Friday, March 5, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Machine Learning

Escape the malware blob with modern machine learning

March 5, 2020
in Machine Learning
Escape the malware blob with modern machine learning
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

The complexity of files and objects with their increased breadth of file formats and sizes has presented a significant challenge to modern day organisations seeking to improve detection and response processes for advanced malware threats. What might be called a “malware blob,” these threats are packed deep within data, hidden layers down and sometimes even out of sight from typical detection engines. For human analysts responsible for tracking and responding to threats, current detection engines offer only a “black box” perspective. In other words, they provide alerts, but offer little to no context as to what’s happening within the “blob,” causing human analysts to struggle to understand and act on the risk they present effectively. To take down the “blob,” analysts need a more effective way to bridge the gap between detecting malware and understanding what triggered an alert in the first place. Innovations in machine learning techniques have recently surfaced, giving security teams hope for better threat explanations and improved ability to defend against malware’s growing complexity and volume.

The evolution of detection and machine learning

Machine learning and other anomaly detection capabilities were developed to extend malware detection beyond blacklists or databases of known attack signatures. Anomaly-based detection systems observed the behaviour of the network, profiled the normal behaviour, and predicted new threats based on some type of anomalous behaviour or anomalous characteristics. However, while new zero-day threats started to be uncovered, these predictions were missing a critical piece to the puzzle, the “WHY” behind the “WHAT.”

You might also like

Comprehensive Report on Machine Learning Market 2021 | Size, Growth, Demand, Opportunities & Forecast To 2027

2021 Gartner Magic Quadrant for Data Science and Machine Learning Platforms

UVA doctors give us a glimpse into the future of artificial intelligence

While detection vendors produced a binary conviction or malware classification type, the analyst never understood what characteristics of the threats or indicators were present to fully understand the conclusion. Quite simply, signature-based, AI-based and machine learning-based threat detection came with little to no context. This lack of context resulted in analysts spending numerous hours attempting to understand why a file was identified as malicious in order to effectively support their response. And for most analysts, the same scenario plays out in today’s security operations centres.

To better understand how to improve machine learning-driven results, we must first understand that machine learning is a technology that in its essence converts information and object relationships into numbers that try to quantify these properties. The very first step in implementing any such system is the conversion of human experience into a sequence that a machine understands and can learn from. Where machines are specifically built to read and interpret numbers, the people who are meant to use these models often feel limited and confused by these ML/AI systems. The most common question asked of a machine learning expert is, “Why? Why did the machine present such a result?” Or more specifically for those in cybersecurity, “Why was this object detected as malicious?”

To answer the “why,” let’s start from the beginning. As mentioned, the very first step in implementing any such system is the conversion of human experience into a sequence of numbers that a machine understands and can learn from. But what if the first step instead was to develop a system that describes the data–or malware in this case–in a way that both human and machine can understand?

We refer to this approach as explainable machine learning. To succeed, it must be built on a static analysis system that converts objects into human readable indicators that describe the intent of the code found within them. Regardless of what the analysed object is, either a simple file or compound “blob”, static analysis systems can, within just a few milliseconds, go through all its components and describe them in an approachable and easy to understand way.

With a foundation of human readable indicators, explainable machine learning can detect malware with results that are always interpretable by a human analyst. Quite simply, if a system makes a classification decision it must be able to defend it with a description included with any malware it detects. The human perspective comes first, and the machine can then serve as the ultimate companion.

Classifying threats

This is why explainable machine learning systems must be built from the bottom up instead. At ReversingLabs we believe these systems must be built on the concept that declaring which malware type has been detected is its most important feature. Combined with the human readable indicators, machine learning explainability means that the result the system provides must be logical. Human analysts must therefore be given the ability to read the list of provided indicators and agree that the detected malware type has had its functionality described correctly. This same level of transparency in an explainable machine learning model is also critical when prioritising indicators, as they are not all created equal. Only some of them are a contributing factor for the final malware detection. Understanding which indicators are at play is critical to the analyst decision making process. This final piece of the puzzle builds trust in the accuracy of the classification system and underscores the value of exposing models’ reasoning to the human analysts.

