• Home

  • Documents

  • Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report:...
14
Deep Machine Learning Meets Cybersecurity

Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security

  • Upload
    others

  • View
    1

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security

DeepMachineLearningMeetsCybersecurity

Page 2: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security

* Malwaregrowingexponentially* Over100Kmalwarevariantscreatedeveryhour* Cyberdefenseisabigdataproblem* Badactorsembracedautomation* Createlargeamountsofmalware* Goodactorshavenotkeptpace* Stillconstructmalwaredetectionrulesmanually2

TheProblem

Page 3: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security

TheSolution:DeepMachineLearningAppliedto

Cybersecurity

DeepLearning

High-PerformanceCloudComputing

TrainingDataSets:Repositoryof

BillionsofMalware

CyberAnalytics

Page 4: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security

Gartner report: “Intelligent and Automated Security Controls Impact the Future of the Security Market”, Oct 2015

Gartner’s View on Cybersecurity

Context and Information Sharing

Analytics and Modeling

Machine Learning

and Adaptive Response

We need to be here!

The world is here

Situational A

wareness

Page 5: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security

GraphicalExpressionofFiles

Step1:•  Malwarehasonethingincommonwithallfiles:itiscomposedofcode•  Softwarecodeisbestexpressedasagraph•  WecharacterizemalwareasagraphthenfeeditintoourDeepLearningengine

5

BinaryInput

ControlFlowGraph DNNGraph

Page 6: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security

6

GraphicalCharacterizationofMalware

Page 7: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security

BigData&DeepLearningPlatformintheCloud

Input

Malware?WhatFamily?Capabilities?

Graph-BasedMalwareFeatures

Cloud-BasedDeepLearningNeuralNetwork

Step2:•  OurDeepLearningenginepredictsmalwarewithprecisionandreal-timespeed

Output

Page 8: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security

8

NeuralNet

Neuralnetworkistrainedtorecognizemalware

Unknownfile Predictedasmalware

MalwarePredictionUsingML&Graphs

Page 9: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security

MachineLearning-BasedAutomatedMalwareAnalysis

TheMostAccurateandFastestPlatform

Accuratelydetectsmalwareat99.5%

Malware Identification and Detection

Compute

LearnCharacterizeAnalyze

Sources Actions

Page 10: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security

•  DeepLearningmostaccurateinAIindustry•  HPCplatformsreadilyavailable(e.g.,AWS)•  Canprovidecomprehensivevisibility

10

WhyNow?

Page 11: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security

DeployedSystemExtracting Binary Files

Distributed Malware Detection

Concurrent Binary Analysis

YES

Knowledge Base

BenignMalicious

YESNO

YES

NOAntiVirus Analysis

Identified as Malware?

Static Analysis Machine Learning Model

High Probability of Malware?

Hybrid (Static + Dynamic) Machine Learning Model

High Probability of Malware?

Dynamic Analysis

Cuckoo Sandbox

Network Analyzer

Bro Monitor

Internet Traffic

Binary

Static Analysis

Radare2

Page 12: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security

UserInterfaceandVisualAnalyticsCISO/SecurityLeadersView

•  ThreatLandscapeSpecifictoYourEnterprise

ThreatView

Page 13: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security

UserInterfaceandVisualAnalyticsAnalysts/IncidentRespondersView

•  ComprehensiveMalwareAnalysis

DataProjector

Page 14: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security

ClassProjects

Analysis

VisualAnalytics

StandardizedIndicatorsofCompromise

CyberBot

Graphs

MachineLearning


OLD WINBURNIANS NEWSLETTER - SPRING2017 Summer/2017 Summe… · OLD WINBURNIANS NEWSLETTER - SPRING2017 ... Industrial Revolution and Britain about to resume a long and painful war

OLD WINBURNIANS NEWSLETTER - SPRING2017 Summer/2017 Summe… · OLD WINBURNIANS NEWSLETTER - SPRING2017 ... Industrial Revolution and Britain about to resume a long and painful war

Documents
Parkridge kids Spring2017 Final - Compressed - Web

Parkridge kids Spring2017 Final - Compressed - Web

Documents
Design Examples - Oregon State Universityclasses.engr.oregonstate.edu/eecs/spring2017/ece627/Lecture Notes... · Design Examples MEAD March 2008 ... Block Diagram & DR Scaling •

Design Examples - Oregon State Universityclasses.engr.oregonstate.edu/eecs/spring2017/ece627/Lecture Notes... · Design Examples MEAD March 2008 ... Block Diagram & DR Scaling •

Documents
Advanced practical course in genome bioinformaticsekhidna.biocenter.helsinki.fi/downloads/teaching/spring2017/Practic… · •Web Apollo –collaborative online manual annotation

Advanced practical course in genome bioinformaticsekhidna.biocenter.helsinki.fi/downloads/teaching/spring2017/Practic… · •Web Apollo –collaborative online manual annotation

