The Evolution of Defensive Machine Learning and AI

machine learning

The recent second round US Democratic debates hosted in Detroit, Michigan provides a metaphor for a discussion on machines and their evolution.  Several of the prospective presidential candidates, elucidating the concerning topic of employment, made mention of the large number of automotive assembly jobs that have been displaced by robots and automation (I’m not sure any of the candidates had a solution to this challenge — but that’s another topic for another time).  There are parallels to how security automation, particularly detection technology, is evolving.  

While machines haven’t taken over completely (yet!), they play an increasingly important role – and by ‘machines’, I am specifically referring to machine learning (ML) and artificial intelligence (AI) technologies – in combating the rapidly advancing and sophisticated threats facing corporations, governments and people today.  Without the help of intelligent machine learning and automated analysis, organizations don’t stand a chance at processing the volume of data necessary to discern increasingly obfuscated threats, if they want to protect themselves, their reputations, their employees and customers. These threats now come in the form of scam offers and malicious links embedded in instagram images, stolen credit cards and identities advertised via criminal online marketplace pictures, or realistic looking video impersonations espousing untruths, all disguised to evade detection. All of these are difficult for untrained systems, let alone human beings, to detect. Throw in a hyperbolic growth in the number of these advanced attack techniques, and you begin to see the problem; security teams, no matter how sophisticated, don’t have the necessary analysis tools and struggle to keep up. 

Machine Evolution

ZeroFox has invested heavily in Artificial Intelligence and Machine-Learning tools to accurately identify a broad range of digital threats at scale. Today, ZeroFox ML text and image capabilities span a range of capability, from text analysis for sentiment and language processing, to malicious link detection, to text in image analysis, to now detecting threatening or fictitious objects within images and videos.   These generally can be grouped into two AI disciplines;

Natural Language Processing (NLP) – Enabling computers to understand and interact with human languages

Computer Vision (CV) – Training computers to identify and extract information from images 

Based on these AI disciplines, ZeroFox has developed 8 AI-based classifier models, each serving a specific purpose as follows;

  • Negative Sentiment – classify “amount” of negative sentiment in text
  • Language Detection – identify over 50 languages for incoming content
  • Money Flipping – identify a common financial scam through contextual analysis
  • Link Analysis – identify malicious URLs
  • Optical Character Recognition (OCR) – extract text embedded within images for hidden threats
  • Image Comparison – detect if similar images are utilized by impersonators
  • Object Detection – identify threatening/malicious objects within images
  • Video Analysis – applying OCR, object detection to video, as well as deepfake detection

In addition, ZeroFox has just announced Deepstar, an open source toolkit that makes it easier to train AI models for deepfakes, and related AI models to detect manipulated videos. ZeroFox is leveraging this new technology to integrate deepfake detection and analysis into the ZeroFox Platform.

These classifiers enrich the data to derive context and meaning, to better determine applicable threat analysis.  The curated content is then earmarked for processing against appropriate protection rules for possible violations.

Classifiers work in tandem with the ZeroFox Rule Engine, a set of 5000+ out-of-the-box rules, to speed analysis of the enriched content findings.  Marrying the vast data sources with the immense processing needed to analyze, enrich and keep pace requires a scalable approach that only machines and automation can deliver.

Machine Scale

Consuming the internet is no small feat and cannot be done by human analysis alone. With the ZeroFox cloud-based platform, ZeroFox exercises tens of millions of classifiers and evaluates millions of enriched content pieces per day.

For a typical enterprise with brand and executive protection, ZeroFox analyzes over 10,000 images per day using our computer vision technology.  It would likely take an analyst a few seconds per image to recognize and detect any threats – at 5 seconds per image that is nearly 14 hours (and with no breaks either!). Similarly, a 5 minute video at 30 frames per second requires the same amount of processing (over 9,000 image frames) to fully analyze.   Machines allow for this type of analysis in a few seconds or less, however an analyst would need to watch the entire 5 minute video. Clearly, we must utilize an intelligent approach to selectively sample the video, and apply computer vision techniques to identify risks in a timely manner. Without AI, the magnitude of workload has gone up more than 100 fold.  The alternative is ignoring the threat altogether, which puts your organization at risk.

On YouTube alone, over 300 hours of video is uploaded every minute which makes human analysis nearly impossible.  ZeroFox will be introducing new video analysis capabilities to detect deepfakes at scale. Tooling, such as Deepstar, is a valuable asset for tackling the problem posed by deepfakes and the scale at which these detection capabilities must operate. 

Learn More

To learn more on the AI technologies mentioned within, see the following blogs:

Artificial Intelligence is Key to Digital Risk Protection

Expanding ZeroFox’s Computer Vision Capabilities with Weapon and Credit Card Detection

Detecting and Defending Against Deepfakes


Speaking of politics, fortunately to date we haven’t seen many mashups of politicos and deepfakes, but can that day be far off?  We certainly have seen the use of these advanced attacker techniques to influence constituents, scam customers, and impersonate executives, so it likely is only a matter of time.

While digital engagement is a great way to promote a business and brand and build community, these channels introduce risk that ZeroFox can help you to mitigate. Through the use of a sophisticated and evolving artificial intelligence toolbox, ZeroFox continues to tackle the problem of reducing your digital risk so you can continue to focus on doing what you do best.

Stay Informed

Best practices, the latest research, and breaking news, delivered right to your inbox.