SlideShare a Scribd company logo

Talha Obaid, Email Security, Symantec at MLconf ATL 2017

Download as PPTX, PDF
MLconf
MLconf

A Machine Learning approach for detecting a Malware: The project is to improve the way we detect script based malware using Machine Learning. Malware has become one of the most active channel to deliver threats like Banking Trojans and Ransomware. The talk is aimed at finding a new and effective way to detect the malware. We started with acquiring both malicious and clean samples. Later we performed feature identification, while building on top of existing knowledge base of malware. Then we performed automated feature extraction. After certain feature set is obtained, we teased-out feature which are categorical, interdependent or composite. We applied varying machine learning models, producing both binary and categorical outcomes. We cross validated our results and re-tuned our feature set and our model, until we obtained satisfying results, with least false-positives. We concluded that not all the extracted features are significant, in fact some features are detrimental on the model performance. Once such features are factored-out, it results not only in better match, but also provides a significant gain in performance.

Technology
1 of 32
Machine Learning for Detecting Malware Talha Obaid Ling Zhou Timothy You Xinlei Cai MLConf – Atlanta Sep 2017 Email Security Scripting
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only The Team! Ling Zhou Timothy You Xinlei Cai Talha Obaid
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Machine Learning @ Symantec • Early adopter of ML in industry • SRL – Symantec Research Labs • CAML – Centre for Advanced Machine Learning • Malware detection, spam identification • Helped achieve the compounded impact • Malware polymorphism https://www.symantec.com/connect/blogs/meet-symantec-labs-industrys-best-kept-secret
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Reference: https://www.symantec.com/connect/blogs/machine-learning-not-only-answer How I got infected?
Email – as a carrier!
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Email is the weapon of choice! • One in 131 emails contained malicious link or attachment, the highest rate in five years • The rate jumped from 1 in 220 emails in 2015 to 1 in 131 emails in 2016 • In 2016 Small to Medium sized Businesses were the most impacted by phishing attacks with 1 in 95 emails containing malware • Email sent daily in 2016 – 269 billion* • The general office worker receives an average of 600 emails per week* • Blended attacks - Email as a career for malicious URL • Office document files are an effective weapon • Lighter footprint and hiding in plain sight Reference: https://www.symantec.com/security-center/threat-report * Email Statistics Report, 2017-2021, Radicati Group, February 2017 Copyright © Symantec
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Worldwide Email Forecast Worldwide Email Users* (M) 3,718 3,823 3,930 4,037 4,147 % Growth 3% 3% 3% 3% Reference: https://www.radicati.com/wp/wp-content/uploads/2017/01/Email-Statistics-Report-2017-2021-Executive-Summary.pdf * Includes both Business and Consumer Email users Daily Email Traffic 2017 2018 2019 2020 2021 Total Worldwide Emails Sent/Received Per Day (B) 269.0 281.1 293.6 306.4 319.6 % Growth 4.5% 4.4% 4.4% 4.3% Worldwide Daily Email Traffic (B), 2017-2021 Worldwide Email User Forecast (M), 2017–2021
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Email: Locky malware delivery vector Reference: https://www.symantec.com/security-center/threat-report http://www.latimes.com/business/technology/la-me-ln-hollywood-hospital-bitcoin-20160217-story.html https://arstechnica.com/information-technology/2016/02/locky-crypto-ransomware-rides-in-on-malicious-word-document-macro/ Copyright © Symantec • Released in 2016 • Still active in 2017 • “Enable macro if data encoding is incorrect” • If the user does enable macros, the macros then save and run a binary file that downloads the actual encryption Trojan • Hospital in Hollywood payed $17,000 in bitcoin to hackers
Scripting Malware – real ones!
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Exampli Gratia AutoClose, Random variable, String split
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Fake variable Fake comment Fake condition
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Multiple Function String split
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only String encryption Random variable Function Call hidden
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only String Encryption Random variable Multi function Click event
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only String hidden Fake condition
Machine Learning for hand-written text!
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Domain Differences Programming Language • Non-Ambiguous • Deterministic language • Clear distinction between syntax and semantics • Semicolons, Tabs vs Spaces, Editor wars • Identifier, sub routine calls, imports • Comments, conventions, notations • Design patterns Natural Language • Ambiguous • Context-bound languages • Less distinguished between syntax and semantic • Puns, Rants, Parodies, Imitations • TF-IDF • LSTM – Long short term memory • Bag of words Copyright © Symantec
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Machine Learning Applications – Code! Automatic Patch Generation by Learning Correct Code by Fan et. al. Reference: https://www.newscientist.com/article/mg23331144-500-ai-learns-to-write-its-own-code-by-stealing-from-other-programs/ http://people.csail.mit.edu/rinard/paper/popl16.pdf Copyright © Symantec
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only https://www.forbes.com/sites/adrianbridgwater/2016/03/07/machine-learning-needs-a-human-in-the-loop https://blogs.technet.microsoft.com/machinelearning/2016/10/17/the-power-of-human-in-the-loop-combine-human-intelligence-with-machine-learning/ Human-In-The-Loop?
How we do it
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Rule ^ ML Email Analyze Inflation Macro Extraction Parsing Feature Extraction Copyright © Symantec
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Feature Selection (Total 72 Features) ML_1... ML_12… ML_2... ML_13… ML_3... ML_14…* ML_4... ML_15… ML_5... ML_16… ML_6... ML_17… ML_7… ML_18… ML_8… ML_19… ML_9… ML_20… ML_10… ML_21…* ML_11… … Note: Features with (*) can be expanded to the count of each item. ML_21_1… ML_14_1… ML_21_2… ML_14_1… ML_21_3… ML_14_1… ML_21_4… ML_14_1… ML_21_5… ML_14_1… ML_21_1… ML_14_1… ML_21_1… ML_14_1… ML_21_1… ML_14_1… ML_21_1… ML_14_1… ML_21_1… ML_14_1… … 29 features … 21 features
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Optimization ML_1… (Composite) ML_2… ML_3… ML_4… ML_14_3… 1 31469 1245 35 211 0 2 44617 1264 14 171 0 3 33247 1045 14 158 0 … … … … … … 1234 18828 682 29 222 1 … … … … … … 40000 1273048 844 19 151 0 • Treat ML_1… feature since it is dependent on other features. • Treat features like ML_14_3… since categorical feature.
Results – very recent ones!
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Spam run – from Aug 21 to Aug 27 { "desc": "Shell call", "artifact": " Shell "Explorer.exe " & strCommande, vbNormalFocus, " }, Copyright © Symantec
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Just this morning … 15 Sep 2017
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Recently captured… { "desc": "Small routine with string manipulation", "artifact": " Chinook = (AscB(Sumatran_Rhinoceros))" "artifact": " Tapir = Chinook(Mid(Sand_Lizard, Chipmunk, 1)) - Int(M..." }, { "desc": "Small routine with run & Obfuscated object concat & Obfuscated object creation arguments shell & Createobject run one-liner", "artifact": " CreateObject(Pig + "Shell").Run Module1.Ibis(Sea_Dragon, "" },
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only { "desc": "Obfuscated object variable", "artifact": "Set miLxhuTjOMrpjvLQQNhstoiWlCkOdozYkasyizjweDRGlKRkgtkgxHZyAoLfJFFaMSFJDNiRekNpWbkbkzhjETbcA tytnDmZxruTFIhTLSCM = CreateObject(ujcYEkvJXWWtqcIKOpdaxorehRVbSNYlQPiQQao" }, { "desc": "Obfuscated object creation arguments", "artifact": "Set qvBvooYSTaFymchvnZIkLUSrhheHIwfYCSyrpgvjePoCKWbhMYoOBOJVcKO = CreateObject(kbUBGIKqbHJyTmAmPbuHSBjqouVxfwCfSfEWfcNXxXYAhCJKXcegnoejsdNMnNKeFdfnieGnOXJv cjJlkKZDSV" }, { "desc": "Long obfuscated variable assignment", "artifact": "ZGwEiLSTkOsQSFcFzZVPMMuHalgKESzgWlohddzbmveToRIxzt" },
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only { "desc": "Macro with constant manipulation in function call", "artifact": "dNDfJESUPztgDlcNnWNZLIPsGgXDVndgUDYaarDOIWeCVstlSACjSVcUyLZ = CWvXJUNlxQcbDqNtnmQhCsifqGFBSHE$(327 - 240) & CWvXJUNlxQcbDqNtnmQhCsifqGFBSHE$(324 - 241) & CWvXJUNl…" }, { "desc": "Highly random long string found", "artifact": "mRClEXzmRGxUqDPLJHcHeEMgjtqozQbuXXYIpdNJOtykVB" }, { "desc": "Object creation variable identifier", "artifact": "qvBvooYSTaFymchvnZIkLUSrhheHIwfYCSyrpgvjePoCKWbhMYoOBOJVcKO" }, { "desc": "Random subroutine name", "artifact": "dnHLjlClNBEYNnZihnFPOighaDbyTOUim" },
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only { "desc": "Random identifier with suspicious assignments", "artifact": "ujcYEkvJXWWtqcIKOpdaxorehRVbSNYlQPiQQaoCIdBbVAdczWFVpbOGsxrmOTqKykcaurtoAaRUmQJgntcvICwoBcYTiBopmrc kXChHdQUOKtTcnKzV = Chr$(327 - 240) & Chr$(324 - 241) & Chr$(24…" }, { "desc": "Shell/SaveToFile string contains strange variable name", "artifact": "RhIzeRHLbzssvNwesaErYKfXuynMPZjWdUBgPAZZUnlhknaNjNAQERoHClFgeuvBPWPbMQPsAeXlYymHXZdCZTRMfteev" }, { "desc": "File with following name was created and run created", "artifact": "XABNAGkAYwByAG8AcwBvAGYAdAA=XABxAGIASwBWAEsAdgBsAGgAdwBpAEoAUgBLAC4AZQB4AGUA" }, And… we capture a lot more!
Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Findings & Going Forward … • “If an artifact is missing” means a sample is missed – not anymore • All features contribute to the verdict in unison • Obfuscation is still a challenge and will remain to be one • Identify why a variable of string type is assigned a byte array? • Why an assignment expression is more than say 200 characters? • Keep transitioning inflating malware samples from sandbox to static analysis
Thank You! Talha Obaid Ling Zhou Timothy You Xinlei Cai Email Security Join us! www.symantec.com/about/careers

