Still a lot to learn: bypassing machine-learning AV solutions

Friday 6 October 12:00 - 12:30, Red room

Gilbert Sison (Trend Micro)
Brian Cayanan (Trend Micro)

Recently, the security industry has adopted various machine-learning solutions to proactively prevent malware from infecting a system. This has the potential to be a game changer in the fight against malware. However, at this early stage of machine learning in the AV industry, recent malware innovations are already showing how this next-gen AV solution can be bypassed. This paper aims to show what techniques are readily available for malware writers to use to have a chance at infecting a system even with machine-learning-based security in place.

First, we will provide an overview of the two most common machine-learning approaches that are being used by the AV industry today, along with the pros and cons of using each one (static vs. dynamic). We will then describe how these machine-learning approaches are affected by already established malware techniques that have proven to be effective against previous AV solutions. Next, we will discuss the latest innovations being used by malware authors to bypass these machine-learning solutions. Finally, we will show the possible trade-offs of actually using these malware innovations against the overall security solutions offered by the AV industry today.

 

Gilbert-Sison-web.jpg

Gilbert Sison

Gilbert Sison has worked at Trend Micro for over ten years. During his tenure, he has filled the roles of malware analyst, pattern QA, product tester, team manager, and malware researcher. The bulk of his career has been spent reverse engineering threats and finding ways to improve how endpoint products handle malware threats. Currently, he is a part of a specialized team responsible for research and deep analysis of hot malware families.

 

Brian-Cayanan-web.jpg

Brian Cayanan

Brian Cayanan has been in the anti-malware industry for more than 10 years and has gained genuine knowledge and expertise in the field of computer and network security. He started his career as one of Trend Micro's malware analysts and has developed advanced skills in malware reverse engineering and malware forensics. Over the years, he has taken up a number of different roles within the company such as threat researcher, big data analyst, and operations team lead. He is currently head of a specialized team within Trend Micro responsible for research and deep analysis of current hot malware families in the wild.



Register.jpg

VB2017 OVERVIEW

WHY ATTEND

SPEAKERS

PROGRAMME

REGISTER NOW!

VENUE

BOOK HOTEL

VB2017 FOOSBALL TOURNAMENT


Other VB2017 papers

Walking in your enemy's shadow: when fourth-party collection becomes attribution hell

Juan Andres Guerrero-Saade (Kaspersky Lab)

Costin Raiu (Kaspersky Lab)

Attribution is complicated under the best of circumstances. Sparse attributory indicators and the possibility of overt…

XAgent: APT28 cyber espionage on macOS

Tiberius Axinte (Bitdefender)

This paper provides an in-depth analysis of the macOS version of the APT28 component known as XAgent. We will dissect the…

The state of cybersecurity in Africa: Kenya

Tyrus Kamau (Euclid Consultancy)

The cyber threats Kenya faces range from basic hacking such as website defacements, financial fraud, social media account…