Malware detection tools have evolved significantly over the last several decades in response to increasingly complex threats. Machine learning has emerged as a particularly robust solution, and is often touted as the ultimate zero-day malware detection technology. As adoption increases, it is important to recognize and explore shortcomings and vulnerabilities of machine learning solutions.
In this talk we discuss several of these shortcomings, and attempt to dispel the false sense of security surrounding the use of the term "machine learning". We then do a deep dive into a particular vulnerability that is systemic to virtually all malware detection technologies - that defeating one instance of a security solution allows an attacker to defeat all deployed instances. This stems from the fact that previous and current solutions (including those that employ machine learning) distribute identical deployments.
We propose a new deployment paradigm that addresses the shared deployment problem above, ensuring near-equal efficacy but high diversity among security solution deployments. We then present promising comparative results between machine learning classifiers trained and distributed using this paradigm vs. classifiers trained using traditional methods.
Ryan Peters is a data scientist and software engineer at BluVector, developing machine learning approaches for malware detection. He holds a Bachelor's degree in Biomedical Engineering from Case Western Reserve University and a Master's degree in Biomedical Engineering from Duke University with a focus on computational modeling.
I'm especially motivated and passionate for dramatically improving data hunting tradecraft within the cyber security domain. I have a very broad range of technical interests - particularly in the security dimension of hardware, software, systems, and networks. When I'm not hacking the planet, I enjoy playing more golf than is healthy and painfully rooting for the Washington Capitals.