When malware is difficult to discover — and has limited samples for analysis — we propose a machine learning model that uses adversarial autoencoder and semantic hashing to find what bad actors try to hide. We, along with researchers from the Federation University Australia, discussed this model in our study titled “Generative Malware Outbreak Detection.”Read More
Cybercriminals have become more and more creative and efficient in their efforts to successfully bypass network security. Reports of unauthorized network intrusions that have compromised enterprise security, resources, and data, plague experts on a day-to-day basis, and will continue to do so if not prevented by a more efficient detection system or method. Currently, attackers use polymorphism, encryption, and obfuscation, among other techniques, to automate and increase variants in an attempt to evade traditional intrusion detection methods such as rule-based techniques.
To address these growing number of network threats and keep abreast with the changing sophistication of network intrusion methods, Trend Micro looked into network flow clustering — a method that leverages the power of machine learning in strengthening current intrusion detection techniques.Read More
Website defacement — the act of visibly altering the pages of a website, notably in the aftermath of a political event to advance the political agenda of a threat actor— has been explored in our various research works. We broke down top defacement campaigns in a previous paper and, in another post, emphasized how machine learning in our security research tool can help Computer Emergency Readiness Teams (CERTs)/Computer Security Incident Response Teams (CSIRTs) and web administrators prepare for such attacks. The latter took off from the analysis done in our most recent paper, Web Defacement Campaigns Uncovered: Gaining Insights From Deface Pages Using DefPloreX-NG. Here we expound on why machine learning (ML) was an ideal method for our analysis to better understand how web defacers operate and organize themselves.Read More
The history of antimalware security solutions has shown that malware detection is like a cat-and-mouse game. For every new detection technique, there’s a new evasion method. When signature detection was invented, cybercriminals used packers, compressors, metamorphism, polymorphism, and obfuscation to evade it. Meanwhile, API hooking and code injection methods were developed to evade behavior detection. By the time security solutions started using machine learning (ML)-based detection technologies, it was already expected that cybercriminals would develop new tricks to evade ML.
To be one step ahead of cybercriminals, one method of enhancing an ML system to counter evasion tactics is generating adversarial samples, which are input data modified to cause an ML system to incorrectly classify it. Interestingly, while adversarial samples can be designed to cause ML systems to malfunction, they can also, as a result, be used to improve the efficiency of ML systems.Read More
By employing machine learning algorithms, we were able to discover an enormous certificate signing abuse by BrowseFox, a potentially unwanted application (PUA) detected by Trend Micro as PUA_BROWSEFOX.SMC. BrowseFox is a marketing adware plugin that illicitly injects pop-up ads and discount deals. While it uses a legitimate software process, the adware plugin may be exploited…Read More