Draft Slides for Anthill Inside 2017

Transcript

1. None

2. Contents High Level Outline ➔ Malware Detection What is Malware

   detection and technically how is solved and advancement in the fields ➔ Deep learning Advanced analytics with deep learning is a great alternative to traditional methods. ➔ Architecture and Implementations Practically implemented architectures & solution references of solving malware detection

3. Statistical Analysis • Preparing an Isolated Environment • Collecting the

   Necessary Tools • Performing a Static Analysis • Dynamic Analysis

4. Malware detection, identification engine compares the contents of an unidentified

   piece of code to its database of known malware signatures. If the malware hasn’t been seen before, these methods rely on manually tuned heuristics to generate a handcrafted signature, which is then released as an update. This process is time-consuming, and sometimes signatures are released months after the initial detection. As a result, this detection method can’t keep up with the million new malware variants that are created daily.

5. Heuristic techniques identify malware based on the behavioral characteristics in

   the code, which has led to behavioral-based solutions. This malware detection technique analyzes the malware’s behavior at runtime, instead of considering the characteristics hardcoded in the malware code itself. The main limitation of this malware detection method is that it is able to discover malware only once the malicious actions have begun

6. Sandbox solutions are a development of the behavioral-based detection method.

   These solutions execute the malware in a virtual (sandbox) environment to determine whether the file is malicious or not, instead of detecting the behavioral fingerprint at runtime. Although this technique has shown to be quite effective in its detection accuracy, it is achieved at the cost of real-time protection because of the time-consuming process involved. Additionally, newer types of malicious code that can evade sandbox detection by stalling their execution in a sandbox environment are posing new challenges to this type of malware detection and consequently, prevention capabilities.

7. Deep learning architecture using the stacked AutoEncoders (SAEs) model for

   malware detection is implemented, with the input resting on Windows Application Programming Interface (API) calls extracted from the Portable Executable (PE) files. The SAEs model employs a greedy layerwise training operation for unsupervised feature learning, followed by supervised parameter fine-tuning (e.g., weights and offset vectors).

8. • • •

9. None
10. None

11. <Will add in the final Presentation>

12. <Will add in the final Presentation>

13. None
14. None
15. None
16. None
17. None

18. <Will add in the final Presentation>

19. None

20. Thanks & Good luck!