Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Draft Slides for Anthill Inside 2017

Draft Slides for Anthill Inside 2017

Draft Slides for Anthill Inside 2017

thedoctor

June 05, 2017
Tweet

More Decks by thedoctor

Other Decks in Programming

Transcript

  1. Contents High Level Outline ➔ Malware Detection What is Malware

    detection and technically how is solved and advancement in the fields ➔ Deep learning Advanced analytics with deep learning is a great alternative to traditional methods. ➔ Architecture and Implementations Practically implemented architectures & solution references of solving malware detection
  2. Statistical Analysis • Preparing an Isolated Environment • Collecting the

    Necessary Tools • Performing a Static Analysis • Dynamic Analysis
  3. Malware detection, identification engine compares the contents of an unidentified

    piece of code to its database of known malware signatures. If the malware hasn’t been seen before, these methods rely on manually tuned heuristics to generate a handcrafted signature, which is then released as an update. This process is time-consuming, and sometimes signatures are released months after the initial detection. As a result, this detection method can’t keep up with the million new malware variants that are created daily.
  4. Heuristic techniques identify malware based on the behavioral characteristics in

    the code, which has led to behavioral-based solutions. This malware detection technique analyzes the malware’s behavior at runtime, instead of considering the characteristics hardcoded in the malware code itself. The main limitation of this malware detection method is that it is able to discover malware only once the malicious actions have begun
  5. Sandbox solutions are a development of the behavioral-based detection method.

    These solutions execute the malware in a virtual (sandbox) environment to determine whether the file is malicious or not, instead of detecting the behavioral fingerprint at runtime. Although this technique has shown to be quite effective in its detection accuracy, it is achieved at the cost of real-time protection because of the time-consuming process involved. Additionally, newer types of malicious code that can evade sandbox detection by stalling their execution in a sandbox environment are posing new challenges to this type of malware detection and consequently, prevention capabilities.
  6. Deep learning architecture using the stacked AutoEncoders (SAEs) model for

    malware detection is implemented, with the input resting on Windows Application Programming Interface (API) calls extracted from the Portable Executable (PE) files. The SAEs model employs a greedy layerwise training operation for unsupervised feature learning, followed by supervised parameter fine-tuning (e.g., weights and offset vectors).