Machine Learning for Malware Classification and Clustering

•

7 gostaram•3,249 visualizações

In this talk, we will give an overview of the machine learning model that is the foundation of Endgame’s automated malware classifier. We will discuss challenges and best approaches to finding a metric that adequately summarizes a model's performance recognizing malware and we will show how model results inform the more tactical analysis of malware researchers.

Tecnologia

Machine Learning for Malware
Classification and Clustering
Phil Roth, Data Scientist
1

• PhD in particle astrophysics
• Switched to making images from radar data
• Switched to solving security problems with data
Phil Roth
Data Scientist
2

Outline
• Malware Detection
• Boosted Decision Trees
• Malware Features
• Evaluating Performance
• Bringing a Human into the Loop
3

The Problem: Antivirus
The security industry has declared antivirus as dead, but
there is no widely accepted replacement.
Machine Learning can be that replacement.
4

The Problem: Antivirus
• Antivirus uses signatures, heuristics, and hand crafted rules
that do not scale well
• Using polymorphism and obfuscation, malware authors can
circumvent rules based detection techniques
5

The Solution: Machine Learning
Machine Learning uses statistical techniques to learn
patterns from large datasets
6
Two Steps:
• Feature Extraction
• Boundary Learning

Machine Learning Advantages
• Automation
• Deep Insights
• Scalability
• Generalization
7

Machine Learning Challenges
• Requires labels
• Requires large data sets
• Security field requires very low tolerance for errors
8

Boosted Decision Trees
Basically, it’s a game of 20 questions
Source: https://en.wikipedia.org/wiki/Decision_tree_learning
A tree showing survival of passengers
on the Titanic ("sibsp" is the number
of spouses or siblings aboard). The
figures under the leaves show the
probability of survival and the
percentage of observations in the
leaf.
9

Boosted Decision Trees
• The trees are built by choosing “questions” that
maximize the discrimination between two classes
• The model is called “boosted” because misclassified
samples are given higher weight in future tree building
10

Why Boosted Decision Trees?
Proven results in security and physics
References:
https://www.kaggle.com/c/malware-classification/
http://arxiv.org/pdf/1511.04317.pdf
http://jmlr.org/proceedings/papers/v42/chen14.pdf
11

Malware Features
The extracted features determine your
model’s performance, but there is a tradeoff
Complicated Explainable
12

Complicated Features
Byte frequency and byte
entropy features form a
binary fingerprint that inform
the model
13

Explainable Features
Lists of capabilities don’t greatly help the model classify a
sample, but they can provide more insight to an analyst.
This sample can:
• Record keystrokes
• Send/receive network traffic
• Modify registry
14

Evaluating Performance
We must be careful not to learn from “future” information:
time
time
Train Data
Test Data
Model Train Times
Patterns learned here….
... should not inform classifications here
15

Bringing Humans in the Loop
Amazon built an entire tool (Mechanical Turk) to cheaply
generate labels from human intuition:
Are these products related?
16

Bringing Humans in the Loop
Our labels are more expensive to obtain, and so choosing
what samples to label is even more important.
Is this binary malicious?
Active Learning can help!
17

Bringing Humans in the Loop
When new data arrives, Active Learning tells analysts
which labels would be most helpful.
18

Integration
• Our malware classifier model has been integrated into
our stealthy sensor and Hunt Platform
• Ask the other friendly Endgamers here for a demo!
19

Thanks!
proth@endgame.com
@mrphilroth
20

Mais conteúdo relacionado

Mais procurados

Cognitive Computing in Security with AI

JoAnna Cheshire

Machine Learning for Malware Classification and Clustering

Ashwini Almad

When dealing with over 300 hundred thousand of malware samples every day, we had to deploy the state-of-the-art techniques to combat cyberthreats. And among them - machine learning algorithms. In this whitepaper, we start from describing the basic approaches and proceed to explaining the key applications of machine learning algorithms to automated malware detection. Learn more about how Kaspersky Lab protects businesses like yours => https://kas.pr/8dxv

Machine Learning in Malware Detection

Kaspersky

Semantics aware malware detection ppt

Manish Yadav

В докладе речь пойдёт о применении алгоритмов машинного обучения для обнаружения вредоносных приложений для Android. Я расскажу, как на базе Матрикснета в Яндексе был спроектирован высокопроизводительный инструмент для решения этой задачи. А также продемонстрирую, в каких случаях аналитические методы выявления вредоносного ПО помогают блокировать множество простых образцов вирусного кода. Затем мы поговорим о том, как можно усовершенствовать такие методы для обнаружения более хитроумных вредных программ.

