This document provides a high-level overview of an AI-based malware detection system. The system uses a multilayer perceptron neural network with over 5 billion nodes that analyzes files and extracts features to determine if files are malicious or clean. It continuously trains and improves itself by processing large volumes of known malware and benign files. The system also has a separate process for introducing new unknown malware samples in a controlled way to generate new features without disrupting the existing network.

1. © Copyright Fortinet Inc. All rights reserved.
AI – A Self Evolving Detection System
Q3 / 2018

2. 2Fortinet - Confidential
Introduction
21 years military
»USAF – nuclear weapons
»USA – FC/test pilot, threat officer, various leadership roles
20 years security management and consulting
»NASA JPL, World Bank, CME, Delta Air Lines, Humana, HECO, Honda
NA, USAA, Corning, many others
»Consulting, Practice Manager, Director of Security, CISO
Currently: Strategist at Fortinet
»Technology + resource management + business needs = CISO success

3. 3Fortinet - Confidential
Bingo Time!
Deep Analytics
Crowdculture
Virtual / Augmented Reality
Big / Real Big / Way Big Data
Holistic Eco_______
Artificial Intelligence
Machine Learning
Deep learning

4. 4Fortinet - Confidential
LEVEL II
» Content Pattern Recognition
» Looks at wrappers and payload for repeats
» Handles large volumes of permutations
» Proactive in nature, but manually created
Malicious File Packed/Encrypted Run time/memory
Pack Run
Headers
1111010101010
Code
0010101010101
1010101010101
10111101010111
Data
1010101010111
1010101010101
1010101010101
Headers
1111010101010
Code
0010101010101
1010101010101
10111101010111
Data
1010101010111
1010101010101
1010101010101
Headers
1111010101010
Code
0010101010101
1010101010101
10111101010111
Data
1010101010111
1010101010101
1010101010101
Antivirus Evolution
LEVEL I
» Simple MD5 / SHA 56 computations
» Resulted in large DBs for file comparisons
» One signature – one piece of malware
» Reactive and non-responsive to mutations
C:Md5sum malware.exe
5e3830ee3282a53920e00784fec44cfd (malware.exe)
Cfac6385a0cdd5f09b2e38c833c93c9d
5ae8c55fbc7b8f5bafa1af1675478cba
1af8e09e41fc850e15ffc4ea0be68c21
ce1ff097a3f0afec3bd5c5f0fb57cfda
80f27e4d562dc4f55e38f4088251e83c
bf6ba9baa2e0dcb8d175a4ff594dccd9
5e3830ee3282a53920e00784fec44cfd
Malware Found

5. 5Fortinet - Confidential
AI Visions
Facebook ‘emergency shutdown
Fear over planet being “Zuckerburged”’
Reality Was different

6. 6Fortinet - Confidential
Alan Turing called an infant’s mind an
‘unorganized machine’ in 1930s
Created early definitions of machine learning
» First type (A) consists of simple NAND
(negative – AND gates
» Second type (B) is combination of A types with modifiers
added – results in weighted input/variable output method
» Saw the need for:
 Seeded solution set of accurate or known potential output
 Population of variably weighted pieces or functions
 A method for removing the worst solutions while retaining the best
Early AI Defined
Major inhibitor of his research – was far ahead of available capabilities in
terms of computing power.

7. 7Fortinet - Confidential
Artificial Intelligence – Nearing a Century
History of AI Outside Cyber Security Industry
1930s
Turing, Kleene and
Church propose
machine learning
solution
1943
McCullouch and
Pitts create formal
design of Turing’s
‘artificial neurons’
1956
AI research
formally founded as
a discipline at
Dartmouth
College
1960s
AI research
heavily funded
by the U. S.
military
1974
The First AI Winter
Difficulty resulted in
funding cuts in US
and Britain
1980s
Proliferation of
Expert Systems
Lisp vs. PC
1990s
AI applied to
data mining,
medical
diagnosis with
increased CPU
power
1997
IBM Deep Blue
beats Grand
Master Kasparov
in chess
2003
Deep learning is
achieved using
faster computing,
large data
structures
2011
IBM Watson
defeats Jeopardy
champions Brad
Rutter and Ken
Jennings
2013
IBM Watson
application for
management
decisions of lung
cancer treatment
2015
2,700+ AI projects
in place at
Google
2017
Elon Musk
calls for the
regulation of AI
before we hit
100 years

8. 8Fortinet - Confidential
 Supervised Learning – Using known solution sets
to embed proper functions and create proper output.
» Reinforcement – action on an environment
triggers an observation resulting in a defined state.
 Unsupervised Learning – unknown solution sets
» Clustering – group according to similarities.
» Dimensionality Reduction – deductive reasoning.
» Structured Prediction – random fields are analyzed to
predict according to defined output probabilities.
» Anomaly Detection – input does not match expectations.
Types of Problem Solving
Artificial Neural Networks (ANNs)
Large collections of simple interconnected nodes (neurons), each with a weighted input and output value.
?!