Documents
Exchangereport Maastricht)University Spring2017 Chan%Kai

Exchangereport Maastricht)University Spring2017 Chan%Kai

Documents
Colette Fontaine Dr. Horowitz DH62 C Spring2017

Colette Fontaine Dr. Horowitz DH62 C Spring2017

Documents
Specialization Sequence 6: Integrating Content, …luc.edu/media/lucedu/education/syllabi/spring2017/tlsc/TLSC340_350... · Specialization Sequence 6: Integrating Content, Cultures

Specialization Sequence 6: Integrating Content, …luc.edu/media/lucedu/education/syllabi/spring2017/tlsc/TLSC340_350... · Specialization Sequence 6: Integrating Content, Cultures

Documents
High Sigma Analysis - University of California, Los Angeleseda.ee.ucla.edu/EE201C/uploads/Spring2017/ReadingMaterials/slides.pdfPhase 1: Hyperspherical clustering: identify multiple

High Sigma Analysis - University of California, Los Angeleseda.ee.ucla.edu/EE201C/uploads/Spring2017/ReadingMaterials/slides.pdfPhase 1: Hyperspherical clustering: identify multiple

Documents
UndergraduateJournalofHumanisticStudies Spring2017 Vol. 5 ... · UndergraduateJournalofHumanisticStudies Spring2017 Vol. 5 In 1775, two decades before the Haitian Revolution wouldshaketheworld,Guillaume

UndergraduateJournalofHumanisticStudies Spring2017 Vol. 5 ... · UndergraduateJournalofHumanisticStudies Spring2017 Vol. 5 In 1775, two decades before the Haitian Revolution wouldshaketheworld,Guillaume

Documents
Malware Characterization using Compiler-based Graphscavazos/cisc850-spring2017/Lecture-03.pdf · Malware Characterization using Compiler-based Graphs. CISC 850: Cyber Analytics 2

Malware Characterization using Compiler-based Graphscavazos/cisc850-spring2017/Lecture-03.pdf · Malware Characterization using Compiler-based Graphs. CISC 850: Cyber Analytics 2

Documents
Quiz: HW11 - Electrochemical Potential, Free Energy, and ...mccord.cm.utexas.edu/courses/spring2017/ch302/hwpdfs/HW11... · Electrochemical Potential, Free Energy, and Applications

Quiz: HW11 - Electrochemical Potential, Free Energy, and ...mccord.cm.utexas.edu/courses/spring2017/ch302/hwpdfs/HW11... · Electrochemical Potential, Free Energy, and Applications

Documents
Spin-wave dynamics in a hexagonal 2-D magnonic crystalcavazos/cisc850-spring201…  · Web view†The full version of the author’s guide is available as acmart.pdf document

Spin-wave dynamics in a hexagonal 2-D magnonic crystalcavazos/cisc850-spring201…  · Web view†The full version of the author’s guide is available as acmart.pdf document

Documents
English 1102 spring2017

English 1102 spring2017

Education
Rox Towson, AcziuNdee - Alley Animalsalleyanimals.org/newsletters/spring2017/2017spring-newsletter.pdf · AcziuNdee Editor's Note improper treatment resulting in catastrophic injury

Rox Towson, AcziuNdee - Alley Animalsalleyanimals.org/newsletters/spring2017/2017spring-newsletter.pdf · AcziuNdee Editor's Note improper treatment resulting in catastrophic injury

Documents
Teacher Training Schedule Winter 201796bda424cfcc34d9dd1a-0a7f10f87519dba22d2dbc6233a731e5.r41.… · 2016-08-25 · Infinity’Yoga’200’Hour’Teacher’Training’ Winter/Spring2017’

Teacher Training Schedule Winter 201796bda424cfcc34d9dd1a-0a7f10f87519dba22d2dbc6233a731e5.r41.… · 2016-08-25 · Infinity’Yoga’200’Hour’Teacher’Training’ Winter/Spring2017’

Documents
Introduction to Computer Organization - pages.cs.wisc.edupages.cs.wisc.edu/~rrahulnayar/cs252/Spring2017/lectures/Lecture1.pdf · Introduction to Computer Engineering ... All computers,

Introduction to Computer Organization - pages.cs.wisc.edupages.cs.wisc.edu/~rrahulnayar/cs252/Spring2017/lectures/Lecture1.pdf · Introduction to Computer Engineering ... All computers,

Documents
Counseling Applications for Secondary Schoolsconference.aeries.com › spring2017 › docs › PDFs › 601...Counseling Applications for Secondary Schools Session 601 Page 1 ... GPA,

Counseling Applications for Secondary Schoolsconference.aeries.com › spring2017 › docs › PDFs › 601...Counseling Applications for Secondary Schools Session 601 Page 1 ... GPA,

Documents
Visual Analytics for cyber security and intelligencecavazos/cisc850-spring2017/presentati… · 4.Cyber security •VA can improve cyber security with capabilities to: • recognize

Visual Analytics for cyber security and intelligencecavazos/cisc850-spring2017/presentati… · 4.Cyber security •VA can improve cyber security with capabilities to: • recognize