"Быстрое обнаружение вредоносного ПО для Android с помощью машинного обучения...

Yandex

Malware classification using Machine Learning

Japneet Singh

Malware Detection using Machine Learning

Cysinfo Cyber Security Community

Labeling the virus share malware dataset lessons learned

John Seymour

Malware Classification and Analysis

Prashant Chopra

Malware Detection Using Machine Learning Techniques

ArshadRaja786

Detecting Evasive Malware in Sandbox

Rahul Mohandas

Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view

Security Bootcamp

Worst-Case Scenario: Being Detected without Knowing You are Detected

Ashwini Almad

Malware Dectection Using Machine learning

Shubham Dubey

An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)

FFRI, Inc.

STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...

FFRI, Inc.

The VTC experience

frisksoftware

Introduction to penetration testing

Amine SAIGHI

Whittaker How To Break Software Security - SoftTest Ireland

David O'Dowd

Test Strategies & Common Mistakes

frisksoftware

Mais procurados (20)

Cognitive Computing in Security with AI

Machine Learning for Malware Classification and Clustering

Machine Learning in Malware Detection

Semantics aware malware detection ppt

"Быстрое обнаружение вредоносного ПО для Android с помощью машинного обучения...

Malware classification using Machine Learning

Malware Detection using Machine Learning

Labeling the virus share malware dataset lessons learned

Malware Classification and Analysis

Malware Detection Using Machine Learning Techniques

Detecting Evasive Malware in Sandbox

Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view

Worst-Case Scenario: Being Detected without Knowing You are Detected

Malware Dectection Using Machine learning

An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)

STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...

The VTC experience

Introduction to penetration testing

Whittaker How To Break Software Security - SoftTest Ireland

Test Strategies & Common Mistakes

Semelhante a Machine Learning for Malware Classification and Clustering

Web applications security conference slides

Bassam Al-Khatib

The presentation is an extended in-depth version review of cybersecurity challenges with generative AI, enriched with multiple demos, analysis, responsible AI topics and mitigation steps, also covering a broader scope beyond OpenAI service. Popularity, demand and ease of access to modern generative AI technologies reveal new challenges in the cybersecurity landscape that vary from protecting confidentiality and integrity of data to misuse and abuse of technology by malicious actors. In this session we elaborate about monitoring and auditing, managing ethical implications and resolving common problems like prompt injections, jailbreaks, utilization in cyberattacks or generating insecure code.

Cybersecurity and Generative AI - for Good and Bad vol.2

Ivo Andreev

Learning in adversarial settings is becoming an important task for application domains where attackers may inject malicious data into the training set to subvert normal operation of data-driven technologies. Feature selection has been widely used in machine learning for security applications to improve generalization and computational efficiency, although it is not clear whether its use may be beneficial or even counterproductive when training data are poisoned by intelligent attackers. In this work, we shed light on this issue by providing a framework to investigate the robustness of popular feature selection methods, including LASSO, ridge regression and the elastic net. Our results on malware detection show that feature selection methods can be significantly compromised under attack (we can reduce LASSO to almost random choices of feature sets by careful insertion of less than 5% poisoned training samples), highlighting the need for specific countermeasures.

Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...

Pluribus One

To learn more, visit https://www.mirabilisdesign.com or email: info (at) mirabilisdesign.com. To meet the ISO-26262 Parts 4,5,6 Requirements. Failure Analysis, Identification and Resolution of Electronics and Software Join Mirabilis Design for a Webinar to evaluate performance and power consumption, measure the quality of your architecture in the event of failures and, the recovery time from the failures. During this Webinar, we will demonstrate a step-by-step approach to dynamic system modeling, fault generation, and evaluation of diagnostics to cover both ISO26262-Part 4,5,6. Using the VisualSim modeling and simulation software, we will validate and optimize the system architecture, apply failures, add diagnostics to identify the failures, and create logic to resolve the error condition. This model will be used to measure the compliance of the functional safety setup to meet the requirements of ISO26262-Part 4,5,6. At the Webinar, we will 1. Cover hardware, software, network, RTOS and power systems. 2. Construct an architecture model of a braking system. 3. Apply failures, add methods to detect errors and algorithms to return the system to normal operation. 3. Analyze the models to meet the timing, power and functional requirements during an event of a failure. System failure analysis plays a vital role in avoiding any real-time injuries/dangers, especially in aerospace, automotive and medical appliances. While designing the system, a proactive and systematic method to evaluate where and how the system might fail, the outcome of the failure, and how the failures can be prevented helps to consider required safety measures. This minimizes the cost, resources, and time-consumed after the occurrence of an unexpected incident.

Webinar on Functional Safety Analysis using Model-based System Analysis

Deepak Shankar

BsidesLVPresso2016_JZeditsv6

Rod Soto

Li Chen & Ravi Sahita In this talk, we juxtapose the resiliency and trustworthiness of composition of DL and classical ML algorithms for security, via a case study of evaluating the resiliency of ransomware detection via the generative adversarial network (GAN). We propose to use GAN to automatically produce dynamic features that exhibit generalized malicious behaviors that can reduce the efficacy of black-box ransomware classifiers. We examine the quality of the GAN-generated samples by comparing the statistical similarity of these samples to real ransomware and benign software. Further we investigate the latent subspace where the GAN-generated samples lie and explore reasons why such samples cause a certain class of ransomware classifiers to degrade in performance. The automatically generated adversarial samples can then be fed into the training set to reduce the blind spots of the detectors. There has been a surge of interest in using machine learning (ML) particularly deep learning (DL) to automatically detect malware through their dynamic behaviors. These approaches have achieved significant improvement in detection rates and lower false positive rates at large scale compared with traditional malware analysis methods. ML in threat detection has demonstrated to be a good cop to guard platform security. However it is imperative to evaluate - is ML-powered security resilient enough? To generate reliable traces of system activity, we can utilize CPU-based telemetry such as Intel Processor Trace which can be extracted via a hypervisor without guest instrumentation. We advocate that file I/O events extracted from Intel processor trace together with algorithmic improvements have shown potential stronger defense in ML -based model deployment in the wild to combat ransomware attack. Our results and discoveries should pose relevant questions for defenders such as how ML models can be made more resilient for robust enforcement of security objectives.

BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...

BlueHat Security Conference

Malware Collection and Analysis via Hardware Virtualization

Tamas K Lengyel

First Principles Vulnerability Assessment

Manuel Brugnoli

Modern machine learning systems may be very complex and may fall into many pitfalls. It's very easy to unintendedly introduce technical debt into such a complex structure. One of the approaches solving some of anti-patterns is a feature store. Feature store is a missing piece filling a gap between raw data and machine learning models. Not only it will help you to handle technical debt, but even more importantly speeds up time to develop new model.

Feature store: Solving anti-patterns in ML-systems

Andrzej Michałowski

Machine Learning is increasingly being used by companies as a disruptor or providing a USP. This means that Machine Learning models need to cope with being a critical part of solutions and if those solutions use PCI-DSS or PII then the models must be highly secure. In addition, if a Machine Learning model is part of your USP then you will want to protect it. Also, the EU AI Regulation and UK AI Strategy means that AI is becoming increasingly regulated. This means you need to be able to prove what model made a prediction and why it made it by providing auditability and explainabilty. In this talk we go over these issues and how to address them including using AWS and how to implement development best practices.

Securing your Machine Learning models

PhilipBasford

Every single security company is talking in some way or another about how they are applying machine learning. Companies go out of their way to make sure they mention machine learning and not statistics when they explain how they work. Recently, that's not enough anymore either. As a security company you have to claim artificial intelligence to be even part of the conversation. Guess what. It's all baloney. We have entered a state in cyber security that is, in fact, dangerous. We are blindly relying on algorithms to do the right thing. We are letting deep learning algorithms detect anomalies in our data without having a clue what that algorithm just did. In academia, they call this the lack of explainability and verifiability. But rather than building systems with actual security knowledge, companies are using algorithms that nobody understands and in turn discover wrong insights. In this talk I will show the limitations of machine learning, outline the issues of explainability, and show where deep learning should never be applied. I will show examples of how the blind application of algorithms (including deep learning) actually leads to wrong results. Algorithms are dangerous. We need to revert back to experts and invest in systems that learn from, and absorb the knowledge, of experts.

