SlideShare a Scribd company logo

Machine learning cyphort_malware_most_wanted

Download as PPTX, PDF
C
Cyphort

This document discusses machine learning approaches for threat detection in cybersecurity. It begins with an overview of machine learning applications in security like malware detection and classification. It then covers the machine learning toolkit, emphasizing that data is the most important factor. It describes supervised learning techniques like regression and support vector machines. It also discusses challenges like the curse of dimensionality and separating sparse signals from noise in the data. The key takeaways are that machine learning can provide scalable threat detection when done correctly by focusing on relevant predictive data and understanding its limitations and algorithms.

Technology
1 of 35
Machine Learning: The Gold Standard For Threat Detection (?)
Your speakers today Rohan Tandon Data Scientist Shel Sharma Product Marketing Director
Threat Monitoring & Research team ________ 24X7 monitoring for malware events ________ Assist customers with their Forensics and Incident Response We enhance malware detection accuracy ________ False positives/negatives ________ Deep-dive research We work with the security ecosystem ________ Contribute to and learn from malware KB ________ Best of 3rd Party threat data cyphort.com/blog
Agenda o Hype vs. Reality o Security Applications o The Machine Learning Toolkit o Advantages and Pitfalls o Takeaways and Q&A
Hype vs. Reality: The Hype
Hype vs. Reality: Reality Data, numerical software, high performance computing Prediction, classification, pattern discovery
Security Applications o Given all the information I know about a file or event: o Is a file or event malicious? (Yes, No) o If malicious, what type of malware is it? (Trojan, Worm, Adware, etc.) o How can I quantify the risk of the attack? (High, Medium, Low) o How can I determine if the attack is part of a larger campaign against my infrastructure? How likely am I to get hit again? (Next hour, week, month)
Security Applications - Traditional Approaches o Static o Packer, file type, file size, code obfuscation o Defense by checksum match, static property signatures o Scalable, but lacking coverage o Behavioral o Logged behavior from sandboxing (file creation, cnc activity, etc) o Manually create “behavioral signatures” o Better coverage, but not always scalable (more possibilities) o Reputation o “Crowdsourcing” the detection problem o Can’t detect targeted threats. Coverage vs Scalability!
Security Applications - Machine Learning Static Data Reputation Data Behavior Data Machine Learning Detection, Classification, Risk Assessment + Coverage and Scalability
The Machine Learning Toolkit Discovering statistical relationships with data: BIG DATA SMALL DATA ...BUT MAINLY RELEVANT DATA
The Machine Learning Toolkit - Data is King All machine learning models need to be “trained” on data. File/event samples (Training Data) Feature extraction ● Static ● Behavioral ● Reputation ● etc. Train ModelAnalyze, clean and normalize data
The Machine Learning Toolkit - Data is King All machine learning models need to be “trained” on data. File/event samples (Training Data) Feature extraction ● Static ● Behavioral ● Reputation ● etc. Train ModelAnalyze, clean and normalize data The training data is the most important factor in the success of the model.
The Machine Learning Toolkit - Data is King Types of machine learning: o Supervised Learning o Unsupervised Learning o Semi-supervised Learning (Combination of supervised + unsupervised)
The Machine Learning Toolkit - Supervised Learning Supervised Learning: o The ”outcome” of each training sample is already known o EXAMPLE: “Binary” classification Object 1 Features Object 2 Features Object 3 Features … Object 1001 Features Object 1 = Malware Object 2 = Clean Object 3 = Clean Object 4 = Malware Object 5 = Malware Object 6 = Malware … Object 2000 = Clean Training Data Train Model Test Model on Unknown Samples New Object Features Malware? Clean? o Techniques o Linear/Logistic Regression o Support Vector Machines o Classification Trees, Random Forests o Neural Networks (“Deep Learning”)
The Machine Learning Toolkit - Unsupervised Learning Unsupervised Learning: o The ”outcome” of each training sample is unknown o EXAMPLE: Finding families of malware Malware 1 Features Malware 2 Features Malware 3 Features … Malware 1001 Features Training Data Train Model Discover similar “groupings” of samples Group 1 Malware 17 Malware 1 Malware 264 ... Group 2 Malware 107 Malware 6 Malware 2 ... Group 3 Malware 936 Malware 851 Malware 1001 ... o Techniques o Clustering algorithms o Self-organizing maps o Principal components analysis o Archetypal analysis
The Machine Learning Toolkit - Clustering Clustering is a popular ML tool in malware analysis. (Feature = “Dimension”)
The Machine Learning Toolkit - Clustering Clustering is a popular ML tool in malware analysis. But things break down in higher dimensions! (Feature = “Dimension”)
The Curse of Dimensionality (Bellman, 1961) Objects that are close together in 2-D space may be much farther apart in higher dimensions (Some math ahead!) 1 X 1 2-D feature space Feature 2 Feature1
The Curse of Dimensionality (Bellman, 1961) Objects that are close together in 2-D space may be much farther apart in higher dimensions (Some math ahead!) 1 X 1 2-D feature space Feature 2 Feature1 Want to cluster samples in this 0.1 X 0.1 square (1% of all the possible data)
The Curse of Dimensionality (Bellman, 1961) Objects that are close together in 2-D space may be much farther apart in higher dimensions (Some math ahead!) 1 X 1 2-D feature space Feature 2 Feature1 Want to cluster samples in this 0.1 X 0.1 square (1% of all the possible data) In 2-D: Must cover 10% of range of each feature
The Curse of Dimensionality (Bellman, 1961) Objects that are close together in 2-D space may be much farther apart in higher dimensions (Some math ahead!) 1 X 1 2-D feature space Feature 2 Feature1 Want to cluster samples in this 0.1 X 0.1 square (1% of all the possible data) In 2-D: Must cover 10% of range of each feature In 3-D: To cover 1% of total data volume: ● Must cover ~ 21.5% of range of each feature: (0.215)3 ~ 0.01
The Curse of Dimensionality (Bellman, 1961) Objects that are close together in 2-D space may be much farther apart in higher dimensions (Some math ahead!) 1 X 1 2-D feature space Feature 2 Feature1 Want to cluster samples in this 0.1 X 0.1 square (1% of all the possible data) In 2-D: Must cover 10% of range of each feature In 3-D: To cover 1% of total data volume: ● Must cover ~ 21.5% of range of each feature: (0.215)3 ~ 0.01 In 100-D: To cover 1% of total data volume: ● Must cover ~ 95.5% of range of each feature: (0.955)100 ~ 0.01
The Curse of Dimensionality (contd.) o Ignore the curse ⇒ bad models, more false positives/false negatives o Solutions: Dimensionality reduction, redefine “closeness”, or skip clustering in favor of other algorithms: Support Vector Machines Penalized Regression Random Forests
Supervised Learning - Regression, SVM et. al o Not sensitive to the “curse” o Statistical function approximation o Powerful, scalable with large datasets + many features
Supervised Learning - Regression, SVM et. al o Not sensitive to the “curse” o Statistical function approximation o Powerful, scalable with large datasets + many features BUT… o The dataset and features still carry the most weight. o Use as a “black box” could result in catastrophic failure! Model creation should “extend a hypothesis”
Supervised Learning - Data is STILL king! o “Models should extend a hypothesis” o Features should have a reason to be used. o Avoid “Spurious correlations” Correlation ≠ Causation
But there’s more... The dangers of modeling data before you fully understand it: Relationships may change across different groups!
Supervised Learning - In a nutshell “Separate the Signal From the Noise”
Separating the Signal from the Noise But what if the signal is too sparse?
Separating the Signal from the Noise A “Needle in the haystack” situation: o Low prevalence of threat (1 out of every 100,000 objects) o Built a supervised classifier which can detect 95% of threats, with a 1% FP rate o A FP is 1000x more likely (1 out of 100) than a detection! (High False Discovery Rate) o ML may be able to detect the signal, but not without too much noise. For any machine learning algorithm, there is always a tradeoff between high detection and low false positives.
Separating the Signal from the Noise How to increase detection without increasing false positives: Collect better, more predictive training data! (Predicted initial reaction from engineering manager with 95% confidence)
Takeaways o When done correctly, ML offers both coverage and scalability in threat detection o It is not without its own shortcomings: o The “needle in the haystack” problem o Spurious correlations o It is still one of the most scalable ways to detect targeted zero-day attacks, when coupled with behavioral analysis o The “Gold Standard” for successfully using machine learning o Know your data - let it guide your use of ML, not the other way around. o Know the benefits and pitfalls of your algorithms o Be ready to iterate, rinse, and repeat
Thank You! Q&A Previous MMW slides/recordings on http://cyphort.com/labs/malwares-wanted/
Machine learning cyphort_malware_most_wanted

