O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
MALWARE DETECTION
USING MACHINE
LEARNING
ABHIJIT MOHANTA
ABOUT PRESENTER
• Worked as security researcher for
Symantec,Mcafee,Cyphort
• Experience in reverse engineering
,malware a...
DISCALIMER
I have used some contents from the
following sites
Reference:
• analyticsvidhya.com
• datadrivensecurity.info
•...
Malware Detection in Antivirus:
How Antiviruses detect malware?
• Traditional AV's pattern matching on static files
• Part...
MACHINE LEARNING INTRO
• Some prerequisites:
statistics,calculus,vectors,algebra
• Problems solved: classification /regres...
Supervised Learning:
• What is it?
• Steps:
– Feature Selection
– Training(provide Labelled Data)
– Prediction
FEATURE SELECTION
• How features are selected in Classification?
• Some property with which you can distinguish two
classe...
MODEL SELECTION
Models for supervised Learning:
•K-Nearest Neighbours(KNN)-classification
•K-Means clustering
•SVM
•Decisi...
K-Nearest Neighbours(KNN)
• Supervised learning
• Classification Algorithm
• Similarity to neighbours-(Eucledian,Manhattan...
K-Means
• Unsupervised learning
• Clustering algorithm
• Given some data we cluster the data to K
groups
• In each iterati...
Support Vector Machines
• Classifier
• What are support vectors
• Linearly separating Hyperplane
• Margins with max separa...
Support Vector Machines
• ref:http://www.saedsayad.com/support_vector_machine.htm
• videos:
• https://www.youtube.com/watc...
Decision Tree
Ref:https://databricks.com/blog/2014/09/29/scalable-decision-trees-in-
mllib.html
Random Forest
• Ensemble learning method
• Uses output of multiple decision trees
Ref:https://citizennet.com/blog/2012/11/...
Features for Malware
Detection
• Static:
– Size
– Signed/unsigned
– Icon-exe file without icons
– entropy
• Behaviour:
– P...
Training Sets for malware
Some application for Malware
Traffic Detection
• DGA algorithm detection
• DGA: what is DGA?
• Features:
– N-Grams
– Entro...
ADVANCED TOPICS
• NEURAL NETWORKS
• DEEP NEURAL NETWORKS
PYTHON LIBRARIES
• Scikit-Learn
• Numpy
• Pandas
Malware Detection using Machine Learning
Malware Detection using Machine Learning
Malware Detection using Machine Learning
Malware Detection using Machine Learning
Malware Detection using Machine Learning
Malware Detection using Machine Learning
Malware Detection using Machine Learning
Terminou este documento.
Transfira e leia offline.
Próximos SlideShares
Cognitive Computing in Security with AI
Avançar
Próximos SlideShares
Cognitive Computing in Security with AI
Avançar
Transfira para ler offline e ver em ecrã inteiro.

Compartilhar

Malware Detection using Machine Learning

Baixar para ler offline

Malware Detection using Machine Learning

Malware Detection using Machine Learning

  1. 1. MALWARE DETECTION USING MACHINE LEARNING ABHIJIT MOHANTA
  2. 2. ABOUT PRESENTER • Worked as security researcher for Symantec,Mcafee,Cyphort • Experience in reverse engineering ,malware analysis and detection • Worked on antivirus engines,and sandbox engines
  3. 3. DISCALIMER I have used some contents from the following sites Reference: • analyticsvidhya.com • datadrivensecurity.info • home.agh.edu.pl • neuralnetworksanddeeplearning.com • http://www.astroml.org • Youtube • Google images
  4. 4. Malware Detection in Antivirus: How Antiviruses detect malware? • Traditional AV's pattern matching on static files • Partially decrypt using techniques like emulation How Malwares evade antivirus? • use polymorphic packers which evades static pattern matching Why Machine Learning? • Too many types of malware bots,virus • Based on target stealers,POS malwares,banking • Too much data for human to process
  5. 5. MACHINE LEARNING INTRO • Some prerequisites: statistics,calculus,vectors,algebra • Problems solved: classification /regression • Types: supervised,semi- supervised,unsupervised • What is our problem? Classification
  6. 6. Supervised Learning: • What is it? • Steps: – Feature Selection – Training(provide Labelled Data) – Prediction
  7. 7. FEATURE SELECTION • How features are selected in Classification? • Some property with which you can distinguish two classes is A Feature • Feature can be represented as Vector,Boolean etc • Apple Vs Orange Class: – Feature: colour,weight,shape – Label: apple,guava
  8. 8. MODEL SELECTION Models for supervised Learning: •K-Nearest Neighbours(KNN)-classification •K-Means clustering •SVM •Decision Tree •Random Forest •Naive Bayes Algorithm
  9. 9. K-Nearest Neighbours(KNN) • Supervised learning • Classification Algorithm • Similarity to neighbours-(Eucledian,Manhattan,Minkowski) • Euclidean distance • A circle around the point to be classified that contains k points
  10. 10. K-Means • Unsupervised learning • Clustering algorithm • Given some data we cluster the data to K groups • In each iteration the mean value of the cluster is updated • Centre calculated using Eucledian distance • ref video:https://www.youtube.com/watch? v=aiJ8II94qck
  11. 11. Support Vector Machines • Classifier • What are support vectors • Linearly separating Hyperplane • Margins with max separation
  12. 12. Support Vector Machines • ref:http://www.saedsayad.com/support_vector_machine.htm • videos: • https://www.youtube.com/watch?v=1NxnPkZM9bc • https://www.youtube.com/watch?v=5zRmhOUjjGY
  13. 13. Decision Tree Ref:https://databricks.com/blog/2014/09/29/scalable-decision-trees-in- mllib.html
  14. 14. Random Forest • Ensemble learning method • Uses output of multiple decision trees Ref:https://citizennet.com/blog/2012/11/10/random-forests-ensembles-and-performance-metrics/
  15. 15. Features for Malware Detection • Static: – Size – Signed/unsigned – Icon-exe file without icons – entropy • Behaviour: – Process executed from %appdata% and %temp% – Dropped file has random name eg xszsde.exe – Process creating run entries – Code injection
  16. 16. Training Sets for malware
  17. 17. Some application for Malware Traffic Detection • DGA algorithm detection • DGA: what is DGA? • Features: – N-Grams – Entropy – Dictionary – Reference:http://datadrivensecurity.info
  18. 18. ADVANCED TOPICS • NEURAL NETWORKS • DEEP NEURAL NETWORKS
  19. 19. PYTHON LIBRARIES • Scikit-Learn • Numpy • Pandas
  • titaniumgeek

    Jun. 3, 2021
  • snowcuq

    Dec. 27, 2020
  • ShaliniN21

    Apr. 17, 2020
  • Caaan

    Oct. 31, 2017
  • mmpasha

    Aug. 31, 2017
  • DivyalNaik

    Aug. 6, 2017
  • DivyalNaik

    Aug. 6, 2017

Malware Detection using Machine Learning

Vistos

Vistos totais

4.040

No Slideshare

0

De incorporações

0

Número de incorporações

524

Ações

Baixados

270

Compartilhados

0

Comentários

0

Curtir

7

×