Recommended

captcha as graphical passwords—a new security primitive based on hard ai prob...
captcha as graphical passwords—a new security primitive based on hard ai prob...captcha as graphical passwords—a new security primitive based on hard ai prob...
captcha as graphical passwords—a new security primitive based on hard ai prob...swathi78
 
captcha as graphical passwords—a new security
captcha as graphical passwords—a new securitycaptcha as graphical passwords—a new security
captcha as graphical passwords—a new securityswathi78
 
Fighting cybersecurity threats with Apache Spot
Fighting cybersecurity threats with Apache SpotFighting cybersecurity threats with Apache Spot
Fighting cybersecurity threats with Apache Spotmarkgrover
 
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKThreat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKElasticsearch
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Priyanka Aash
 
Applied machine learning defeating modern malicious documents
Applied machine learning defeating modern malicious documentsApplied machine learning defeating modern malicious documents
Applied machine learning defeating modern malicious documentsPriyanka Aash
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using HadoopDataWorks Summit
 
Burning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionBurning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionJosh Sokol
 

Recommended

captcha as graphical passwords—a new security primitive based on hard ai prob...
captcha as graphical passwords—a new security primitive based on hard ai prob...captcha as graphical passwords—a new security primitive based on hard ai prob...
captcha as graphical passwords—a new security primitive based on hard ai prob...swathi78
 
captcha as graphical passwords—a new security
captcha as graphical passwords—a new securitycaptcha as graphical passwords—a new security
captcha as graphical passwords—a new securityswathi78
 