AI & ML in Cyber Security - Why Algorithms Are Dangerous

Raffael Marty

Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware

DaveEdwards12

Machine Learning & Predictive Maintenance

Arnab Biswas

Security best practice and regulations such as SOX, HIPAA, GDPR and others require you to restrict access to your critical IBM i systems and their data, but this is easier said than done. Legacy, proprietary access protocols now co-exist with new, open-source protocols to create access control headaches. View this webcast on-demand for an in-depth discussion of IBM i access points that must be secured and how exit points can be leveraged to accomplish the task. We’ll cover: • Securing network access and communication ports • How database access via open-source protocols can be secured • Taking control of command execution

Controlling Access to IBM i Systems and Data

Precisely

Deep learning in manufacturing predicting and preventing manufacturing defect...

WMG centre High Value Manufacturing Catapult

New Horizons SCYBER Presentation

New Horizons Computer Learning Centers / 5PE

Controlling all the ways your company’s data is being accessed, especially given the proliferation of open source software and other non-traditional data-access methods, is critical to ensuring security and regulatory compliance. This webinar reviews the different ways your data can be accessed, discusses how exit points work and how they can be managed, and why a global data access control strategy is especially important to efficiently protect sensitive data against unwanted access. Topics include: • IBM i access methods and risks • Using exit programs to block traditional and modern access methods • Real life examples and perspectives

Expand Your Control of Access to IBM i Systems and Data

Precisely

Cybersecurity Challenges with Generative AI - for Good and Bad

Ivo Andreev

Foutse_Khomh.pptx

Foutse Khomh

Rise of the machines -- Owasp israel -- June 2014 meetup

Shlomo Yona

Semelhante a Machine Learning for Malware Classification and Clustering (20)

Web applications security conference slides

Cybersecurity and Generative AI - for Good and Bad vol.2

Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...

Webinar on Functional Safety Analysis using Model-based System Analysis

BsidesLVPresso2016_JZeditsv6

BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...

Malware Collection and Analysis via Hardware Virtualization

First Principles Vulnerability Assessment

Feature store: Solving anti-patterns in ML-systems

Securing your Machine Learning models

AI & ML in Cyber Security - Why Algorithms Are Dangerous

Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware

Machine Learning & Predictive Maintenance

Controlling Access to IBM i Systems and Data

Deep learning in manufacturing predicting and preventing manufacturing defect...

New Horizons SCYBER Presentation

Expand Your Control of Access to IBM i Systems and Data

Cybersecurity Challenges with Generative AI - for Good and Bad

Foutse_Khomh.pptx

Rise of the machines -- Owasp israel -- June 2014 meetup

Mais de EndgameInc

Filar seymour oreilly_bot_story_

EndgameInc

Adversaries compromise at will, penetrating today’s signature and IOC dependent detection capabilities. Most incident responders are locked in a cycle of constant reaction to the fraction of activity that is known. Often, undetected attackers remain active in the network as reported incidents are remediated. A new approach is needed to break the cycle of reaction and eradicate the unknown. An offense-based approach must be adopted. Hunting puts the defender on the offensive within their networks, allowing for rapid detection and remediation of threats. Adversary dwell time can be drastically reduced, reducing business impacts and recovery costs. The Endgame hunt platform enables instant protection, visibility, and precision response across your endpoints and automates detection of known and never before seen adversaries without relying on signatures. This talk covers: • Description and benefits of hunt • Challenges of hunting • Solutions and hunting best practices

Hunting before a Known Incident

EndgameInc

Security researchers have limited options when it comes to debuggers and dynamic binary instrumentation tools for ARM-based devices. Hardware-based solutions can be expensive or destructive, while software tools are often restricted to user mode. Presented at REcon 2016, this presentation explores a common but often ignored feature of the ARM debug architecture in search of other options. Digging deeper into this hardware component reveals many interesting use-cases for researchers ranging from debugging and instrumentation to building a novel rootkit.

Hardware-Assisted Rootkits & Instrumentation

EndgameInc

For organizations and individuals with limited security budgets, successfully hunting for cyber adversaries can be a daunting challenge. Threat Intelligence can be expensive and sometimes nothing more than IoCs or blacklists. In this talk, Endgame’s threat research team will present a series of techniques that can enable organizations to leverage free or almost-free sources of data and open-source tools to “hunt on the cheap.” They’ll explain how to: retrieve attackers’ tools from globally distributed honeynets that look like your organization or a juicy launching point to attackers; enrich the data past basic file/tool hashes to identify malicious command and control IPs/domains through automated binary analysis using open-source sandboxes and tools; and use passive DNS data to identify active infections and enrich existing data sets. Attendees will learn how to apply these three techniques to hunt for adversaries within their own networks. They will also learn about the various open-source solutions available, such as graph databases, that make these techniques inexpensive and within the scope of many organizations. Anjum Ahuja, Senior Threat Researcher, Endgame Jamie Butler, Chief Scientist, Endgame Andrew Morris, Threat Researcher, Endgame

