Attacking the malware with AI: Where the finest concepts of Data Science & Cybersecurity meet

Abstract

Attacking the malware with AI

Malware poses one of the greatest threats to the cyber industry. More than 450,000 new malicious programs and potentially unwanted applications (PUA) are registered every day (AV-Test Institute, 2022). As a result, there is an imperative need to automate the process of malware analysis by onboarding artificial intelligence into our defense toolbox.

In this talk, we are going to discuss some of the state-of-art methodologies that modern anti-viruses use for malware discovery and classification. More specifically, we are going to study the Malhuer framework (Rieck et al., 2011). Based on this paper, we will explore:

• how the behavior of malware can be analyzed using sandboxes
• how those sandbox reports can be embedded in a high-dimensional vector space
• how the extracted data points can be compressed into a smaller set of representative prototypes to reduce the computational complexity of the machine learning algorithms
• and how the embedded malware behavior can be incrementally analyzed on a recurrent basis with the use of clustering & classification algorithms, to either classify unknown programs or discover novel clusters of malware.

In short, we will examine how state-of-the-art data science concepts and algorithms can be onboarded by cyber security researchers and engineers, to automatically attack and expose the malware.