Still a lot to learn: bypassing machine-learning AV solutions

Friday 6 October 12:00 - 12:30, Red room

Gilbert Sison (Trend Micro)
Brian Cayanan (Trend Micro)

Recently, the security industry has adopted various machine-learning solutions to proactively prevent malware from infecting a system. This has the potential to be a game changer in the fight against malware. However, at this early stage of machine learning in the AV industry, recent malware innovations are already showing how this next-gen AV solution can be bypassed. This paper aims to show what techniques are readily available for malware writers to use to have a chance at infecting a system even with machine-learning-based security in place.


First, we will provide an overview of the two most common machine-learning approaches that are being used by the AV industry today, along with the pros and cons of using each one (static vs. dynamic). We will then describe how these machine-learning approaches are affected by already established malware techniques that have proven to be effective against previous AV solutions. Next, we will discuss the latest innovations being used by malware authors to bypass these machine-learning solutions. Finally, we will show the possible trade-offs of actually using these malware innovations against the overall security solutions offered by the AV industry today.

 

Click here for more details about the conference