DeepSec Talk 2024: Blackbox Android Malware Detection Using Machine Learning and Evasion Attacks Techniques – Professor Dr. Razvan Bocu

Sanna/ September 18, 2024/ Conference/ 0 comments

Over the past ten years, researchers have extensively explored the vulnerability of Android malware detectors to adversarial examples through the development of evasion attacks. Nevertheless, the feasibility of these attacks in real-world use case scenarios is debatable. Most of the existing published papers are based on the assumptions that the attackers know the details of the target classifiers used for malware detection. Nevertheless, in reality, malicious actors have limited access to the target classifiers. This talk presents a problem-space adversarial attack designed to effectively evade blackbox Android malware detectors in real-world use case scenarios. The proposed approach constructs a collection of problem-space transformations derived from benign donors that share opcode-level similarity with malware applications through the consideration of an n-gram-based approach. These transformations are then used to present malware instances as legitimate entities through

Read More

DeepSec 2022 Talk: Machine Learning Use in OSINT – Giorgi Iashvili

Sanna/ September 5, 2022/ Conference

Open source intelligence is one of the important aspects of cyber security activities as it relies on the publicly available sources, such as social networks, websites, blogs, etc. This includes data mining and gathering techniques, as well as data extraction and data analysis activities. Open source intelligence is widely used in different fields today. Mainly, this process runs manually and is fully managed by humans. Moving from a manual to automated processes in OSINT is vital, especially that we work with real-world operations. Different components must build a relevant system to provide automated open source-based activities together with training simulations for the Machine Learning. The structure of the ML approach is the following: Requirements: Information used from previous user experience; Collection: Web crawlers or / and scrapers; Processing exploration: Pattern recognition, Detection of the

Read More

DeepSec 2021 Talk: Hunting for LoLs (a ML Living of the Land Classifier) – Tiberiu Boros, Andrei Cotaie

Sanna/ August 25, 2021/ Conference

Living of the Land is not a brand-new concept. The knowledge and resources have been out there for several years now. Still, LoL is one of the preferred approaches when we are speaking about highly skilled attackers or security professionals. There are two main reasons for this: Experts tend not to reinvent the wheel Attackers like to keep a low profile/footprint (no random binaries/scripts on the disk) This talk focuses on detecting attacker activity/Living of the Land commands using Machine Learning, for both Linux and Windows systems. Most of the AV vendors do not treat the command itself (from a syntax and vocabulary perspective) as an attack vector. And most of the log-based alerts are static, have a limited specter and are hard to update. Furthermore, classic LoL detection mechanisms are noisy and somewhat

Read More

ROOTs 2020: No Need to Teach New Tricks to Old Malware: Winning an Evasion Challenge with XOR-based Adversarial – Fabrício Ceschin

Sanna/ November 12, 2020/ ROOTS

Adversarial machine learning is so popular nowadays that Machine Learning (ML) based security solutions became the target of many attacks and, as a consequence, they need to adapt to them to be effective. In our talk, we explore attacks in different ML-models used to detect malware, as part of our experience in the Machine Learning Security Evasion Competition (MLSEC) 2020, sponsored by Microsoft and CUJO AI’s Vulnerability Research Lab, in which we managed to finish in first and second positions in the attacker’ and defender challenge, respectively. During the contest’s first edition (2019), participating teams were challenged to bypass three ML models in a white box manner. Our team bypassed all three of them and reported interesting insights about the models’ weaknesses. This year, the challenge evolved into an attack-and-defense model: the teams should either propose

Read More

DeepSec2020 Talk: What’s Up Doc? – Self Learning Sandboxes to Defeat Modern Malwares Using RSA: Rapid Static Analysis – Shyam Sundar Ramaswami

Sanna/ October 30, 2020/ Conference

“Catch me if you can!” is the right phrase to describe today’s malware genre. Malwares have become more stealthy, deadly and authors have become more wiser too. What if sandboxes started performing rapid static analysis on malware files and passed on the metadata to spin a sandbox environment based on malware attributes and the malware does not evade? Well, the talk deals with about how to do RSA (Rapid Static Analysis, i coined it), pass on the attributes and how we defeat modern malwares by dynamically spinning sandboxes. RSA embedded in “H.E.L.E.N” and “Dummy” and how we extracted the real IOC from Ryuk forms the rest of the talk and story! The talk also covers how these key “attributes” that are extracted are used for ML, how we build bipartite graphs, build instruction based