Fighting cybersecurity threats with Apache Spot
Fighting cybersecurity threats with Apache SpotFighting cybersecurity threats with Apache Spot
Fighting cybersecurity threats with Apache Spotmarkgrover
 
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKThreat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKElasticsearch
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Priyanka Aash
 
Applied machine learning defeating modern malicious documents
Applied machine learning defeating modern malicious documentsApplied machine learning defeating modern malicious documents
Applied machine learning defeating modern malicious documentsPriyanka Aash
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using HadoopDataWorks Summit
 
Burning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionBurning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionJosh Sokol
 
Content Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra
Content Disarm Reconstruction and Cyber Kill Chain - Muhammad SahputraContent Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra
Content Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputraidsecconf
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsRod Soto
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingMITRE - ATT&CKcon
 
Cloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesCloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesDr. Rajesh P Barnwal
 
Advances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defenseAdvances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defensePriyanka Aash
 
Solving Cyber at Scale
Solving Cyber at ScaleSolving Cyber at Scale
Solving Cyber at ScaleDataWorks Summit/Hadoop Summit
 
Confusion and deception new tools for data protection
Confusion and deception new tools for data protectionConfusion and deception new tools for data protection
Confusion and deception new tools for data protectionPriyanka Aash
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?Raffael Marty
 
A Survey on Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encryp...
A Survey on Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encryp...A Survey on Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encryp...
A Survey on Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encryp...IRJET Journal
 
Bypass Security Checking with Frida
Bypass Security Checking with FridaBypass Security Checking with Frida
Bypass Security Checking with FridaSatria Ady Pradana
 
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE - ATT&CKcon
 
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting ProgramIDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting ProgramDigit Oktavianto
 
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesIoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesSaeidGhasemshirazi
 
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE - ATT&CKcon
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkMITRE - ATT&CKcon
 
November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopYahoo Developer Network
 
Secure Phrase Search for Intelligent Processing ofEncrypted Data in Cloud-Bas...
Secure Phrase Search for Intelligent Processing ofEncrypted Data in Cloud-Bas...Secure Phrase Search for Intelligent Processing ofEncrypted Data in Cloud-Bas...
Secure Phrase Search for Intelligent Processing ofEncrypted Data in Cloud-Bas...JAYAPRAKASH JPINFOTECH
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE - ATT&CKcon
 
Hadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionHadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionMapR Technologies
 
SEC 572 Entire Course NEW
SEC 572 Entire Course NEWSEC 572 Entire Course NEW
SEC 572 Entire Course NEWshyamuopiv
 
Tamara G. Kolda, Distinguished Member of Technical Staff, Sandia National Lab...
Tamara G. Kolda, Distinguished Member of Technical Staff, Sandia National Lab...Tamara G. Kolda, Distinguished Member of Technical Staff, Sandia National Lab...
Tamara G. Kolda, Distinguished Member of Technical Staff, Sandia National Lab...MLconf
 
Rushin Shah, Engineering Manager, Facebook at MLconf SF 2017
Rushin Shah, Engineering Manager, Facebook at MLconf SF 2017Rushin Shah, Engineering Manager, Facebook at MLconf SF 2017
Rushin Shah, Engineering Manager, Facebook at MLconf SF 2017MLconf
 

More Related Content

What's hot

Content Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra
Content Disarm Reconstruction and Cyber Kill Chain - Muhammad SahputraContent Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra
Content Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputraidsecconf
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsRod Soto
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingMITRE - ATT&CKcon
 
Cloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesCloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesDr. Rajesh P Barnwal
 
Advances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defenseAdvances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defensePriyanka Aash
 
Confusion and deception new tools for data protection
Confusion and deception new tools for data protectionConfusion and deception new tools for data protection
Confusion and deception new tools for data protectionPriyanka Aash
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?Raffael Marty
 
A Survey on Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encryp...
A Survey on Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encryp...A Survey on Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encryp...
A Survey on Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encryp...IRJET Journal
 
Bypass Security Checking with Frida
Bypass Security Checking with FridaBypass Security Checking with Frida
Bypass Security Checking with FridaSatria Ady Pradana
 
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE - ATT&CKcon
 
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting ProgramIDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting ProgramDigit Oktavianto
 
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesIoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesSaeidGhasemshirazi
 
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE - ATT&CKcon
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkMITRE - ATT&CKcon
 
November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopYahoo Developer Network
 
Secure Phrase Search for Intelligent Processing ofEncrypted Data in Cloud-Bas...
Secure Phrase Search for Intelligent Processing ofEncrypted Data in Cloud-Bas...Secure Phrase Search for Intelligent Processing ofEncrypted Data in Cloud-Bas...
Secure Phrase Search for Intelligent Processing ofEncrypted Data in Cloud-Bas...JAYAPRAKASH JPINFOTECH
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE - ATT&CKcon
 
Hadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionHadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionMapR Technologies
 
SEC 572 Entire Course NEW
SEC 572 Entire Course NEWSEC 572 Entire Course NEW
SEC 572 Entire Course NEWshyamuopiv
 

What's hot (20)

Content Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra
Content Disarm Reconstruction and Cyber Kill Chain - Muhammad SahputraContent Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra
Content Disarm Reconstruction and Cyber Kill Chain - Muhammad Sahputra
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
 
Cloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesCloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research Challenges
 
Advances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defenseAdvances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defense
 
Solving Cyber at Scale
Solving Cyber at ScaleSolving Cyber at Scale
Solving Cyber at Scale
 
Confusion and deception new tools for data protection
Confusion and deception new tools for data protectionConfusion and deception new tools for data protection
Confusion and deception new tools for data protection
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
 
A Survey on Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encryp...
A Survey on Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encryp...A Survey on Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encryp...
A Survey on Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encryp...
 
Bypass Security Checking with Frida
Bypass Security Checking with FridaBypass Security Checking with Frida
Bypass Security Checking with Frida
 
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
MITRE ATT&CKcon 2018: Detection Philosophy, Evolution & ATT&CK, Fred Stankows...
 
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting ProgramIDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
 
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesIoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
 
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESETMITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK Framework
 
November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with Hadoop
 
Secure Phrase Search for Intelligent Processing ofEncrypted Data in Cloud-Bas...
Secure Phrase Search for Intelligent Processing ofEncrypted Data in Cloud-Bas...Secure Phrase Search for Intelligent Processing ofEncrypted Data in Cloud-Bas...
Secure Phrase Search for Intelligent Processing ofEncrypted Data in Cloud-Bas...
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - December
 
Hadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionHadoop / Spark on Malware Expression
Hadoop / Spark on Malware Expression
 
SEC 572 Entire Course NEW
SEC 572 Entire Course NEWSEC 572 Entire Course NEW
SEC 572 Entire Course NEW
 

Viewers also liked

Tamara G. Kolda, Distinguished Member of Technical Staff, Sandia National Lab...
Tamara G. Kolda, Distinguished Member of Technical Staff, Sandia National Lab...Tamara G. Kolda, Distinguished Member of Technical Staff, Sandia National Lab...
Tamara G. Kolda, Distinguished Member of Technical Staff, Sandia National Lab...MLconf
 
Rushin Shah, Engineering Manager, Facebook at MLconf SF 2017
Rushin Shah, Engineering Manager, Facebook at MLconf SF 2017Rushin Shah, Engineering Manager, Facebook at MLconf SF 2017
Rushin Shah, Engineering Manager, Facebook at MLconf SF 2017MLconf
 
Michael Alcorn, Sr. Software Engineer, Red Hat Inc. at MLconf SF 2017
Michael Alcorn, Sr. Software Engineer, Red Hat Inc. at MLconf SF 2017Michael Alcorn, Sr. Software Engineer, Red Hat Inc. at MLconf SF 2017
Michael Alcorn, Sr. Software Engineer, Red Hat Inc. at MLconf SF 2017MLconf
 
Dr. June Andrews, Principal Data Scientist, Wise.io, From GE Digital at MLcon...
Dr. June Andrews, Principal Data Scientist, Wise.io, From GE Digital at MLcon...Dr. June Andrews, Principal Data Scientist, Wise.io, From GE Digital at MLcon...
Dr. June Andrews, Principal Data Scientist, Wise.io, From GE Digital at MLcon...MLconf
 
Anima Anadkumar, Principal Scientist, Amazon Web Services, Endowed Professor,...
Anima Anadkumar, Principal Scientist, Amazon Web Services, Endowed Professor,...Anima Anadkumar, Principal Scientist, Amazon Web Services, Endowed Professor,...
Anima Anadkumar, Principal Scientist, Amazon Web Services, Endowed Professor,...MLconf
 
LN Renganarayana, Architect, ML Platform and Services and Madhura Dudhgaonkar...
LN Renganarayana, Architect, ML Platform and Services and Madhura Dudhgaonkar...LN Renganarayana, Architect, ML Platform and Services and Madhura Dudhgaonkar...
LN Renganarayana, Architect, ML Platform and Services and Madhura Dudhgaonkar...MLconf
 
Matineh Shaker, Artificial Intelligence Scientist, Bonsai at MLconf SF 2017
Matineh Shaker, Artificial Intelligence Scientist, Bonsai at MLconf SF 2017Matineh Shaker, Artificial Intelligence Scientist, Bonsai at MLconf SF 2017
Matineh Shaker, Artificial Intelligence Scientist, Bonsai at MLconf SF 2017MLconf
 
Xavier Amatriain, Cofounder & CTO, Curai at MLconf SF 2017
Xavier Amatriain, Cofounder & CTO, Curai at MLconf SF 2017Xavier Amatriain, Cofounder & CTO, Curai at MLconf SF 2017
Xavier Amatriain, Cofounder & CTO, Curai at MLconf SF 2017MLconf
 
Jonas Schneider, Head of Engineering for Robotics, OpenAI
Jonas Schneider, Head of Engineering for Robotics, OpenAIJonas Schneider, Head of Engineering for Robotics, OpenAI
Jonas Schneider, Head of Engineering for Robotics, OpenAIMLconf
 
Ashfaq Munshi, ML7 Fellow, Pepperdata
Ashfaq Munshi, ML7 Fellow, PepperdataAshfaq Munshi, ML7 Fellow, Pepperdata
Ashfaq Munshi, ML7 Fellow, PepperdataMLconf
 
Daniel Shank, Data Scientist, Talla at MLconf SF 2017
Daniel Shank, Data Scientist, Talla at MLconf SF 2017Daniel Shank, Data Scientist, Talla at MLconf SF 2017
Daniel Shank, Data Scientist, Talla at MLconf SF 2017MLconf
 
Doug Eck, Research Scientist, Google Magenta, at MLconf SF 2017
Doug Eck, Research Scientist, Google Magenta, at MLconf SF 2017Doug Eck, Research Scientist, Google Magenta, at MLconf SF 2017
Doug Eck, Research Scientist, Google Magenta, at MLconf SF 2017MLconf
 
Dr. Steve Liu, Chief Scientist, Tinder at MLconf SF 2017
Dr. Steve Liu, Chief Scientist, Tinder at MLconf SF 2017Dr. Steve Liu, Chief Scientist, Tinder at MLconf SF 2017
Dr. Steve Liu, Chief Scientist, Tinder at MLconf SF 2017MLconf
 
Ashrith Barthur, Security Scientist, H2o.ai, at MLconf 2017
Ashrith Barthur, Security Scientist, H2o.ai, at MLconf 2017Ashrith Barthur, Security Scientist, H2o.ai, at MLconf 2017
Ashrith Barthur, Security Scientist, H2o.ai, at MLconf 2017MLconf
 
Ryan West, Machine Learning Engineer, Nexosis at MLconf ATL 2017
Ryan West, Machine Learning Engineer, Nexosis at MLconf ATL 2017Ryan West, Machine Learning Engineer, Nexosis at MLconf ATL 2017
Ryan West, Machine Learning Engineer, Nexosis at MLconf ATL 2017MLconf
 
