Symantec adds Deep Learning to detect 0-day malware

Discussion in 'other anti-virus software' started by Secondmineboy, Jan 4, 2016.

  1. Secondmineboy

    Secondmineboy Registered Member

    Joined:
    Jan 1, 2016
    Posts:
    85
    Location:
    Germany
    "Android versions of Symantec mobile security products are the first to include deep learning, but the access to this big data approach will soon spread to other platforms.

    Deep learning may be the next frontier for a security industry that's dealing with constant attacks from cyber-criminals who become more sophisticated by the day."


    http://www.eweek.com/security/syman...o-anti-malware-tools-to-detect-zero-days.html
     
  2. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    avast! has been using that for quite a while afaik. But they are very conservative at using it judging by their detection...
     
  3. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,559
    Skynet has been activated :)
     
  4. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    Sounds to me more like a hype than anything really meaningful.
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    2,880
    Location:
    Australia
  6. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    It's a buzzword for somewhat existing thing, just like "cloud" was a year or two ago. Basically it means you toss bunch of stuff in one bin and give computer job to sort stuff to good, bad and needs further analysis. So you can just feed suspicious apps into the system and it'll be throwing out file classifications. If found as bad, it can then get sigantue generated automatically, if it's found clean on severala spects it can be feed tot he whitelist and if needs further analysis it'll be sent to the actual human virus analyst. Then you can have tons of stuff in the middle that is fully automated and assists you along the way depending what company needs to do with the data.

    It can also help finding similarities between files in one group to further increase detection signatures density (generic automatically generated signatures) etc.

    All this is done on system with massive parallel computation power. avast! guys use several GeForce GPU's to do that in a custom built system dedicated to data crunching. This is what's hiding behind "deep learning" "buzzword".

    You can read more about it here:
    https://www.avast.com/technology

    I think other vendors use similar approach so it most likely applies tot hem as well.
     
  7. Secondmineboy

    Secondmineboy Registered Member

    Joined:
    Jan 1, 2016
    Posts:
    85
    Location:
    Germany
    More vendors will use this in the future hence theres more and more malware released every year.
    It reacts faster and better to new threats.

    Also Cloud systems which work like a human brain are better in detection :)

    http://www.technologyreview.com/new...at-mimics-the-brain-could-catch-more-malware/
     
  8. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,016
    :argh:
     
  9. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    Thanks for the detailed explanation of this technology. It does look like it's something useful.

    Regards,
    oliverjia
     
  10. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,082
    Location:
    Netherlands
    Yep, although the technology can't be compared by throwing data in a bin and let a computer sort it out.

    Each executable has some characteristics, which can be interpreted and classified. Based on these attributes Avast is generating generic identifyers, like your surname and the postal code are generic. They don't explicitely identify you, but they mark you as a group. Then they apply some magic to combine these factors and classifies them into clusters.

    So out of 250.000 new PE's, about 150.000 of those new samples can be grouped into 20.000 clusters. Each of these clusters has to be analyzed and the verdict (good or bad) of the cluster is applicable to all of the unique samples in that cluster.

    The remaining 100.000 are tossed into a (sandbox) bin and analysed by the computer like Rezjor mentioned
     
  11. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well, I oversimplified it because in the end, that's what it is, a giant junk sorter. You toss stuff in and it then sorts it all out for you in an usable form/shape. How it does that exactly doesn't really matter to most users. Though avast!'s technology page goes in quite some details...
     
  12. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,082
    Location:
    Netherlands
    From a distance everything looks the same, so you are right, but that does not outlines the importance of (stage 1) machine based learning combined (stage 2) automatic behavioral analysis in a sandbox. A year ago, researchers of Google claimed that reputation analysis combined with machine based learning would provide 99% accuracy in classifying unknown into good or bad clusters. So it is more than just a buzzword IMO.
     
Loading...