Read More

ROOTS 2019 Talk: Shallow Security: on the Creation of Adversarial Variants to Evade ML-Based Malware Detectors – Fabricio Ceschin

Sanna/ November 22, 2019/ ROOTS

The use of Machine Learning (ML) techniques for malware detection has been a trend in the last two decades. More recently, researchers started to investigate adversarial approaches to bypass these ML-based malware detectors. Adversarial attacks became so popular that a large Internet company (ENDGAME Inc.) has launched a public challenge to encourage researchers to bypass their (three) ML-based static malware detectors. Our research group teamed to participate in this challenge in August/2019 and accomplishing the bypass of all 150 tests proposed by the company. To do so, we implemented an automatic exploitation method which moves the original malware binary sections to resources and includes new chunks of data to it to create adversarial samples that not only bypassed their ML detectors, but also real AV engines as well (with a lower detection rate than

Read More

DeepSec 2019 Talk: Security Analytics and Zero Trust – How Do We Tackle That? – Holger Arends

Sanna/ November 8, 2019/ Conference, Security

For many years we’ve all been in an arms race, fighting daily against new malware varieties and new attack techniques that malicious actors use to fool us and compromise our systems. Many of us rely on state of the art safeguards and have invested tremendous amounts in defending our systems and networks, yet even so, important data is still leaked or important systems are compromised. Firewalls, IDS, IPS or SIEM systems are often unable to prevent or detect attacks. Questions are often raised: “why?” and “how?” is it possible these attacks stay undetected for long periods of time, considering the significant investments into cyber security. And so it seems obvious to say that with the introduction of IoT devices, unmanaged BYOD, combined with legacy systems and end to end encryption, the future will be

Read More

DeepSec 2019 Talk: What Has Data Science Got To Do With It? – Thordis Thorsteins

Sanna/ September 26, 2019/ Conference, Security

In this talk I want to shed some light on data science’s place within security. You can expect to learn how to see through common data science jargon that’s used in the industry, as well as to get a high level understanding of what’s happening behind the scenes when data science is successfully applied to solve complex security problems. The talk is aimed at anyone who’s been curious or had questions about the rise of things like “machine learning” or “big data” in the context of security. No prior data science knowledge is required. We asked Thordis a few more questions about her talk which will be held at DeepSec 2019.   Please tell us the top 5 facts about your talk. It will give an insight into the exciting (and sometimes terrifying) world

Read More

DeepSec 2017 Talk: Malware Analysis: A Machine Learning Approach – Chiheb Chebbi

Sanna/ August 26, 2017/ Conference, Security

Software has a character. It can be beneficial. It can also be malicious. A networked business world and the Internet of connected individuals make life for malicious software, also known as malware, easier. Just like international travel facilitates the spread of diseases and parasites, the networked globe is a big advantage for malware. Researcher can hardly keep up with the numbers of detected viruses, worms, and trojan horses. So why not let machines look for malware on their own? Certainly automation already benefits the hunt for malicious code. Chiheb Chebbi has some ideas that can help. Threats are a growing problem for people and organizations across the globe. With millions of malicious programs in the wild it has become hard to detect zero-day attacks and polymorphic viruses.This is why the need for machine learning-based

Read More

DeepSec2016 Talk: Cover Your SaaS: Protecting Your Cloud With Analytics and Machine Learning – Ian Thornton-Trump

Sanna/ September 24, 2016/ Conference, Security, Security Intelligence

Some people call military intelligence an oxymoron. This usually happens when something goes wrong. It might be due to sloppy reconnaissance, operations, or simply bad luck. While it’s always good to have someone or something to blame, things are not so easy in modern „cyberspace“. Improving your security means to have something to base this improvement on. Despite the fact that being lucky is never a bad thing, the selection of your defences and the assessment of the threats you are facing need to be based on something more solid. IT departments have been mining logs and other kind of raw materials that produce metrics for decades. Every once in a while there is a new trend. Now that we can store enormous amounts of data and can access it, we have a lot

Read More