InfoGuard Cyber Security and Cyber Defence Blog

Machine Learning makes for a revolution in malware detection

Geschrieben von Reinhold Zurfluh | 11 Okt 2017

Machine learning is on everyone’s lips. For years, artificial intelligence and neural networks were but a dream for the geeks. Nowadays, machine learning is an essential component in the detection of advanced malware. However, if it must be effective, it must be combined with solid cyber threat intelligence. In this post, we show you what really lies hidden behind the name, and what opportunities does machine learning offer to your enterprise.

It is hard to think of today’s life without machine learning. Only a few years ago, self-learning software belonged to the Universities, research institutions and a few technology enterprises; today it can be found more and more often into everyday products and solutions. For instance, smartphones with speech recognition, such as the iPhone or any of the Google devices, are largely driven by machine learning algorithms; the same goes for face recognition in photo management, or spam filters in PCs. Also to achieve effective and efficient cyber defence, it is hardly possible to do without machine learning. But what does “machine learning” actually mean?

Everybody can benefit from machine learning

To put it simply, machine learning is the art of making a computer do useful things, without having to programme it explicitly. Which means that the computer generates knowledge from experience, on its own just like people do, and therefore it can find solutions for new, previously unknown problems. So the target of machine learning is to connect data intelligently, recognising dependencies, drawing conclusions and making predictions. In this way, self-learning machines are able to take up tasks that would be too complex for people to achieve. For instance, in medicine, self-learning programmes help detecting cancers and suggesting therapies – often outperforming the best human experts.
This capability of processing complex dependencies between the input and the output of vast quantities of data, is one of the main advantages of machine learning. And this is exactly what we need nowadays, in the detection of attacks.

Fight off the cyber-onslaught with machine learning

All over the world, enterprises are constantly exposed to cyber-attacks. To protect themselves, they employ Intrusion Detection Systems (IDS), firewalls, strong authentication and several other security measures. However, such systems only provide attack-related information, and can only say very little about what is likely to be the attacker’s next move. But this is exactly the most important information we need, if we want to fight off security incidents. And even if we should know what to expect next from an attacker, it would be of little help with traditional, reactive security measures. If we have to be at all times prepared for cyber-attacks, we need a new approach to breach detection, that is, one that is based on artificial intelligence (AI). This is out only chance to act proactively, and keep one step ahead of the attackers.

Who knows what the attacker is going to do now…

Let us try sketching out a checklist, tailored to a specific infrastructure, to help recognise a security incident in a network. For instance, we might ask ourselves:

  • What is the next malware that the attacker will install?
  • Which are the likeliest target systems, on which he will try to install the malware?
  • Which security tools will the attacker try to deactivate?
  • Will the attacker try to alter logs, or to cover his tracks?
  • Are privileged user accounts going to be compromised?
  • Which applications could be targeted for a vulnerability search?
  • What data will the cybercriminals try to copy?
  • How will the attacker try to carry the data over the network?

Answering the questions above will be hardly possible, without the appropriate security tools; and as long as enterprises will concentrate themselves only on a purely reactive approach, they will always lag at least two or more steps behind the attacker. Surely you do not wish this to happen to you!

… can stay safe from an attack

In order to effectively predict an attack, we need the efficient and precise processing of enormous quantities of data. The early attempts at attack prediction, however, have been quite disappointing. Both the quantity and the quality of the available data, and the capability to process and analyse vast quantities of information, ended up overburdening most solutions. The first breakthrough in machine learning came only a few years back, by exploiting the opportunity of parallel processing offered by graphic processors (GPUs) which in fact had been developed for the gaming industry. Graphic processors are made of thousands of computing units, and compared with classic CPUs they are indeed much faster. You can read more about artificial intelligence in a previous post in our blog.

Master the sheer mass of information, thanks to machine learning

The quality and quantity of information available today, are by far much better than just a couple of years ago; and luckily so is our capability to analyse them by machine learning. For instance, by exploiting the experience of past cyber-attacks, the latest malware recognition technologies can predict the tactics that are most likely to be used in a given scenario. Therefore, today’s analysis engines make it possible to predict the cybercriminals’ next steps.

Make your choice today, and switch to a proactive cybersecurity strategy. By employing the latest analytical security technologies, you can quickly make enormous steps ahead in this field. Read more about how Lastline Enterprise can protect your enterprise against the most advanced malware-based attacks. The innovative concept adopted by Lastline will extract suspicious programmes and analyse them in detail in the Next Generation Sandbox; at the same time, network traffic will be constantly watched for Indicators of Compromise (IoCs), which are continuously kept up-to-date through several specific databases.

The independent NSS Labs is impressed

Lastline is the first and only company that scored 100% in a NSS Breach Detection Report on all domains with no false positives. NSS Labs suggests, for the second time in a row, the use of Lastline for breach detection.

Erfahren Sie mehr im detaillierten NSS Labs Report. Hier geht's zum kostenlosen Download:


Read more in the detailed NSS Labs report, which you can download for free from here: