Deep

Machine Learning Meets

Cybersecurity


 The Problem

*  Malware growing exponentially

*  Over 100K malware variants created every hour
*  Cyber defense is a big data problem
*  Bad actors embraced automation
*  Create large amounts of malware
*  Good actors have not kept pace
*  Still construct malware detection rules manually
2
 The Solution:
Deep Machine Learning Applied to
Cybersecurity

Training Data Sets: Deep Learning High-Performance

Repository of Cloud Computing
Billions of Malware

Cyber
Analytics

 Gartner’s View on Cybersecurity

We need to be here!

Situational Awareness
Machine
Learning
and Adaptive
Response
The world is here
Analytics and Modeling

Context and Information Sharing

Gartner report: “Intelligent and Automated Security Controls Impact the Future of the Security Market”, Oct 2015

Graphical Expression of Files
Binary Control Flow Graph DNN Graph
Input

Step 1:
•  Malware has one thing in common with all files: it is composed of code
•  Software code is best expressed as a graph
•  We characterize malware as a graph then feed it into our Deep Learning engine
5
Graphical Characterization of
Malware

6
 Big Data & Deep Learning
Platform in the Cloud
Input Output


Malware?
What Family?
Capabilities?

Graph-Based Cloud-Based Deep Learning
Malware Features Neural Network

Step 2:
•  Our Deep Learning engine predicts malware with precision and real-time speed
Malware Prediction Using ML & Graphs
Unknown file Predicted as malware

Neural
Net

Neural network is trained to recognize malware

8
Machine Learning-Based Automated
Malware Analysis
The Most Accurate and Fastest Platform
Sources Malware Identification and Detection Actions
Analyze Characterize Learn

Compute

Accurately detects malware at 99.5%

 Why Now?

•  Deep Learning most accurate in AI industry

•  HPC platforms readily available (e.g., AWS)
•  Can provide comprehensive visibility

10
 Deployed System
Extracting Binary Files

Network Analyzer

Internet
Traffic Concurrent Binary Analysis

Bro Monitor

Dynamic Analysis Static Analysis

Cuckoo Sandbox Radare2

Binary

AntiVirus Analysis
YES NO
Identified as Malware?

Distributed Malware Detection

Hybrid (Static + Dynamic) Static Analysis Machine

Machine Learning Model Learning Model
Knowledge
Base
High Probability of Malware? High Probability of Malware?

NO
YES YES

Malicious Benign
 User Interface and Visual Analytics
CISO / Security Leaders View
•  Threat Landscape Specific to Your Enterprise

Threat View
 User Interface and Visual Analytics
Analysts / Incident Responders View
•  Comprehensive Malware Analysis

Data Projector
 Class Projects

Machine Standardized Indicators

Learning of Compromise

Cyber Bot Visual Analytics

Graphs Analysis