Hunting on the Cheap

EndgameInc

Dynamic Detection of Malicious Behavior

EndgameInc

Extracting the Malware Signal from Internet Noise

EndgameInc

Worst-Case Scenario: Being Detected without Knowing You are Detected

EndgameInc

Mais de EndgameInc (7)

Filar seymour oreilly_bot_story_

Hunting before a Known Incident

Hardware-Assisted Rootkits & Instrumentation

Hunting on the Cheap

Dynamic Detection of Malicious Behavior

Extracting the Malware Signal from Internet Noise

Worst-Case Scenario: Being Detected without Knowing You are Detected

Último

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Architecting Cloud Native Applications

WSO2

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

WSO2

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Orbitshub

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Exploring Multimodal Embeddings with Milvus

Zilliz

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

Machine Learning for Malware Classification and Clustering

1. Machine Learning for Malware Classification and Clustering Phil Roth, Data Scientist 1

2. • PhD in particle astrophysics • Switched to making images from radar data • Switched to solving security problems with data Phil Roth Data Scientist 2

3. Outline • Malware Detection • Boosted Decision Trees • Malware Features • Evaluating Performance • Bringing a Human into the Loop 3

4. The Problem: Antivirus The security industry has declared antivirus as dead, but there is no widely accepted replacement. Machine Learning can be that replacement. 4

5. The Problem: Antivirus • Antivirus uses signatures, heuristics, and hand crafted rules that do not scale well • Using polymorphism and obfuscation, malware authors can circumvent rules based detection techniques 5

6. The Solution: Machine Learning Machine Learning uses statistical techniques to learn patterns from large datasets 6 Two Steps: • Feature Extraction • Boundary Learning

7. Machine Learning Advantages • Automation • Deep Insights • Scalability • Generalization 7

8. Machine Learning Challenges • Requires labels • Requires large data sets • Security field requires very low tolerance for errors 8

9. Boosted Decision Trees Basically, it’s a game of 20 questions Source: https://en.wikipedia.org/wiki/Decision_tree_learning A tree showing survival of passengers on the Titanic ("sibsp" is the number of spouses or siblings aboard). The figures under the leaves show the probability of survival and the percentage of observations in the leaf. 9

10. Boosted Decision Trees • The trees are built by choosing “questions” that maximize the discrimination between two classes • The model is called “boosted” because misclassified samples are given higher weight in future tree building 10

11. Why Boosted Decision Trees? Proven results in security and physics References: https://www.kaggle.com/c/malware-classification/ http://arxiv.org/pdf/1511.04317.pdf http://jmlr.org/proceedings/papers/v42/chen14.pdf 11

12. Malware Features The extracted features determine your model’s performance, but there is a tradeoff Complicated Explainable 12

13. Complicated Features Byte frequency and byte entropy features form a binary fingerprint that inform the model 13

14. Explainable Features Lists of capabilities don’t greatly help the model classify a sample, but they can provide more insight to an analyst. This sample can: • Record keystrokes • Send/receive network traffic • Modify registry 14

15. Evaluating Performance We must be careful not to learn from “future” information: time time Train Data Test Data Model Train Times Patterns learned here…. ... should not inform classifications here 15

16. Bringing Humans in the Loop Amazon built an entire tool (Mechanical Turk) to cheaply generate labels from human intuition: Are these products related? 16

17. Bringing Humans in the Loop Our labels are more expensive to obtain, and so choosing what samples to label is even more important. Is this binary malicious? Active Learning can help! 17

18. Bringing Humans in the Loop When new data arrives, Active Learning tells analysts which labels would be most helpful. 18

19. Integration • Our malware classifier model has been integrated into our stealthy sensor and Hunt Platform • Ask the other friendly Endgamers here for a demo! 19

20. Thanks! proth@endgame.com @mrphilroth 20

Notas do Editor

Dive right into train versus test data.

Machine Learning for Malware Classification and Clustering

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Machine Learning for Malware Classification and Clustering

Semelhante a Machine Learning for Malware Classification and Clustering (20)

Mais de EndgameInc

Mais de EndgameInc (7)

Último

Último (20)

Machine Learning for Malware Classification and Clustering

Notas do Editor