Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
DeepMachineLearningMeetsCybersecurity
* Malwaregrowingexponentially* Over100Kmalwarevariantscreatedeveryhour* Cyberdefenseisabigdataproblem* Badactorsembracedautomation* Createlargeamountsofmalware* Goodactorshavenotkeptpace* Stillconstructmalwaredetectionrulesmanually2
TheProblem
TheSolution:DeepMachineLearningAppliedto
Cybersecurity
DeepLearning
High-PerformanceCloudComputing
TrainingDataSets:Repositoryof
BillionsofMalware
CyberAnalytics
Gartner report: “Intelligent and Automated Security Controls Impact the Future of the Security Market”, Oct 2015
Gartner’s View on Cybersecurity
Context and Information Sharing
Analytics and Modeling
Machine Learning
and Adaptive Response
We need to be here!
The world is here
Situational A
wareness
GraphicalExpressionofFiles
Step1:• Malwarehasonethingincommonwithallfiles:itiscomposedofcode• Softwarecodeisbestexpressedasagraph• WecharacterizemalwareasagraphthenfeeditintoourDeepLearningengine
5
BinaryInput
ControlFlowGraph DNNGraph
6
GraphicalCharacterizationofMalware
BigData&DeepLearningPlatformintheCloud
Input
Malware?WhatFamily?Capabilities?
Graph-BasedMalwareFeatures
Cloud-BasedDeepLearningNeuralNetwork
Step2:• OurDeepLearningenginepredictsmalwarewithprecisionandreal-timespeed
Output
8
NeuralNet
Neuralnetworkistrainedtorecognizemalware
Unknownfile Predictedasmalware
MalwarePredictionUsingML&Graphs
MachineLearning-BasedAutomatedMalwareAnalysis
TheMostAccurateandFastestPlatform
Accuratelydetectsmalwareat99.5%
Malware Identification and Detection
Compute
LearnCharacterizeAnalyze
Sources Actions
• DeepLearningmostaccurateinAIindustry• HPCplatformsreadilyavailable(e.g.,AWS)• Canprovidecomprehensivevisibility
10
WhyNow?
DeployedSystemExtracting Binary Files
Distributed Malware Detection
Concurrent Binary Analysis
YES
Knowledge Base
BenignMalicious
YESNO
YES
NOAntiVirus Analysis
Identified as Malware?
Static Analysis Machine Learning Model
High Probability of Malware?
Hybrid (Static + Dynamic) Machine Learning Model
High Probability of Malware?
Dynamic Analysis
Cuckoo Sandbox
Network Analyzer
Bro Monitor
Internet Traffic
Binary
Static Analysis
Radare2
UserInterfaceandVisualAnalyticsCISO/SecurityLeadersView
• ThreatLandscapeSpecifictoYourEnterprise
ThreatView
UserInterfaceandVisualAnalyticsAnalysts/IncidentRespondersView
• ComprehensiveMalwareAnalysis
DataProjector
ClassProjects
Analysis
VisualAnalytics
StandardizedIndicatorsofCompromise
CyberBot
Graphs
MachineLearning