Lukas Biewald, MLconf
Lukas Biewald, MLconf Lukas Biewald, MLconf
Lukas Biewald, MLconf MLconf
 
Matei zaharia, spark presentation m lconf 2013
Matei zaharia, spark presentation m lconf 2013Matei zaharia, spark presentation m lconf 2013
Matei zaharia, spark presentation m lconf 2013MLconf
 
Cognitive Computing in Security with AI
Cognitive Computing in Security with AI Cognitive Computing in Security with AI
Cognitive Computing in Security with AI JoAnna Cheshire
 
Adversarial machine learning for av software
Adversarial machine learning for av softwareAdversarial machine learning for av software
Adversarial machine learning for av softwarejunseok seo
 
AI approach to malware similarity analysis: Maping the malware genome with a...
AI approach to malware similarity analysis: Maping the malware genome with a...AI approach to malware similarity analysis: Maping the malware genome with a...
AI approach to malware similarity analysis: Maping the malware genome with a...Priyanka Aash
 

Viewers also liked (20)

Tamara G. Kolda, Distinguished Member of Technical Staff, Sandia National Lab...
Tamara G. Kolda, Distinguished Member of Technical Staff, Sandia National Lab...Tamara G. Kolda, Distinguished Member of Technical Staff, Sandia National Lab...
Tamara G. Kolda, Distinguished Member of Technical Staff, Sandia National Lab...
 
Rushin Shah, Engineering Manager, Facebook at MLconf SF 2017
Rushin Shah, Engineering Manager, Facebook at MLconf SF 2017Rushin Shah, Engineering Manager, Facebook at MLconf SF 2017
Rushin Shah, Engineering Manager, Facebook at MLconf SF 2017
 
Michael Alcorn, Sr. Software Engineer, Red Hat Inc. at MLconf SF 2017
Michael Alcorn, Sr. Software Engineer, Red Hat Inc. at MLconf SF 2017Michael Alcorn, Sr. Software Engineer, Red Hat Inc. at MLconf SF 2017
Michael Alcorn, Sr. Software Engineer, Red Hat Inc. at MLconf SF 2017
 
Dr. June Andrews, Principal Data Scientist, Wise.io, From GE Digital at MLcon...
Dr. June Andrews, Principal Data Scientist, Wise.io, From GE Digital at MLcon...Dr. June Andrews, Principal Data Scientist, Wise.io, From GE Digital at MLcon...
Dr. June Andrews, Principal Data Scientist, Wise.io, From GE Digital at MLcon...
 
Anima Anadkumar, Principal Scientist, Amazon Web Services, Endowed Professor,...
Anima Anadkumar, Principal Scientist, Amazon Web Services, Endowed Professor,...Anima Anadkumar, Principal Scientist, Amazon Web Services, Endowed Professor,...
Anima Anadkumar, Principal Scientist, Amazon Web Services, Endowed Professor,...
 
LN Renganarayana, Architect, ML Platform and Services and Madhura Dudhgaonkar...
LN Renganarayana, Architect, ML Platform and Services and Madhura Dudhgaonkar...LN Renganarayana, Architect, ML Platform and Services and Madhura Dudhgaonkar...
LN Renganarayana, Architect, ML Platform and Services and Madhura Dudhgaonkar...
 
Matineh Shaker, Artificial Intelligence Scientist, Bonsai at MLconf SF 2017
Matineh Shaker, Artificial Intelligence Scientist, Bonsai at MLconf SF 2017Matineh Shaker, Artificial Intelligence Scientist, Bonsai at MLconf SF 2017
Matineh Shaker, Artificial Intelligence Scientist, Bonsai at MLconf SF 2017
 
Xavier Amatriain, Cofounder & CTO, Curai at MLconf SF 2017
Xavier Amatriain, Cofounder & CTO, Curai at MLconf SF 2017Xavier Amatriain, Cofounder & CTO, Curai at MLconf SF 2017
Xavier Amatriain, Cofounder & CTO, Curai at MLconf SF 2017
 
Jonas Schneider, Head of Engineering for Robotics, OpenAI
Jonas Schneider, Head of Engineering for Robotics, OpenAIJonas Schneider, Head of Engineering for Robotics, OpenAI
Jonas Schneider, Head of Engineering for Robotics, OpenAI
 
Ashfaq Munshi, ML7 Fellow, Pepperdata
Ashfaq Munshi, ML7 Fellow, PepperdataAshfaq Munshi, ML7 Fellow, Pepperdata
Ashfaq Munshi, ML7 Fellow, Pepperdata
 
Daniel Shank, Data Scientist, Talla at MLconf SF 2017
Daniel Shank, Data Scientist, Talla at MLconf SF 2017Daniel Shank, Data Scientist, Talla at MLconf SF 2017
Daniel Shank, Data Scientist, Talla at MLconf SF 2017
 
Doug Eck, Research Scientist, Google Magenta, at MLconf SF 2017
Doug Eck, Research Scientist, Google Magenta, at MLconf SF 2017Doug Eck, Research Scientist, Google Magenta, at MLconf SF 2017
Doug Eck, Research Scientist, Google Magenta, at MLconf SF 2017
 
Dr. Steve Liu, Chief Scientist, Tinder at MLconf SF 2017
Dr. Steve Liu, Chief Scientist, Tinder at MLconf SF 2017Dr. Steve Liu, Chief Scientist, Tinder at MLconf SF 2017
Dr. Steve Liu, Chief Scientist, Tinder at MLconf SF 2017
 
Ashrith Barthur, Security Scientist, H2o.ai, at MLconf 2017
Ashrith Barthur, Security Scientist, H2o.ai, at MLconf 2017Ashrith Barthur, Security Scientist, H2o.ai, at MLconf 2017
Ashrith Barthur, Security Scientist, H2o.ai, at MLconf 2017
 
Ryan West, Machine Learning Engineer, Nexosis at MLconf ATL 2017
Ryan West, Machine Learning Engineer, Nexosis at MLconf ATL 2017Ryan West, Machine Learning Engineer, Nexosis at MLconf ATL 2017
Ryan West, Machine Learning Engineer, Nexosis at MLconf ATL 2017
 
