Post on 18-Nov-2014
description
Malice Through the Looking Glass
Behavior Analysis for the Next Decade
Jeff Debrosse
“It is better to be roughly right than precisely wrong.”
•John Maynard Keynes
ANALYZE THIS…
Industry core focus
• code analysis
• Parse textual content
ANALYZE THAT…
Add social engineering analysis to threat analysis
• Examine the behavior of the victim (underlying causes)
• Treat the disease as well as the symptom(s)!
TRADITIONAL SECURITY DILEMMA
Security Convenience
PSYCHOLOGY AND DECEPTION
“Psychological manipulation of an individual or set of individuals to produce a desired effect on their behavior.“
TODAY’S AV VENDOR GOAL
To increase the security of our customers
• Heuristic Technology
• Cloud-based Solutions
• Others
Today we mostly look for:
• Known bad objects (blacklisting)
• Known good objects (whitelisting, change detection)
THE PSYCHOLOGY OF DETECTION
What does behavior analysis have to do with social engineering?
• Fake AV sells
• Manual analysis = large overhead (and it’s getting larger)
• User behavior: another security layer?
THE PSYCHOLOGY OF DETECTION
JDLR: Cop Talk for “Just Don’t Look Right”
At this point, we may identify software as:
• Already classified
• Resembles badware (JDLR)
• Shares characteristics of badware
• Something which may be good or bad, but has proscribed characteristics
THE HUMAN ELEMENT
“No matter how low an opinion you have of your users, they will
find a way to disappoint you”
• Stamos’ Law (or his corollary to Murphy’s Law)
• Stamos, BH 2009
PROBABILITY AND EMAIL
Bayesian spam filtering
• Counts number of incorrect classifications.
• Low computational overhead
• Very fast machine learning
BAYESIAN ANALYSIS IN ACTION
the phrase “male enhancement” is detected in the body of the email (85% probability of the message being spam)
the subject contains the phrase “real prescription meds” (95% probability)
the body also contains the word (FREE) in all caps (98% probability)
the sender’s email address and sending server are different –99.9% probability)
PROBABILITY AND PEOPLE
Can we predict human behavior (with any accuracy)?
Behavioral targeting does this today!
GET YOUR GAME (THEORY) ON
Game theory attempts to predict behavior such as:
• the interaction between two people
• movements of financial markets
• modern-day warfare
THE PRISONER’S DILEMMA (OR PREDICTABLE RATIONALITY)
S1
confess don’t
S2
confess 10,10 0,20
don’t 20,0 1,1
CONCLUSION
Feedback
Ethics
Optimized by…
• Cloud?
• Aggregation?
• Behavioral Data?Have we reached the
industry’s limits?
QUESTIONS?