Demystifying deep learning: how Sophos builds machine learning models

Corporatedeep learningmachine learningTechnical papers

An introduction to the process Sophos takes towards the development of a deep learning model.

When I explain to others that I am a data scientist and I build machine learning models, I tend to get blank stares.

In the cybersecurity industry, the term “machine learning” is used so often, for many different reasons, that it can be hard to understand what it even means anymore.  At Sophos we focus specifically on deep learning, which is an advanced form of machine learning.

To help demystify machine learning, we’ve created a  technical article to introduce the concepts that make this technology so powerful, the science that goes into building machine learning models and the reasons why not all models are created equal. Plus, I’m hoping it will help me with those blank stares when I describe my job to people.

The article covers a range of topics to serve as a primer on deep learning. We review the process we take towards the development of a deep learning model, including collecting large amounts of data, feature engineering of the domain, building the architecture, training the model, testing the model and evaluating the model.

Before you dig in, the first thing to understand is the concept of deep learning itself.  This kind of machine learning is the most similar to the human brain because it involves many layers of neurons.

This is exactly where the term ‘artificial neural network’ came from. Artificial, in this case, means that it is an imitation of a brain’s neural network.

Both a neural network in the brain and an artificial network take in an input, manipulate the input in some way and output information to other neurons. The major difference is the human brain contains approximately 100 billion neurons while an artificial neural network contains not even a fraction of that.

Like other types of machine learning, deep learning uses mathematical models to learn without being explicitly programmed in the particularities of the specific problem. Using a large amount of data, we generate a general model that is able to accurately describe the data. In the case of Sophos, that data could be malware, malicious URLs or other security problems we’re trying to solve.

Since we are talking about general models that try to explain specific phenomena, we never know if our machine learning model has properly learned to predict. That is why any model that we develop is always coupled with a rigorous set of evaluations.

To keep learning download the full technical article.  We will be sharing many more insights from the Sophos data science team. Watch this space for more updates.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s