Lukas Biewald, MLconf
Lukas Biewald, MLconf Lukas Biewald, MLconf
Lukas Biewald, MLconf
 
Matei zaharia, spark presentation m lconf 2013
Matei zaharia, spark presentation m lconf 2013Matei zaharia, spark presentation m lconf 2013
Matei zaharia, spark presentation m lconf 2013
 
Cognitive Computing in Security with AI
Cognitive Computing in Security with AI Cognitive Computing in Security with AI
Cognitive Computing in Security with AI
 
Adversarial machine learning for av software
Adversarial machine learning for av softwareAdversarial machine learning for av software
Adversarial machine learning for av software
 
AI approach to malware similarity analysis: Maping the malware genome with a...
AI approach to malware similarity analysis: Maping the malware genome with a...AI approach to malware similarity analysis: Maping the malware genome with a...
AI approach to malware similarity analysis: Maping the malware genome with a...
 

Similar to Talha Obaid, Email Security, Symantec at MLconf ATL 2017

Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017 Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017 Kevin Murphy
 
Is the Cloud Safe? Ensuring Security in the Cloud
Is the Cloud Safe? Ensuring Security in the CloudIs the Cloud Safe? Ensuring Security in the Cloud
Is the Cloud Safe? Ensuring Security in the CloudTechSoup
 
ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious?
ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious?ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious?
ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious?CiNPA Security SIG
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Splunk workshop-Threat Hunting
Splunk workshop-Threat HuntingSplunk workshop-Threat Hunting
Splunk workshop-Threat HuntingSplunk
 
Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious?
Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious?Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious?
Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious?CiNPA Security SIG
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Canada
 
Splunk Threat Hunting Workshop
Splunk Threat Hunting WorkshopSplunk Threat Hunting Workshop
Splunk Threat Hunting WorkshopSplunk
 
BSides Indianapolis: Phishing Forensics - Is it just suspicious or is it mali...
BSides Indianapolis: Phishing Forensics - Is it just suspicious or is it mali...BSides Indianapolis: Phishing Forensics - Is it just suspicious or is it mali...
BSides Indianapolis: Phishing Forensics - Is it just suspicious or is it mali...CiNPA Security SIG
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
The Silicon Valley Security Debate: Demo by Symphony’s CTO and CSO
The Silicon Valley Security Debate: Demo by Symphony’s CTO and CSOThe Silicon Valley Security Debate: Demo by Symphony’s CTO and CSO
The Silicon Valley Security Debate: Demo by Symphony’s CTO and CSOSymphony.com
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationChris Gates
 
IRJET- Detecting Phishing Websites using Machine Learning
IRJET- Detecting Phishing Websites using Machine LearningIRJET- Detecting Phishing Websites using Machine Learning
IRJET- Detecting Phishing Websites using Machine LearningIRJET Journal
 
Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Syed Ubaid Ali Jafri
 
Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...Cenzic
 
Modern cybersecurity threats, and shiny new tools to help deal with them - T...
Modern cybersecurity threats, and shiny new tools to help deal with them - T... Modern cybersecurity threats, and shiny new tools to help deal with them - T...
Modern cybersecurity threats, and shiny new tools to help deal with them - T...ITCamp
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Kimberley Dray
 
FullDay Faeder on Friday
FullDay Faeder on Friday FullDay Faeder on Friday
FullDay Faeder on Friday Adam Faeder
 
FullDay on Fridays Feb. 3, 2017
FullDay on Fridays Feb. 3, 2017FullDay on Fridays Feb. 3, 2017
FullDay on Fridays Feb. 3, 2017Adam Faeder
 

Similar to Talha Obaid, Email Security, Symantec at MLconf ATL 2017 (20)

Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017 Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017
 
Is the Cloud Safe? Ensuring Security in the Cloud
Is the Cloud Safe? Ensuring Security in the CloudIs the Cloud Safe? Ensuring Security in the Cloud
Is the Cloud Safe? Ensuring Security in the Cloud
 
ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious?
ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious?ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious?
ISSA COISS: : Phishing Forensics - Is it just suspicious or is it malicious?
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Splunk workshop-Threat Hunting
Splunk workshop-Threat HuntingSplunk workshop-Threat Hunting
Splunk workshop-Threat Hunting
 
Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious?
Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious?Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious?
Circle City Con: Phishing Forensics - Is it just suspicious or is it malicious?
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
 
Splunk Threat Hunting Workshop
Splunk Threat Hunting WorkshopSplunk Threat Hunting Workshop
Splunk Threat Hunting Workshop
 
BSides Indianapolis: Phishing Forensics - Is it just suspicious or is it mali...
BSides Indianapolis: Phishing Forensics - Is it just suspicious or is it mali...BSides Indianapolis: Phishing Forensics - Is it just suspicious or is it mali...
BSides Indianapolis: Phishing Forensics - Is it just suspicious or is it mali...
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
Atelier Technique - Symantec - #ACSS2019
Atelier Technique - Symantec - #ACSS2019Atelier Technique - Symantec - #ACSS2019
Atelier Technique - Symantec - #ACSS2019
 
The Silicon Valley Security Debate: Demo by Symphony’s CTO and CSO
The Silicon Valley Security Debate: Demo by Symphony’s CTO and CSOThe Silicon Valley Security Debate: Demo by Symphony’s CTO and CSO
The Silicon Valley Security Debate: Demo by Symphony’s CTO and CSO
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing Presentation
 
IRJET- Detecting Phishing Websites using Machine Learning
IRJET- Detecting Phishing Websites using Machine LearningIRJET- Detecting Phishing Websites using Machine Learning
IRJET- Detecting Phishing Websites using Machine Learning
 
Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015
 
Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...
 
