Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report:...
Transcript of Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report:...
![Page 1: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security](https://reader034.fdocuments.us/reader034/viewer/2022042110/5e8a3c35acc6144bb572e0cc/html5/thumbnails/1.jpg)
DeepMachineLearningMeetsCybersecurity
![Page 2: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security](https://reader034.fdocuments.us/reader034/viewer/2022042110/5e8a3c35acc6144bb572e0cc/html5/thumbnails/2.jpg)
* Malwaregrowingexponentially* Over100Kmalwarevariantscreatedeveryhour* Cyberdefenseisabigdataproblem* Badactorsembracedautomation* Createlargeamountsofmalware* Goodactorshavenotkeptpace* Stillconstructmalwaredetectionrulesmanually2
TheProblem
![Page 3: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security](https://reader034.fdocuments.us/reader034/viewer/2022042110/5e8a3c35acc6144bb572e0cc/html5/thumbnails/3.jpg)
TheSolution:DeepMachineLearningAppliedto
Cybersecurity
DeepLearning
High-PerformanceCloudComputing
TrainingDataSets:Repositoryof
BillionsofMalware
CyberAnalytics
![Page 4: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security](https://reader034.fdocuments.us/reader034/viewer/2022042110/5e8a3c35acc6144bb572e0cc/html5/thumbnails/4.jpg)
Gartner report: “Intelligent and Automated Security Controls Impact the Future of the Security Market”, Oct 2015
Gartner’s View on Cybersecurity
Context and Information Sharing
Analytics and Modeling
Machine Learning
and Adaptive Response
We need to be here!
The world is here
Situational A
wareness
![Page 5: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security](https://reader034.fdocuments.us/reader034/viewer/2022042110/5e8a3c35acc6144bb572e0cc/html5/thumbnails/5.jpg)
GraphicalExpressionofFiles
Step1:• Malwarehasonethingincommonwithallfiles:itiscomposedofcode• Softwarecodeisbestexpressedasagraph• WecharacterizemalwareasagraphthenfeeditintoourDeepLearningengine
5
BinaryInput
ControlFlowGraph DNNGraph
![Page 6: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security](https://reader034.fdocuments.us/reader034/viewer/2022042110/5e8a3c35acc6144bb572e0cc/html5/thumbnails/6.jpg)
6
GraphicalCharacterizationofMalware
![Page 7: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security](https://reader034.fdocuments.us/reader034/viewer/2022042110/5e8a3c35acc6144bb572e0cc/html5/thumbnails/7.jpg)
BigData&DeepLearningPlatformintheCloud
Input
Malware?WhatFamily?Capabilities?
Graph-BasedMalwareFeatures
Cloud-BasedDeepLearningNeuralNetwork
Step2:• OurDeepLearningenginepredictsmalwarewithprecisionandreal-timespeed
Output
![Page 8: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security](https://reader034.fdocuments.us/reader034/viewer/2022042110/5e8a3c35acc6144bb572e0cc/html5/thumbnails/8.jpg)
8
NeuralNet
Neuralnetworkistrainedtorecognizemalware
Unknownfile Predictedasmalware
MalwarePredictionUsingML&Graphs
![Page 9: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security](https://reader034.fdocuments.us/reader034/viewer/2022042110/5e8a3c35acc6144bb572e0cc/html5/thumbnails/9.jpg)
MachineLearning-BasedAutomatedMalwareAnalysis
TheMostAccurateandFastestPlatform
Accuratelydetectsmalwareat99.5%
Malware Identification and Detection
Compute
LearnCharacterizeAnalyze
Sources Actions
![Page 10: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security](https://reader034.fdocuments.us/reader034/viewer/2022042110/5e8a3c35acc6144bb572e0cc/html5/thumbnails/10.jpg)
• DeepLearningmostaccurateinAIindustry• HPCplatformsreadilyavailable(e.g.,AWS)• Canprovidecomprehensivevisibility
10
WhyNow?
![Page 11: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security](https://reader034.fdocuments.us/reader034/viewer/2022042110/5e8a3c35acc6144bb572e0cc/html5/thumbnails/11.jpg)
DeployedSystemExtracting Binary Files
Distributed Malware Detection
Concurrent Binary Analysis
YES
Knowledge Base
BenignMalicious
YESNO
YES
NOAntiVirus Analysis
Identified as Malware?
Static Analysis Machine Learning Model
High Probability of Malware?
Hybrid (Static + Dynamic) Machine Learning Model
High Probability of Malware?
Dynamic Analysis
Cuckoo Sandbox
Network Analyzer
Bro Monitor
Internet Traffic
Binary
Static Analysis
Radare2
![Page 12: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security](https://reader034.fdocuments.us/reader034/viewer/2022042110/5e8a3c35acc6144bb572e0cc/html5/thumbnails/12.jpg)
UserInterfaceandVisualAnalyticsCISO/SecurityLeadersView
• ThreatLandscapeSpecifictoYourEnterprise
ThreatView
![Page 13: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security](https://reader034.fdocuments.us/reader034/viewer/2022042110/5e8a3c35acc6144bb572e0cc/html5/thumbnails/13.jpg)
UserInterfaceandVisualAnalyticsAnalysts/IncidentRespondersView
• ComprehensiveMalwareAnalysis
DataProjector
![Page 14: Deep Machine Learning Meets Cybersecuritycavazos/cisc850-spring2017/Lecture-01b.pdfGartner report: “Intelligent and Automated Security Controls Impact the Future of the Security](https://reader034.fdocuments.us/reader034/viewer/2022042110/5e8a3c35acc6144bb572e0cc/html5/thumbnails/14.jpg)
ClassProjects
Analysis
VisualAnalytics
StandardizedIndicatorsofCompromise
CyberBot
Graphs
MachineLearning