Recommended

Threat Hunting 102: Beyond the Basics
Threat Hunting 102: Beyond the BasicsThreat Hunting 102: Beyond the Basics
Threat Hunting 102: Beyond the BasicsCybereason
 
Crowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceCrowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceAlienVault
 
Machine Learning in Malware Detection
Machine Learning in Malware DetectionMachine Learning in Malware Detection
Machine Learning in Malware DetectionKaspersky
 
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...Clare Nelson, CISSP, CIPP-E
 
Resistance Isn't Futile: A Practical Approach to Threat Modeling
Resistance Isn't Futile: A Practical Approach to Threat ModelingResistance Isn't Futile: A Practical Approach to Threat Modeling
Resistance Isn't Futile: A Practical Approach to Threat ModelingKatie Nickels
 
The Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSThe Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSPriyanka Aash
 
Risk bridges business and security
Risk bridges business and securityRisk bridges business and security
Risk bridges business and securityM. Isaiah McGowan
 
Building a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the CloudBuilding a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the CloudProtectWise
 

Recommended

Threat Hunting 102: Beyond the Basics
Threat Hunting 102: Beyond the BasicsThreat Hunting 102: Beyond the Basics
Threat Hunting 102: Beyond the BasicsCybereason
 
Crowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceCrowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceAlienVault
 
Machine Learning in Malware Detection
Machine Learning in Malware DetectionMachine Learning in Malware Detection
Machine Learning in Malware DetectionKaspersky
 
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...
The Inmates Are Running the Asylum: Why Some Multi-Factor Authentication Tech...Clare Nelson, CISSP, CIPP-E
 