Today, most machine learning classifiers are built from the top down. Companies that implement them usually start by making simple classifiers that discern good from bad. Data scientists then can create millions of features extracted from millions of objects. Given enough compute power, machine learning models then find optimal curves that split these datasets based on these labels. However, results wind up losing all of their explainability in the process.

Knowing good from bad is certainly the crux of malware detection, but it isn’t the most important answer a detection system must provide. The second question that an analyst will pose to a machine learning expert is “exactly what did the system detect?” Analyst response to the threat any piece of malware poses is hugely dependent on the answer to this question.

Transparency in decision making

With explainable machine learning, interaction with indicators changes drastically. Transparency in the decision-making process highlights the most important malware family properties. That information is key for assessing the organisational impact that a malware infection has, and the starting point from which a response is planned.

Machine learning models are a great choice for the first line of defence. These signatureless heuristic systems do a great job of identifying if something is malware or not, and even pinpointing what type of malware it is. Their detection outcomes are predictive, not reactive, and that makes detecting new malware variants possible. Even brand-new malware families can be detected without models explicitly being trained on how to do so. In terms of reliability, they also require fewer updates when compared to conventional signatures, and their effective detection rates decay slower.

Tomislav Pericin co-founder, Chief Architect, ReversingLabs 

Credit: Google News

Previous Post

Ryuk ransomware hits Fortune 500 company EMCOR

Next Post

Popular Twitch Streamer Falls Asleep On-Stream to Earn $5,500

Related Posts

Comprehensive Report on Machine Learning Market 2021 | Size, Growth, Demand, Opportunities & Forecast To 2027
Machine Learning

Comprehensive Report on Machine Learning Market 2021 | Size, Growth, Demand, Opportunities & Forecast To 2027

March 5, 2021
2021 Gartner Magic Quadrant for Data Science and Machine Learning Platforms
Machine Learning

2021 Gartner Magic Quadrant for Data Science and Machine Learning Platforms

March 5, 2021
UVA doctors give us a glimpse into the future of artificial intelligence
Machine Learning

UVA doctors give us a glimpse into the future of artificial intelligence

March 5, 2021
Machine intelligence – Spy agencies have high hopes for AI | Science & technology
Machine Learning

Machine intelligence – Spy agencies have high hopes for AI | Science & technology

March 5, 2021
AI and machine learning’s moment in health care
Machine Learning

AI and machine learning’s moment in health care

March 4, 2021
Next Post
Popular Twitch Streamer Falls Asleep On-Stream to Earn $5,500

Popular Twitch Streamer Falls Asleep On-Stream to Earn $5,500

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Accellion zero-day claims a new victim in cybersecurity company Qualys
Internet Security

Accellion zero-day claims a new victim in cybersecurity company Qualys

March 5, 2021
How to Meet the Enterprise-Grade Challenge of Scaling AI 
Artificial Intelligence

How to Meet the Enterprise-Grade Challenge of Scaling AI 

March 5, 2021
Comprehensive Report on Machine Learning Market 2021 | Size, Growth, Demand, Opportunities & Forecast To 2027
Machine Learning

Comprehensive Report on Machine Learning Market 2021 | Size, Growth, Demand, Opportunities & Forecast To 2027

March 5, 2021
GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines
Internet Security

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

March 5, 2021
Convergence of AI, 5G and Augmented Reality Poses New Security Risks 
Artificial Intelligence

Convergence of AI, 5G and Augmented Reality Poses New Security Risks 

March 5, 2021
2021 Gartner Magic Quadrant for Data Science and Machine Learning Platforms
Machine Learning

2021 Gartner Magic Quadrant for Data Science and Machine Learning Platforms

March 5, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Accellion zero-day claims a new victim in cybersecurity company Qualys March 5, 2021
  • How to Meet the Enterprise-Grade Challenge of Scaling AI  March 5, 2021
  • Comprehensive Report on Machine Learning Market 2021 | Size, Growth, Demand, Opportunities & Forecast To 2027 March 5, 2021
  • GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines March 5, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates