Malice through the looking glass

520 views
467 views

Published on

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
520
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Malice through the looking glass

  1. 1. Malice Through the Looking Glass Behavior Analysis for the Next Decade Jeff Debrosse
  2. 2. “It is better to be roughly right than precisely wrong.” •John Maynard Keynes
  3. 3. ANALYZE THIS… Industry core focus • code analysis • Parse textual content
  4. 4. ANALYZE THAT… Add social engineering analysis to threat analysis • Examine the behavior of the victim (underlying causes) • Treat the disease as well as the symptom(s)!
  5. 5. Security Convenience TRADITIONAL SECURITY DILEMMA
  6. 6. PSYCHOLOGY AND DECEPTION “Psychological manipulation of an individual or set of individuals to produce a desired effect on their behavior.“
  7. 7. TODAY’S AV VENDOR GOAL To increase the security of our customers • Heuristic Technology • Cloud-based Solutions • Others Today we mostly look for: • Known bad objects (blacklisting) • Known good objects (whitelisting, change detection)
  8. 8. THE PSYCHOLOGY OF DETECTION What does behavior analysis have to do with social engineering? • Fake AV sells • Manual analysis = large overhead (and it’s getting larger) • User behavior: another security layer?
  9. 9. THE PSYCHOLOGY OF DETECTION JDLR: Cop Talk for “Just Don’t Look Right” At this point, we may identify software as: • Already classified • Resembles badware (JDLR) • Shares characteristics of badware • Something which may be good or bad, but has proscribed characteristics
  10. 10. THE HUMAN ELEMENT “No matter how low an opinion you have of your users, they will find a way to disappoint you” • Stamos’ Law (or his corollary to Murphy’s Law) • Stamos, BH 2009
  11. 11. PROBABILITY AND EMAIL Bayesian spam filtering • Counts number of incorrect classifications. • Low computational overhead • Very fast machine learning
  12. 12. BAYESIAN ANALYSIS IN ACTION the phrase “male enhancement” is detected in the body of the email (85% probability of the message being spam) the subject contains the phrase “real prescription meds” (95% probability) the body also contains the word (FREE) in all caps (98% probability) the sender’s email address and sending server are different – 99.9% probability)
  13. 13. PROBABILITY AND PEOPLE Can we predict human behavior (with any accuracy)? Behavioral targeting does this today!
  14. 14. GET YOUR GAME (THEORY) ON Game theory attempts to predict behavior such as: • the interaction between two people • movements of financial markets • modern-day warfare
  15. 15. THE PRISONER’S DILEMMA (OR PREDICTABLE RATIONALITY) S1 confess don’t confess 10,10 0,20 S2 don’t 20,0 1,1
  16. 16. CONCLUSION Feedback Ethics Optimized by… • Cloud? • Aggregation? Have we reached the • Behavioral Data? industry’s limits?
  17. 17. QUESTIONS?

×