Documents
Visual Analysis of Malware Behavior Using Treemaps and ...cavazos/cisc850-spring2017/papers/... · Visual Analysis of Malware Behavior Using Treemaps and Thread Graphs ... [1, 6,

Visual Analysis of Malware Behavior Using Treemaps and ...cavazos/cisc850-spring2017/papers/... · Visual Analysis of Malware Behavior Using Treemaps and Thread Graphs ... [1, 6,

Documents
CS 2506 Course Administration 1 - Undergraduate Courses ...courses.cs.vt.edu/cs2506/Spring2017/2506Administration.pdf · Course Administration ... Stephen G Kochan Developer's Library

CS 2506 Course Administration 1 - Undergraduate Courses ...courses.cs.vt.edu/cs2506/Spring2017/2506Administration.pdf · Course Administration ... Stephen G Kochan Developer's Library

Documents
icqb 2017 lecture7 - microbiology.columbia.edumicrobiology.columbia.edu/icqb/spring2017/icqb_2017_lecture7.pdf · 1958 LISP (LISt Processing) language is created by John McCarthy

icqb 2017 lecture7 - microbiology.columbia.edumicrobiology.columbia.edu/icqb/spring2017/icqb_2017_lecture7.pdf · 1958 LISP (LISt Processing) language is created by John McCarthy

Documents
CS131: Programming Languages and Compilerssist.shanghaitech.edu.cn/faculty/songfu/course/spring2017/cs131/ch... · Cousins of the compiler • Preprocessors delete comments, include

CS131: Programming Languages and Compilerssist.shanghaitech.edu.cn/faculty/songfu/course/spring2017/cs131/ch... · Cousins of the compiler • Preprocessors delete comments, include

Documents
Malware analysis using visualized images and …cavazos/cisc850-spring2017/...Int. J. Inf. Secur. (2015) 14:1–14 DOI 10.1007/s10207-014-0242-0 REGULAR CONTRIBUTION Malware analysis

Malware analysis using visualized images and …cavazos/cisc850-spring2017/...Int. J. Inf. Secur. (2015) 14:1–14 DOI 10.1007/s10207-014-0242-0 REGULAR CONTRIBUTION Malware analysis

Documents
sap.einaudi.cornell.edu Spring2017.pdfsap.einaudi.cornell.edu Jyoti Balachandran Department of History, Colgate University Durba Ghosh Department of History, Cornell University 30

sap.einaudi.cornell.edu Spring2017.pdfsap.einaudi.cornell.edu Jyoti Balachandran Department of History, Colgate University Durba Ghosh Department of History, Cornell University 30

Documents
Chapter 8: Magnetism & Electromagnetism - UMass Lowellfaculty.uml.edu/JeanFrancois_Millithaler/FunElec/Spring2017/pdf/Ch8... · Chapter 8: Magnetism & ... testing motors, classifying

Chapter 8: Magnetism & Electromagnetism - UMass Lowellfaculty.uml.edu/JeanFrancois_Millithaler/FunElec/Spring2017/pdf/Ch8... · Chapter 8: Magnetism & ... testing motors, classifying

Documents
Chemical Newsletter - Spring 2017 - Grace Matthewsgracematthews.com/.../ChemicalNewsletter-Spring2017.pdfCase Study: Applied Adhesives Based in Minnetonka, Minnesota, Applied Adhesives

Chemical Newsletter - Spring 2017 - Grace Matthewsgracematthews.com/.../ChemicalNewsletter-Spring2017.pdfCase Study: Applied Adhesives Based in Minnetonka, Minnesota, Applied Adhesives

Documents
Introduction to Computer Engineeringpages.cs.wisc.edu/~rrahulnayar/cs252/Spring2017/lectures/Lecture4.pdf · Introduction to Computer Engineering ... Inc. Permission required for

Introduction to Computer Engineeringpages.cs.wisc.edu/~rrahulnayar/cs252/Spring2017/lectures/Lecture4.pdf · Introduction to Computer Engineering ... Inc. Permission required for

Documents
Ancestral Recombination Graphs - Arizona State Universityjtaylor/teaching/Spring2017/BIO545/lectures/ARG.pdf · Ancestral Recombination Graphs Ancestral relationships among a sample

Ancestral Recombination Graphs - Arizona State Universityjtaylor/teaching/Spring2017/BIO545/lectures/ARG.pdf · Ancestral Recombination Graphs Ancestral relationships among a sample

Documents
Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics Cuckoo Sandbox • Automated malware analysis system. • Uses virtualization and supports

Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics Cuckoo Sandbox • Automated malware analysis system. • Uses virtualization and supports

Documents
A Survey of Visualization Systems for Malware …cavazos/cisc850-spring2017/...Abstract • Problem : increasing of malware • Automatic approaches for malware detection • The paper

A Survey of Visualization Systems for Malware …cavazos/cisc850-spring2017/...Abstract • Problem : increasing of malware • Automatic approaches for malware detection • The paper

Documents