9. 9Fortinet - Confidential
 Consists of three or more layers
» Input layer
» One or more hidden layers
» Output layer
 Layers are made of up nodes
» Connected to every node in the previous
and subsequent layer
» Provide discrete processing of input information
(files and features)
» Produces an output value based on inputs, function,
and weighted valuation
Type of AI – Artificial Neural Network (Multilayer Perceptron)
The Multilayer Perceptron approach provides deep
machine learning capabilities.
MP behavior is similar to human neurons - if
input is strong enough, signal is passed
according to weighted value
Input layer
Hidden layer 1 Hidden layer 2
Output layer
Inputs Weights Sum Output
Input 1
Input 2
Input 3
YES/NO
decision
∑

10. 10Fortinet - Confidential
 Point observable characteristics based on code blocks
» Files are parsed when entering the system
 1 : 1 relationship with nodes
 Features are maintained in a knowledgebase
repository (features, pattern recognition sigs, other
information)
 Quality is critical
» Provides more accurate determination of file status
» We leveraged internal legacy samples (~.5PB) to create
features from samples
 Each feature is weighted to assist in decisions
 Feature weighting can change over time
Features
f - feature
w - weight
Func(f1*w1+f2*w2+...+fn*wn) -> {0,1}
Feature/Node Algorithm

11. 11Fortinet - Confidential
 System is fed initial data sets for analysis
» Supervised machine learning approach
 Files are broken into code blocks
 Information (features) extracted during the
learning phase.
» Binary present within the blocks
» Represents behavioral activation
 The system learns by weight features based on
» Surety of indicators (‘tells’)
» Frequency of observation
Layers + Nodes + Features = Learning
Source accuracy of the population input A computer program is said to learn from
experience E with respect to some class of tasks T and performance measure P if
its performance at tasks in T, as measured by P, improves with experience E.

12. 12Fortinet - Confidential
Features, Nodes & Weights – Single Instance
70
FEATURE
100 wt.
NODE
+90
FEATURE
100 wt.
NODE
-20File Result
INPUT LAYER HIDDEN LAYER HIDDEN LAYER OUTPUT LAYER
File
1. We start with an input file – malicious or clean
2. Feature presence is calculated, re-weighted and passed forward to the next node
3. The analysis is repeated using the next layer feature, then passed to the next node
4. Result – the overall probability based on a score of feature presence

13. 13Fortinet - Confidential
Features, Nodes & Weights – Multiple Instance
FEATURES FEATURES
Result
INPUT LAYER MALICIOUS LAYER CLEAN LAYER OUTPUT LAYER
File

14. 14Fortinet - Confidential
AI Operational Example - Machine vs. Malware
1 = process the input file
2 = 2.3 billion nodes analyzing potential malicious
features
3 = 3.2 Billion nodes analyzing files for clean features
4 = output or decision layer (1 = malicious , 0 = clean)
4 Layer Architecture
Consists of separate layers for either malicious or clean feature processing
Mathematical models compare samples and features to decide output
Input layer
Malicious Layer Clean Layer
Output layer
FortiGuard AI
Output is a result of 2.3B x 3.2B individual node computations.
Initial capability – 58 samples per second

15. 15Fortinet - Confidential
System Training
FEATURES
REPOSITORY
TRAINING
FILES
1. We start with AI and an
empty feature repository
2. A training set of files are
input, consisting of clean and
malicious files. Files are
labeled for initial training
3. Files are input and
broken into code blocks.
AI logic builds a set of
features.
4. Features are modified as the
system learns (weighting values,
next phase)
AI

16. 16Fortinet - Confidential
System Testing
MALICIOUS
CLEAN
FEATURES
REPOSITORY
TESTING
FILES
OUTPUT1. Test samples are selected
and input to the system
2. Using the feature repository,
samples are analyzed
3. As this occurs, existing
features may get modified
or others added
4. The system determines clean
or malicious output
5. Output is compared to expected
results. If not accurate, reset to
known point and retrain.
RESULTS
EXAMINED
AI

17. 17Fortinet - Confidential
AI in Operation
MALICIOUS
CLEAN
OUTPUT
 
INPUT
RAW SAMPLES
Feature Set Improvements
 Quality
 Stabilized Number
 Weighting Confidence
Continued Accuracy
to a High Degree of
Confidence
FEATURESQuantity
Quality

18. 18Fortinet - Confidential
 Has to integrate to support current systems
 Must use features (code blocks), create signatures
 Continuous, seamless operational support
Managing New Malware
?!
 Problem - how to introduce new samples and create new features
 New features are naturally regressed in weight – no history
 Requires false weighting to have value in decisions
 Cannot subvert existing weighted features
 Cannot use single samples / false weight
 Would cause heavy skewing of results
 Introduces potentially large errors in main system

19. 19Fortinet - Confidential
New Malware Management System – Part I
AI
130+ Threat Feeds
Global Sensors
CTA
1
New Files
2 Sandbox
Non-matching Feature Sets
(all code blocks)
 A ‘rolling’ input is used – last batch + new
 AI is fast – millions per day
 Sandbox is slower – 10s/K per day
 Features created as in original training
 Features are relative to AI – consist of code
blocks, which are also used by CPR
AI
3 4

20. 20Fortinet - Confidential
New Malware Management System – Part II (AI Side)
1
2
3
4
5
6
Knowledgebase Repository
Production
Feature Set

21. 21Fortinet - Confidential
New Malware Management System – Part III
2 4
5
Knowledgebase Repository
Production CPR
Signature Set
CB
CB
CB
CB
CB
CB
CB
CB
CB
CB
7Customer Enterprise
1 3
6
CPR
Engine
8

22. 22Fortinet - Confidential
Results
• Significantly Increases cybercriminal cost burden for limited return
• Obtain unsurpassed accuracy not possible through manual methods
• Eliminate manual labor/potential errors
• Create autonomous system – operational and continued learning

23. 23Fortinet - Confidential
Take-Aways
• AI as a business solution is not
trivial
• Large effort to implement
• Example ~ 8 years to date
• AI should ease technical resource
demands
• Reallocate to more critical tasks
• Hybrid approaches cause more labor
Anyone pitching AI without some level of
detail is probably BS Bingo selling
• Should not have to watch it
• Tell it right from wrong?
• Lack of trust = poor implementation

24. Thanks for your time!