Resistance Isn't Futile: A Practical Approach to Threat Modeling
Resistance Isn't Futile: A Practical Approach to Threat ModelingResistance Isn't Futile: A Practical Approach to Threat Modeling
Resistance Isn't Futile: A Practical Approach to Threat ModelingKatie Nickels
 
The Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSThe Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSPriyanka Aash
 
Risk bridges business and security
Risk bridges business and securityRisk bridges business and security
Risk bridges business and securityM. Isaiah McGowan
 
Building a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the CloudBuilding a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the CloudProtectWise
 
OSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced AttackOSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced AttackIvanti
 
OSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced AttackOSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced AttackIvanti
 
Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction Jonathan Cran
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiStonesoft
 
Evading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitEvading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitn|u - The Open Security Community
 
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013beltface
 
Charan Resume
Charan ResumeCharan Resume
Charan ResumeCharan Mukkamala
 
Cognitive Computing in Security with AI
Cognitive Computing in Security with AI Cognitive Computing in Security with AI
Cognitive Computing in Security with AI JoAnna Cheshire
 
Global CISO Forum 2017: How To Measure Anything In Cybersecurity Risk
Global CISO Forum 2017: How To Measure Anything In Cybersecurity RiskGlobal CISO Forum 2017: How To Measure Anything In Cybersecurity Risk
Global CISO Forum 2017: How To Measure Anything In Cybersecurity RiskEC-Council
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRNetpluz Asia Pte Ltd
 
Vulnerability Prioritization and Prediction
Vulnerability Prioritization and PredictionVulnerability Prioritization and Prediction
Vulnerability Prioritization and PredictionJonathan Cran
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 
The Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat IntelligenceThe Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat IntelligenceThreatConnect
 
MITRE ATT&CKcon 2018: From Red VS Blue to Red ♥ Blue, Olaf Hartong and Vincen...
MITRE ATT&CKcon 2018: From Red VS Blue to Red ♥ Blue, Olaf Hartong and Vincen...MITRE ATT&CKcon 2018: From Red VS Blue to Red ♥ Blue, Olaf Hartong and Vincen...
MITRE ATT&CKcon 2018: From Red VS Blue to Red ♥ Blue, Olaf Hartong and Vincen...MITRE - ATT&CKcon
 
Risk Management Metrics That Matter
Risk Management Metrics That MatterRisk Management Metrics That Matter
Risk Management Metrics That MatterEd Bellis
 
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24
 
Enabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident responseEnabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident responsejeffmcjunkin
 
Collaborated cyber defense in pandemic times
Collaborated cyber defense in pandemic times Collaborated cyber defense in pandemic times
Collaborated cyber defense in pandemic times Denise Bailey
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveChong-Kuan Chen
 
Diagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
Diagnosis SOC-Atrophy: What To Do When Your SOC Is SickDiagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
Diagnosis SOC-Atrophy: What To Do When Your SOC Is SickPriyanka Aash
 
Machine Learning Lecture
Machine Learning LectureMachine Learning Lecture
Machine Learning LectureEric Larson
 
Distributed Machine Learning: 1. A New Era
Distributed Machine Learning: 1. A New EraDistributed Machine Learning: 1. A New Era
Distributed Machine Learning: 1. A New EraYi Wang
 

More Related Content

What's hot

OSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced AttackOSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced AttackIvanti
 
OSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced AttackOSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced AttackIvanti
 
Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction Jonathan Cran
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiStonesoft
 
Evading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitEvading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitn|u - The Open Security Community
 
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013beltface
 
Cognitive Computing in Security with AI
Cognitive Computing in Security with AI Cognitive Computing in Security with AI
Cognitive Computing in Security with AI JoAnna Cheshire
 
Global CISO Forum 2017: How To Measure Anything In Cybersecurity Risk
Global CISO Forum 2017: How To Measure Anything In Cybersecurity RiskGlobal CISO Forum 2017: How To Measure Anything In Cybersecurity Risk
Global CISO Forum 2017: How To Measure Anything In Cybersecurity RiskEC-Council
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRNetpluz Asia Pte Ltd
 
Vulnerability Prioritization and Prediction
Vulnerability Prioritization and PredictionVulnerability Prioritization and Prediction
Vulnerability Prioritization and PredictionJonathan Cran
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 
The Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat IntelligenceThe Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat IntelligenceThreatConnect
 
MITRE ATT&CKcon 2018: From Red VS Blue to Red ♥ Blue, Olaf Hartong and Vincen...
MITRE ATT&CKcon 2018: From Red VS Blue to Red ♥ Blue, Olaf Hartong and Vincen...MITRE ATT&CKcon 2018: From Red VS Blue to Red ♥ Blue, Olaf Hartong and Vincen...
MITRE ATT&CKcon 2018: From Red VS Blue to Red ♥ Blue, Olaf Hartong and Vincen...MITRE - ATT&CKcon
 
Risk Management Metrics That Matter
Risk Management Metrics That MatterRisk Management Metrics That Matter
Risk Management Metrics That MatterEd Bellis
 
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24
 
Enabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident responseEnabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident responsejeffmcjunkin
 
Collaborated cyber defense in pandemic times
Collaborated cyber defense in pandemic times Collaborated cyber defense in pandemic times
Collaborated cyber defense in pandemic times Denise Bailey
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveChong-Kuan Chen
 
Diagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
Diagnosis SOC-Atrophy: What To Do When Your SOC Is SickDiagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
Diagnosis SOC-Atrophy: What To Do When Your SOC Is SickPriyanka Aash
 

What's hot (20)

OSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced AttackOSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced Attack
 
OSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced AttackOSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced Attack
 
Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewski
 
Evading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitEvading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploit
 
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
 
Charan Resume
Charan ResumeCharan Resume
Charan Resume
 
Cognitive Computing in Security with AI
Cognitive Computing in Security with AI Cognitive Computing in Security with AI
Cognitive Computing in Security with AI
 
Global CISO Forum 2017: How To Measure Anything In Cybersecurity Risk
Global CISO Forum 2017: How To Measure Anything In Cybersecurity RiskGlobal CISO Forum 2017: How To Measure Anything In Cybersecurity Risk
Global CISO Forum 2017: How To Measure Anything In Cybersecurity Risk
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDR
 
Vulnerability Prioritization and Prediction
Vulnerability Prioritization and PredictionVulnerability Prioritization and Prediction
Vulnerability Prioritization and Prediction
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
 
The Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat IntelligenceThe Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat Intelligence
 
MITRE ATT&CKcon 2018: From Red VS Blue to Red ♥ Blue, Olaf Hartong and Vincen...
MITRE ATT&CKcon 2018: From Red VS Blue to Red ♥ Blue, Olaf Hartong and Vincen...MITRE ATT&CKcon 2018: From Red VS Blue to Red ♥ Blue, Olaf Hartong and Vincen...
MITRE ATT&CKcon 2018: From Red VS Blue to Red ♥ Blue, Olaf Hartong and Vincen...
 
Risk Management Metrics That Matter
Risk Management Metrics That MatterRisk Management Metrics That Matter
Risk Management Metrics That Matter
 
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
 
Enabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident responseEnabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident response
 
Collaborated cyber defense in pandemic times
Collaborated cyber defense in pandemic times Collaborated cyber defense in pandemic times
Collaborated cyber defense in pandemic times
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning Perspective
 
Diagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
Diagnosis SOC-Atrophy: What To Do When Your SOC Is SickDiagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
Diagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
 

Viewers also liked

Machine Learning Lecture
Machine Learning LectureMachine Learning Lecture
Machine Learning LectureEric Larson
 
Distributed Machine Learning: 1. A New Era
Distributed Machine Learning: 1. A New EraDistributed Machine Learning: 1. A New Era
Distributed Machine Learning: 1. A New EraYi Wang
 
Machine Learning Travel Industry
Machine Learning Travel IndustryMachine Learning Travel Industry
Machine Learning Travel IndustryVijay PG
 
Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringEndgameInc
 
Machine Learning for Threat Detection
Machine Learning for Threat DetectionMachine Learning for Threat Detection
Machine Learning for Threat DetectionNapier University
 
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning CrowdStrike
 
Malware Detection Using Machine Learning Techniques
Malware Detection Using Machine Learning TechniquesMalware Detection Using Machine Learning Techniques
Malware Detection Using Machine Learning TechniquesArshadRaja786
 
[한국핀테크포럼] 제7회 정기포럼
[한국핀테크포럼] 제7회 정기포럼[한국핀테크포럼] 제7회 정기포럼
[한국핀테크포럼] 제7회 정기포럼Hyeseon Yoon
 
バンディットアルゴリズム入門と実践
バンディットアルゴリズム入門と実践バンディットアルゴリズム入門と実践
バンディットアルゴリズム入門と実践智之 村上
 
今日から使える! みんなのクラスタリング超入門
今日から使える! みんなのクラスタリング超入門今日から使える! みんなのクラスタリング超入門
今日から使える! みんなのクラスタリング超入門toilet_lunch
 
機会学習ハッカソン:ランダムフォレスト
機会学習ハッカソン:ランダムフォレスト機会学習ハッカソン:ランダムフォレスト
機会学習ハッカソン:ランダムフォレストTeppei Baba
 
ロジスティック回帰の考え方・使い方 - TokyoR #33
ロジスティック回帰の考え方・使い方 - TokyoR #33ロジスティック回帰の考え方・使い方 - TokyoR #33
ロジスティック回帰の考え方・使い方 - TokyoR #33horihorio
 
PayPal's Fraud Detection with Deep Learning in H2O World 2014
PayPal's Fraud Detection with Deep Learning in H2O World 2014PayPal's Fraud Detection with Deep Learning in H2O World 2014
PayPal's Fraud Detection with Deep Learning in H2O World 2014Sri Ambati
 
トピックモデルを用いた 潜在ファッション嗜好の推定
トピックモデルを用いた 潜在ファッション嗜好の推定トピックモデルを用いた 潜在ファッション嗜好の推定
トピックモデルを用いた 潜在ファッション嗜好の推定Takashi Kaneda
 
ルールベースから機械学習への道 公開用
ルールベースから機械学習への道 公開用ルールベースから機械学習への道 公開用
ルールベースから機械学習への道 公開用nishio
 
パターン認識 第10章 決定木
パターン認識 第10章 決定木 パターン認識 第10章 決定木
パターン認識 第10章 決定木 Miyoshi Yuya
 

Viewers also liked (20)

