Defeating Machine Learning: Systemic Deficiencies for Detecting Malware

Presented at BSidesLV 2016, Aug. 2, 2016, 3 p.m. (55 minutes)

Malware detection tools have evolved significantly over the last several decades in response to increasingly complex threats. Machine learning has emerged as a particularly robust solution and is often touted as the ultimate zero-day malware detection technology. As adoption increases, it is important to recognize and explore shortcomings and vulnerabilities of machine learning solutions. In this talk, we discuss several of these shortcomings and attempt to dispel the false sense of security surrounding the use of the term "machine learning". We then do a deep dive into a particular vulnerability that is systemic to virtually all malware detection technologies - that defeating one instance of a security solution allows an attacker to defeat all deployed instances. This stems from the fact that previous and current solutions (*including* those that employ machine learning) distribute identical deployments. We propose a new deployment paradigm that addresses the shared deployment problem above, ensuring near-equal efficacy but high diversity among security solution deployments. We then present promising comparative results between machine learning classifiers trained and distributed using this paradigm vs. classifiers trained using traditional methods.

Presenters:

• Wes Connell - Threat Researcher - BluVector
  I'm especially motivated and passionate for dramatically improving data hunting tradecraft within the cyber security domain. I have a very broad range of technical interests - particularly in the security dimension of hardware, software, systems, and networks. When I'm not hacking the planet, I enjoy playing more golf than is healthy and painfully rooting for the Washington Capitals.
• Ryan Peters - Applied Data Scientist - BluVector
  Ryan Peters is a data scientist and software engineer at BluVector, developing machine learning approaches for malware detection. He holds a Bachelor's degree in Biomedical Engineering from Case Western Reserve University and a Master's degree in Biomedical Engineering from Duke University with a focus on computational modeling.

Links:

• https://bsideslv2016.sched.com/event/7Vh1/defeating-machine-learning-systemic-deficiencies-for-detecting-malware

Similar Presentations:

• VB2017 / Still a lot to learn: bypassing machine-learning AV solutions
• Black Hat USA 2015 / Defeating Machine Learning: What Your Security Vendor is Not Telling You
• BSidesLV 2017 / The New Cat and Mouse Game: Attacking and Defending Machine Learning Based Software