious network activities and prevent network intrusions. Deep learning algorithms improve on the traditional systems through improved traffic analysis, better accuracy, and fewer false positives. Examples of deep learning algorithm IDS/IPS include Next Generation Firewall (NGFW), User and Entity Behavior Analytics (UEBA), and Web Application Firewall (WAF).
Malware. Deep learning algorithms are capable of detecting more sophisticated and previously unknown threats than traditional malware systems, as they are not reliant on remembering common attack patterns and known signatures. Deep learning algorithms, instead, learn the system and expected patterns of usage and can recognize anomalous activities that might indicate the presences of threat actors or malware.
Social engineering and spam detection. Natural Language Processing (NLP) is a deep learning technique that can help detect and address social engineering and spam attacks by learning normal communication forms and language patterns and applying statistical models to detect and block threats.
1 IBM, 2022, “What is a neural network?”