Speakers

Many machine learning researchers tend to think of malware detection problem as dataset collection, model selection, model training, hyperparameter tuning to maximise accuracy and to minimise false positives, and finally filling out the confusion matrix. The fundamental drawback of this blind machine learning development cycle combined with traditional machine learning algorithms is we can't have a glimpse of why the model sees it as malicious or clean. Without knowing why, how would you even convince yourself you are right?
Considering the diversity of malware is restricted to each campaign launched by malware author’s automated mutation tool, experienced human analysts can spot the variants of a family in a nick of time without too many training samples. Functioning quite similar to human brain’s neural network, deep learning offers a very nice tool to visually recognise these malware variants. Armed with the generative power of adversarial network, deep learning will get the additional capability to detect previously unseen outbreaks of a malware campaign with only a handful of samples. I will show you why deep learning models are effective in detecting new malware variants by visualising the look of various malware families.

I would like to discuss small shifts in current malware and threat technologies that could affect us in the near/far future. Like for example, serializing a binary .NET assembly program to JScript or VBA macro code is a technology that could introduce additional complications in our current solutions. Think of instant conversion of Mimikatz binary into JScript format and its possible offensive attack advantage. Another new technology is Web Assembly (Wasm) which is not surprisingly cybercrime actors are already into it (especially in malicious Coin Miner threats). Small shifts in malicious code injections technology e.g. Process Doppelganging, Early Bird, Ctrl-Inject and other tech will be covered.

As sophistication and volume of malware increase, software security specialists continue to work smarter than ever to block cyber threats. Taking advantage of various “sensors,” Machine Learning (ML) is used to help determine the impact for users, as well as classify unknown file samples if they are malicious or benign. Also, as cybercriminals attempt to conceal malicious code through various encryption, we tap on explainer modules for some ML algorithms such as Linear Regression and Random Forest to assist Threat Response Teams in analysis and solution delivery. Lastly, to address the massive volume of malware, the talk shares some approaches using High Performance Computing(HPC) in GPU together with ML.

Dynamic Data Exchange (DDE) is an old protocol that provides a way for applications to share data and communicate with each other. Among the applications that makes use DDE, Microsoft Office Applications are the prime targets since this function has been identified by Microsoft as a feature and is working as intended which means that it won’t get patched out anytime soon.

Dynamic Data Exchange (DDE) is an old protocol that provides a way for applications to share data and communicate with each other. Among the applications that makes use DDE, Microsoft Office Applications are the prime targets since this function has been identified by Microsoft as a feature and is working as intended which means that it won’t get patched out anytime soon.

This talk provides a gentle introduction on how deep-learning can solve sequential problems and explores attacks against deep-learning systems.