Machine Learning Lecture
Machine Learning LectureMachine Learning Lecture
Machine Learning Lecture
 
Distributed Machine Learning: 1. A New Era
Distributed Machine Learning: 1. A New EraDistributed Machine Learning: 1. A New Era
Distributed Machine Learning: 1. A New Era
 
Machine Learning and Robotic Vision
Machine Learning and Robotic VisionMachine Learning and Robotic Vision
Machine Learning and Robotic Vision
 
Machine Learning Travel Industry
Machine Learning Travel IndustryMachine Learning Travel Industry
Machine Learning Travel Industry
 
Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and Clustering
 
Machine Learning for Threat Detection
Machine Learning for Threat DetectionMachine Learning for Threat Detection
Machine Learning for Threat Detection
 
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
 
Malware Detection Using Machine Learning Techniques
Malware Detection Using Machine Learning TechniquesMalware Detection Using Machine Learning Techniques
Malware Detection Using Machine Learning Techniques
 
Malware Detection using Machine Learning
Malware Detection using Machine Learning Malware Detection using Machine Learning
Malware Detection using Machine Learning
 
[한국핀테크포럼] 제7회 정기포럼
[한국핀테크포럼] 제7회 정기포럼[한국핀테크포럼] 제7회 정기포럼
[한국핀테크포럼] 제7회 정기포럼
 
バンディットアルゴリズム入門と実践
バンディットアルゴリズム入門と実践バンディットアルゴリズム入門と実践
バンディットアルゴリズム入門と実践
 
決定木学習
決定木学習決定木学習
決定木学習
 
今日から使える! みんなのクラスタリング超入門
今日から使える! みんなのクラスタリング超入門今日から使える! みんなのクラスタリング超入門
今日から使える! みんなのクラスタリング超入門
 
機会学習ハッカソン:ランダムフォレスト
機会学習ハッカソン:ランダムフォレスト機会学習ハッカソン:ランダムフォレスト
機会学習ハッカソン:ランダムフォレスト
 
ロジスティック回帰の考え方・使い方 - TokyoR #33
ロジスティック回帰の考え方・使い方 - TokyoR #33ロジスティック回帰の考え方・使い方 - TokyoR #33
ロジスティック回帰の考え方・使い方 - TokyoR #33
 
PayPal's Fraud Detection with Deep Learning in H2O World 2014
PayPal's Fraud Detection with Deep Learning in H2O World 2014PayPal's Fraud Detection with Deep Learning in H2O World 2014
PayPal's Fraud Detection with Deep Learning in H2O World 2014
 
一般向けのDeep Learning
一般向けのDeep Learning一般向けのDeep Learning
一般向けのDeep Learning
 
トピックモデルを用いた 潜在ファッション嗜好の推定
トピックモデルを用いた 潜在ファッション嗜好の推定トピックモデルを用いた 潜在ファッション嗜好の推定
トピックモデルを用いた 潜在ファッション嗜好の推定
 
ルールベースから機械学習への道 公開用
ルールベースから機械学習への道 公開用ルールベースから機械学習への道 公開用
ルールベースから機械学習への道 公開用
 
パターン認識 第10章 決定木
パターン認識 第10章 決定木 パターン認識 第10章 決定木
パターン認識 第10章 決定木
 

Similar to Machine learning cyphort_malware_most_wanted

Introduction to Machine Learning
Introduction to Machine LearningIntroduction to Machine Learning
Introduction to Machine LearningAI Summary
 
Aaron Roth, Associate Professor, University of Pennsylvania, at MLconf NYC 2017
Aaron Roth, Associate Professor, University of Pennsylvania, at MLconf NYC 2017Aaron Roth, Associate Professor, University of Pennsylvania, at MLconf NYC 2017
Aaron Roth, Associate Professor, University of Pennsylvania, at MLconf NYC 2017MLconf
 
2017 07 03_meetup_d
2017 07 03_meetup_d2017 07 03_meetup_d
2017 07 03_meetup_dDana Brophy
 
2017 07 03_meetup_d
2017 07 03_meetup_d2017 07 03_meetup_d
2017 07 03_meetup_dDana Brophy
 
06-01 Machine Learning and Linear Regression.pptx
06-01 Machine Learning and Linear Regression.pptx06-01 Machine Learning and Linear Regression.pptx
06-01 Machine Learning and Linear Regression.pptxSaharA84
 
[Revised] Intro to CNN
[Revised] Intro to CNN[Revised] Intro to CNN
[Revised] Intro to CNNVincent Tatan
 
Introduction to conventional machine learning techniques
Introduction to conventional machine learning techniquesIntroduction to conventional machine learning techniques
Introduction to conventional machine learning techniquesXavier Rafael Palou
 
Anomaly Detection for Real-World Systems
Anomaly Detection for Real-World SystemsAnomaly Detection for Real-World Systems
Anomaly Detection for Real-World SystemsManojit Nandi
 
Presentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptxPresentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptxnishanth kurush
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273Abutest
 
230208 MLOps Getting from Good to Great.pptx
230208 MLOps Getting from Good to Great.pptx230208 MLOps Getting from Good to Great.pptx
230208 MLOps Getting from Good to Great.pptxArthur240715
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273Abutest
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273Abutest
 