Modern cybersecurity threats, and shiny new tools to help deal with them - T...
Modern cybersecurity threats, and shiny new tools to help deal with them - T... Modern cybersecurity threats, and shiny new tools to help deal with them - T...
Modern cybersecurity threats, and shiny new tools to help deal with them - T...
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019
 
FullDay Faeder on Friday
FullDay Faeder on Friday FullDay Faeder on Friday
FullDay Faeder on Friday
 
FullDay on Fridays Feb. 3, 2017
FullDay on Fridays Feb. 3, 2017FullDay on Fridays Feb. 3, 2017
FullDay on Fridays Feb. 3, 2017
 

More from MLconf

Jamila Smith-Loud - Understanding Human Impact: Social and Equity Assessments...
Jamila Smith-Loud - Understanding Human Impact: Social and Equity Assessments...Jamila Smith-Loud - Understanding Human Impact: Social and Equity Assessments...
Jamila Smith-Loud - Understanding Human Impact: Social and Equity Assessments...MLconf
 
Ted Willke - The Brain’s Guide to Dealing with Context in Language Understanding
Ted Willke - The Brain’s Guide to Dealing with Context in Language UnderstandingTed Willke - The Brain’s Guide to Dealing with Context in Language Understanding
Ted Willke - The Brain’s Guide to Dealing with Context in Language UnderstandingMLconf
 
Justin Armstrong - Applying Computer Vision to Reduce Contamination in the Re...
Justin Armstrong - Applying Computer Vision to Reduce Contamination in the Re...Justin Armstrong - Applying Computer Vision to Reduce Contamination in the Re...
Justin Armstrong - Applying Computer Vision to Reduce Contamination in the Re...MLconf
 
Igor Markov - Quantum Computing: a Treasure Hunt, not a Gold Rush
Igor Markov - Quantum Computing: a Treasure Hunt, not a Gold RushIgor Markov - Quantum Computing: a Treasure Hunt, not a Gold Rush
Igor Markov - Quantum Computing: a Treasure Hunt, not a Gold RushMLconf
 
Josh Wills - Data Labeling as Religious Experience
Josh Wills - Data Labeling as Religious ExperienceJosh Wills - Data Labeling as Religious Experience
Josh Wills - Data Labeling as Religious ExperienceMLconf
 
Vinay Prabhu - Project GaitNet: Ushering in the ImageNet moment for human Gai...
Vinay Prabhu - Project GaitNet: Ushering in the ImageNet moment for human Gai...Vinay Prabhu - Project GaitNet: Ushering in the ImageNet moment for human Gai...
Vinay Prabhu - Project GaitNet: Ushering in the ImageNet moment for human Gai...MLconf
 
Jekaterina Novikova - Machine Learning Methods in Detecting Alzheimer’s Disea...
Jekaterina Novikova - Machine Learning Methods in Detecting Alzheimer’s Disea...Jekaterina Novikova - Machine Learning Methods in Detecting Alzheimer’s Disea...
Jekaterina Novikova - Machine Learning Methods in Detecting Alzheimer’s Disea...MLconf
 
Meghana Ravikumar - Optimized Image Classification on the Cheap
Meghana Ravikumar - Optimized Image Classification on the CheapMeghana Ravikumar - Optimized Image Classification on the Cheap
Meghana Ravikumar - Optimized Image Classification on the CheapMLconf
 
Noam Finkelstein - The Importance of Modeling Data Collection
Noam Finkelstein - The Importance of Modeling Data CollectionNoam Finkelstein - The Importance of Modeling Data Collection
Noam Finkelstein - The Importance of Modeling Data CollectionMLconf
 
June Andrews - The Uncanny Valley of ML
June Andrews - The Uncanny Valley of MLJune Andrews - The Uncanny Valley of ML
June Andrews - The Uncanny Valley of MLMLconf
 
Sneha Rajana - Deep Learning Architectures for Semantic Relation Detection Tasks
Sneha Rajana - Deep Learning Architectures for Semantic Relation Detection TasksSneha Rajana - Deep Learning Architectures for Semantic Relation Detection Tasks
Sneha Rajana - Deep Learning Architectures for Semantic Relation Detection TasksMLconf
 
Anoop Deoras - Building an Incrementally Trained, Local Taste Aware, Global D...
Anoop Deoras - Building an Incrementally Trained, Local Taste Aware, Global D...Anoop Deoras - Building an Incrementally Trained, Local Taste Aware, Global D...
Anoop Deoras - Building an Incrementally Trained, Local Taste Aware, Global D...MLconf
 
Vito Ostuni - The Voice: New Challenges in a Zero UI World
Vito Ostuni - The Voice: New Challenges in a Zero UI WorldVito Ostuni - The Voice: New Challenges in a Zero UI World
Vito Ostuni - The Voice: New Challenges in a Zero UI WorldMLconf
 
Anna choromanska - Data-driven Challenges in AI: Scale, Information Selection...
Anna choromanska - Data-driven Challenges in AI: Scale, Information Selection...Anna choromanska - Data-driven Challenges in AI: Scale, Information Selection...
Anna choromanska - Data-driven Challenges in AI: Scale, Information Selection...MLconf
 
Janani Kalyanam - Machine Learning to Detect Illegal Online Sales of Prescrip...
Janani Kalyanam - Machine Learning to Detect Illegal Online Sales of Prescrip...Janani Kalyanam - Machine Learning to Detect Illegal Online Sales of Prescrip...
Janani Kalyanam - Machine Learning to Detect Illegal Online Sales of Prescrip...MLconf
 
Esperanza Lopez Aguilera - Using a Bayesian Neural Network in the Detection o...
Esperanza Lopez Aguilera - Using a Bayesian Neural Network in the Detection o...Esperanza Lopez Aguilera - Using a Bayesian Neural Network in the Detection o...
Esperanza Lopez Aguilera - Using a Bayesian Neural Network in the Detection o...MLconf
 
Neel Sundaresan - Teaching a machine to code
Neel Sundaresan - Teaching a machine to codeNeel Sundaresan - Teaching a machine to code
Neel Sundaresan - Teaching a machine to codeMLconf
 