Deep learning in medicine: An introduction and applications to next-generatio...
Deep learning in medicine: An introduction and applications to next-generatio...Deep learning in medicine: An introduction and applications to next-generatio...
Deep learning in medicine: An introduction and applications to next-generatio...Allen Day, PhD
 
Subverting Machine Learning Detections for fun and profit
Subverting Machine Learning Detections for fun and profitSubverting Machine Learning Detections for fun and profit
Subverting Machine Learning Detections for fun and profitRam Shankar Siva Kumar
 
Using binary classifiers
Using binary classifiersUsing binary classifiers
Using binary classifiersbutest
 
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Alex Pinto
 

Similar to Machine learning cyphort_malware_most_wanted (20)

Introduction to Machine Learning
Introduction to Machine LearningIntroduction to Machine Learning
Introduction to Machine Learning
 
Aaron Roth, Associate Professor, University of Pennsylvania, at MLconf NYC 2017
Aaron Roth, Associate Professor, University of Pennsylvania, at MLconf NYC 2017Aaron Roth, Associate Professor, University of Pennsylvania, at MLconf NYC 2017
Aaron Roth, Associate Professor, University of Pennsylvania, at MLconf NYC 2017
 
2017 07 03_meetup_d
2017 07 03_meetup_d2017 07 03_meetup_d
2017 07 03_meetup_d
 
2017 07 03_meetup_d
2017 07 03_meetup_d2017 07 03_meetup_d
2017 07 03_meetup_d
 
06-01 Machine Learning and Linear Regression.pptx
06-01 Machine Learning and Linear Regression.pptx06-01 Machine Learning and Linear Regression.pptx
06-01 Machine Learning and Linear Regression.pptx
 
[Revised] Intro to CNN
[Revised] Intro to CNN[Revised] Intro to CNN
[Revised] Intro to CNN
 
Introduction to conventional machine learning techniques
Introduction to conventional machine learning techniquesIntroduction to conventional machine learning techniques
Introduction to conventional machine learning techniques
 
Anomaly Detection for Real-World Systems
Anomaly Detection for Real-World SystemsAnomaly Detection for Real-World Systems
Anomaly Detection for Real-World Systems
 
Presentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptxPresentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptx
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273A
 
230208 MLOps Getting from Good to Great.pptx
230208 MLOps Getting from Good to Great.pptx230208 MLOps Getting from Good to Great.pptx
230208 MLOps Getting from Good to Great.pptx
 
R af d
R af dR af d
R af d
 
Risk Analysis for Dummies
Risk Analysis for DummiesRisk Analysis for Dummies
Risk Analysis for Dummies
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273A
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273A
 
Dssg talk CNN intro
Dssg talk CNN introDssg talk CNN intro
Dssg talk CNN intro
 
Deep learning in medicine: An introduction and applications to next-generatio...
Deep learning in medicine: An introduction and applications to next-generatio...Deep learning in medicine: An introduction and applications to next-generatio...
Deep learning in medicine: An introduction and applications to next-generatio...
 
Subverting Machine Learning Detections for fun and profit
Subverting Machine Learning Detections for fun and profitSubverting Machine Learning Detections for fun and profit
Subverting Machine Learning Detections for fun and profit
 
Using binary classifiers
Using binary classifiersUsing binary classifiers
Using binary classifiers
 
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
 

More from Cyphort

MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler Cyphort
 
EverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityEverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityCyphort
 
MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence Cyphort
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksCyphort
 
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsMost notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsCyphort
 
Malware self protection-matrix
Malware self protection-matrixMalware self protection-matrix
Malware self protection-matrixCyphort
 
Dissecting Cryptowall
Dissecting CryptowallDissecting Cryptowall
Dissecting CryptowallCyphort
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyphort
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCyphort
 
Mmw anti sandbox_techniques
Mmw anti sandbox_techniquesMmw anti sandbox_techniques
Mmw anti sandbox_techniquesCyphort
 
Mmw anti sandboxtricks
Mmw anti sandboxtricksMmw anti sandboxtricks
Mmw anti sandboxtricksCyphort
 
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesMMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesCyphort
 
Mmw mac malware-mac
Mmw mac malware-macMmw mac malware-mac
Mmw mac malware-macCyphort
 
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of MalwareMalware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of MalwareCyphort
 
Malware's Most Wanted: Linux and Internet of Things Malware
Malware's Most Wanted: Linux and Internet of Things MalwareMalware's Most Wanted: Linux and Internet of Things Malware
Malware's Most Wanted: Linux and Internet of Things MalwareCyphort
 
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial TrojansMalware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial TrojansCyphort
 
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOLMalware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOLCyphort
 
Malware Most Wanted: Evil Bunny
Malware Most Wanted: Evil BunnyMalware Most Wanted: Evil Bunny
Malware Most Wanted: Evil BunnyCyphort
 
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Cyphort
 
Malware Most Wanted: Security Ecosystem
Malware Most Wanted: Security EcosystemMalware Most Wanted: Security Ecosystem
Malware Most Wanted: Security EcosystemCyphort
 

More from Cyphort (20)

MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
 
EverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityEverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in Cybersecurity
 
MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value Attacks
 
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsMost notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictions
 
Malware self protection-matrix
Malware self protection-matrixMalware self protection-matrix
Malware self protection-matrix
 
Dissecting Cryptowall
Dissecting CryptowallDissecting Cryptowall
Dissecting Cryptowall
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocks
 
Mmw anti sandbox_techniques
Mmw anti sandbox_techniquesMmw anti sandbox_techniques
Mmw anti sandbox_techniques
 
Mmw anti sandboxtricks
Mmw anti sandboxtricksMmw anti sandboxtricks
Mmw anti sandboxtricks
 
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesMMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
 
Mmw mac malware-mac
Mmw mac malware-macMmw mac malware-mac
Mmw mac malware-mac
 
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of MalwareMalware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of Malware
 
Malware's Most Wanted: Linux and Internet of Things Malware
Malware's Most Wanted: Linux and Internet of Things MalwareMalware's Most Wanted: Linux and Internet of Things Malware
Malware's Most Wanted: Linux and Internet of Things Malware
 
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial TrojansMalware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial Trojans
 
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOLMalware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
 
Malware Most Wanted: Evil Bunny
Malware Most Wanted: Evil BunnyMalware Most Wanted: Evil Bunny
Malware Most Wanted: Evil Bunny
 
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
 
Malware Most Wanted: Security Ecosystem
Malware Most Wanted: Security EcosystemMalware Most Wanted: Security Ecosystem
Malware Most Wanted: Security Ecosystem
 

Recently uploaded

Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxFIDO Alliance
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch TuesdayIvanti
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfAnubhavMangla3
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...panagenda
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxFIDO Alliance
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Paige Cruz
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdfMuhammad Subhan
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...ScyllaDB
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTopCSSGallery
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Skynet Technologies
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxMasterG
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data SciencePaolo Missier
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...marcuskenyatta275
 

Recently uploaded (20)

Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 

Machine learning cyphort_malware_most_wanted

  • 1.
  • 2. Machine Learning: The Gold Standard For Threat Detection (?)
  • 3. Your speakers today Rohan Tandon Data Scientist Shel Sharma Product Marketing Director
  • 4. Threat Monitoring & Research team ________ 24X7 monitoring for malware events ________ Assist customers with their Forensics and Incident Response We enhance malware detection accuracy ________ False positives/negatives ________ Deep-dive research We work with the security ecosystem ________ Contribute to and learn from malware KB ________ Best of 3rd Party threat data cyphort.com/blog
  • 5. Agenda o Hype vs. Reality o Security Applications o The Machine Learning Toolkit o Advantages and Pitfalls o Takeaways and Q&A
  • 6. Hype vs. Reality: The Hype
  • 7. Hype vs. Reality: Reality Data, numerical software, high performance computing Prediction, classification, pattern discovery
  • 8. Security Applications o Given all the information I know about a file or event: o Is a file or event malicious? (Yes, No) o If malicious, what type of malware is it? (Trojan, Worm, Adware, etc.) o How can I quantify the risk of the attack? (High, Medium, Low) o How can I determine if the attack is part of a larger campaign against my infrastructure? How likely am I to get hit again? (Next hour, week, month)
  • 9. Security Applications - Traditional Approaches o Static o Packer, file type, file size, code obfuscation o Defense by checksum match, static property signatures o Scalable, but lacking coverage o Behavioral o Logged behavior from sandboxing (file creation, cnc activity, etc) o Manually create “behavioral signatures” o Better coverage, but not always scalable (more possibilities) o Reputation o “Crowdsourcing” the detection problem o Can’t detect targeted threats. Coverage vs Scalability!
  • 10. Security Applications - Machine Learning Static Data Reputation Data Behavior Data Machine Learning Detection, Classification, Risk Assessment + Coverage and Scalability
  • 11. The Machine Learning Toolkit Discovering statistical relationships with data: BIG DATA SMALL DATA ...BUT MAINLY RELEVANT DATA
  • 12. The Machine Learning Toolkit - Data is King All machine learning models need to be “trained” on data. File/event samples (Training Data) Feature extraction ● Static ● Behavioral ● Reputation ● etc. Train ModelAnalyze, clean and normalize data
  • 13. The Machine Learning Toolkit - Data is King All machine learning models need to be “trained” on data. File/event samples (Training Data) Feature extraction ● Static ● Behavioral ● Reputation ● etc. Train ModelAnalyze, clean and normalize data The training data is the most important factor in the success of the model.
  • 14. The Machine Learning Toolkit - Data is King Types of machine learning: o Supervised Learning o Unsupervised Learning o Semi-supervised Learning (Combination of supervised + unsupervised)
  • 15. The Machine Learning Toolkit - Supervised Learning Supervised Learning: o The ”outcome” of each training sample is already known o EXAMPLE: “Binary” classification Object 1 Features Object 2 Features Object 3 Features … Object 1001 Features Object 1 = Malware Object 2 = Clean Object 3 = Clean Object 4 = Malware Object 5 = Malware Object 6 = Malware … Object 2000 = Clean Training Data Train Model Test Model on Unknown Samples New Object Features Malware? Clean? o Techniques o Linear/Logistic Regression o Support Vector Machines o Classification Trees, Random Forests o Neural Networks (“Deep Learning”)
  • 16. The Machine Learning Toolkit - Unsupervised Learning Unsupervised Learning: o The ”outcome” of each training sample is unknown o EXAMPLE: Finding families of malware Malware 1 Features Malware 2 Features Malware 3 Features … Malware 1001 Features Training Data Train Model Discover similar “groupings” of samples Group 1 Malware 17 Malware 1 Malware 264 ... Group 2 Malware 107 Malware 6 Malware 2 ... Group 3 Malware 936 Malware 851 Malware 1001 ... o Techniques o Clustering algorithms o Self-organizing maps o Principal components analysis o Archetypal analysis
  • 17. The Machine Learning Toolkit - Clustering Clustering is a popular ML tool in malware analysis. (Feature = “Dimension”)
  • 18. The Machine Learning Toolkit - Clustering Clustering is a popular ML tool in malware analysis. But things break down in higher dimensions! (Feature = “Dimension”)
  • 19. The Curse of Dimensionality (Bellman, 1961) Objects that are close together in 2-D space may be much farther apart in higher dimensions (Some math ahead!) 1 X 1 2-D feature space Feature 2 Feature1
  • 20. The Curse of Dimensionality (Bellman, 1961) Objects that are close together in 2-D space may be much farther apart in higher dimensions (Some math ahead!) 1 X 1 2-D feature space Feature 2 Feature1 Want to cluster samples in this 0.1 X 0.1 square (1% of all the possible data)
  • 21. The Curse of Dimensionality (Bellman, 1961) Objects that are close together in 2-D space may be much farther apart in higher dimensions (Some math ahead!) 1 X 1 2-D feature space Feature 2 Feature1 Want to cluster samples in this 0.1 X 0.1 square (1% of all the possible data) In 2-D: Must cover 10% of range of each feature
  • 22. The Curse of Dimensionality (Bellman, 1961) Objects that are close together in 2-D space may be much farther apart in higher dimensions (Some math ahead!) 1 X 1 2-D feature space Feature 2 Feature1 Want to cluster samples in this 0.1 X 0.1 square (1% of all the possible data) In 2-D: Must cover 10% of range of each feature In 3-D: To cover 1% of total data volume: ● Must cover ~ 21.5% of range of each feature: (0.215)3 ~ 0.01
  • 23. The Curse of Dimensionality (Bellman, 1961) Objects that are close together in 2-D space may be much farther apart in higher dimensions (Some math ahead!) 1 X 1 2-D feature space Feature 2 Feature1 Want to cluster samples in this 0.1 X 0.1 square (1% of all the possible data) In 2-D: Must cover 10% of range of each feature In 3-D: To cover 1% of total data volume: ● Must cover ~ 21.5% of range of each feature: (0.215)3 ~ 0.01 In 100-D: To cover 1% of total data volume: ● Must cover ~ 95.5% of range of each feature: (0.955)100 ~ 0.01
  • 24. The Curse of Dimensionality (contd.) o Ignore the curse ⇒ bad models, more false positives/false negatives o Solutions: Dimensionality reduction, redefine “closeness”, or skip clustering in favor of other algorithms: Support Vector Machines Penalized Regression Random Forests
  • 25. Supervised Learning - Regression, SVM et. al o Not sensitive to the “curse” o Statistical function approximation o Powerful, scalable with large datasets + many features
  • 26. Supervised Learning - Regression, SVM et. al o Not sensitive to the “curse” o Statistical function approximation o Powerful, scalable with large datasets + many features BUT… o The dataset and features still carry the most weight. o Use as a “black box” could result in catastrophic failure! Model creation should “extend a hypothesis”
  • 27. Supervised Learning - Data is STILL king! o “Models should extend a hypothesis” o Features should have a reason to be used. o Avoid “Spurious correlations” Correlation ≠ Causation
  • 28. But there’s more... The dangers of modeling data before you fully understand it: Relationships may change across different groups!
  • 29. Supervised Learning - In a nutshell “Separate the Signal From the Noise”
  • 30. Separating the Signal from the Noise But what if the signal is too sparse?
  • 31. Separating the Signal from the Noise A “Needle in the haystack” situation: o Low prevalence of threat (1 out of every 100,000 objects) o Built a supervised classifier which can detect 95% of threats, with a 1% FP rate o A FP is 1000x more likely (1 out of 100) than a detection! (High False Discovery Rate) o ML may be able to detect the signal, but not without too much noise. For any machine learning algorithm, there is always a tradeoff between high detection and low false positives.
  • 32. Separating the Signal from the Noise How to increase detection without increasing false positives: Collect better, more predictive training data! (Predicted initial reaction from engineering manager with 95% confidence)
  • 33. Takeaways o When done correctly, ML offers both coverage and scalability in threat detection o It is not without its own shortcomings: o The “needle in the haystack” problem o Spurious correlations o It is still one of the most scalable ways to detect targeted zero-day attacks, when coupled with behavioral analysis o The “Gold Standard” for successfully using machine learning o Know your data - let it guide your use of ML, not the other way around. o Know the benefits and pitfalls of your algorithms o Be ready to iterate, rinse, and repeat
  • 34. Thank You! Q&A Previous MMW slides/recordings on http://cyphort.com/labs/malwares-wanted/