Rishabh Mehrotra - Recommendations in a Marketplace: Personalizing Explainabl...
Rishabh Mehrotra - Recommendations in a Marketplace: Personalizing Explainabl...Rishabh Mehrotra - Recommendations in a Marketplace: Personalizing Explainabl...
Rishabh Mehrotra - Recommendations in a Marketplace: Personalizing Explainabl...MLconf
 
Soumith Chintala - Increasing the Impact of AI Through Better Software
Soumith Chintala - Increasing the Impact of AI Through Better SoftwareSoumith Chintala - Increasing the Impact of AI Through Better Software
Soumith Chintala - Increasing the Impact of AI Through Better SoftwareMLconf
 
Roy Lowrance - Predicting Bond Prices: Regime Changes
Roy Lowrance - Predicting Bond Prices: Regime ChangesRoy Lowrance - Predicting Bond Prices: Regime Changes
Roy Lowrance - Predicting Bond Prices: Regime ChangesMLconf
 

More from MLconf (20)

Jamila Smith-Loud - Understanding Human Impact: Social and Equity Assessments...
Jamila Smith-Loud - Understanding Human Impact: Social and Equity Assessments...Jamila Smith-Loud - Understanding Human Impact: Social and Equity Assessments...
Jamila Smith-Loud - Understanding Human Impact: Social and Equity Assessments...
 
Ted Willke - The Brain’s Guide to Dealing with Context in Language Understanding
Ted Willke - The Brain’s Guide to Dealing with Context in Language UnderstandingTed Willke - The Brain’s Guide to Dealing with Context in Language Understanding
Ted Willke - The Brain’s Guide to Dealing with Context in Language Understanding
 
Justin Armstrong - Applying Computer Vision to Reduce Contamination in the Re...
Justin Armstrong - Applying Computer Vision to Reduce Contamination in the Re...Justin Armstrong - Applying Computer Vision to Reduce Contamination in the Re...
Justin Armstrong - Applying Computer Vision to Reduce Contamination in the Re...
 
Igor Markov - Quantum Computing: a Treasure Hunt, not a Gold Rush
Igor Markov - Quantum Computing: a Treasure Hunt, not a Gold RushIgor Markov - Quantum Computing: a Treasure Hunt, not a Gold Rush
Igor Markov - Quantum Computing: a Treasure Hunt, not a Gold Rush
 
Josh Wills - Data Labeling as Religious Experience
Josh Wills - Data Labeling as Religious ExperienceJosh Wills - Data Labeling as Religious Experience
Josh Wills - Data Labeling as Religious Experience
 
Vinay Prabhu - Project GaitNet: Ushering in the ImageNet moment for human Gai...
Vinay Prabhu - Project GaitNet: Ushering in the ImageNet moment for human Gai...Vinay Prabhu - Project GaitNet: Ushering in the ImageNet moment for human Gai...
Vinay Prabhu - Project GaitNet: Ushering in the ImageNet moment for human Gai...
 
Jekaterina Novikova - Machine Learning Methods in Detecting Alzheimer’s Disea...
Jekaterina Novikova - Machine Learning Methods in Detecting Alzheimer’s Disea...Jekaterina Novikova - Machine Learning Methods in Detecting Alzheimer’s Disea...
Jekaterina Novikova - Machine Learning Methods in Detecting Alzheimer’s Disea...
 
Meghana Ravikumar - Optimized Image Classification on the Cheap
Meghana Ravikumar - Optimized Image Classification on the CheapMeghana Ravikumar - Optimized Image Classification on the Cheap
Meghana Ravikumar - Optimized Image Classification on the Cheap
 
Noam Finkelstein - The Importance of Modeling Data Collection
Noam Finkelstein - The Importance of Modeling Data CollectionNoam Finkelstein - The Importance of Modeling Data Collection
Noam Finkelstein - The Importance of Modeling Data Collection
 
June Andrews - The Uncanny Valley of ML
June Andrews - The Uncanny Valley of MLJune Andrews - The Uncanny Valley of ML
June Andrews - The Uncanny Valley of ML
 
Sneha Rajana - Deep Learning Architectures for Semantic Relation Detection Tasks
Sneha Rajana - Deep Learning Architectures for Semantic Relation Detection TasksSneha Rajana - Deep Learning Architectures for Semantic Relation Detection Tasks
Sneha Rajana - Deep Learning Architectures for Semantic Relation Detection Tasks
 
Anoop Deoras - Building an Incrementally Trained, Local Taste Aware, Global D...
Anoop Deoras - Building an Incrementally Trained, Local Taste Aware, Global D...Anoop Deoras - Building an Incrementally Trained, Local Taste Aware, Global D...
Anoop Deoras - Building an Incrementally Trained, Local Taste Aware, Global D...
 
Vito Ostuni - The Voice: New Challenges in a Zero UI World
Vito Ostuni - The Voice: New Challenges in a Zero UI WorldVito Ostuni - The Voice: New Challenges in a Zero UI World
Vito Ostuni - The Voice: New Challenges in a Zero UI World
 
Anna choromanska - Data-driven Challenges in AI: Scale, Information Selection...
Anna choromanska - Data-driven Challenges in AI: Scale, Information Selection...Anna choromanska - Data-driven Challenges in AI: Scale, Information Selection...
Anna choromanska - Data-driven Challenges in AI: Scale, Information Selection...
 
Janani Kalyanam - Machine Learning to Detect Illegal Online Sales of Prescrip...
Janani Kalyanam - Machine Learning to Detect Illegal Online Sales of Prescrip...Janani Kalyanam - Machine Learning to Detect Illegal Online Sales of Prescrip...
Janani Kalyanam - Machine Learning to Detect Illegal Online Sales of Prescrip...
 
Esperanza Lopez Aguilera - Using a Bayesian Neural Network in the Detection o...
Esperanza Lopez Aguilera - Using a Bayesian Neural Network in the Detection o...Esperanza Lopez Aguilera - Using a Bayesian Neural Network in the Detection o...
Esperanza Lopez Aguilera - Using a Bayesian Neural Network in the Detection o...
 
Neel Sundaresan - Teaching a machine to code
Neel Sundaresan - Teaching a machine to codeNeel Sundaresan - Teaching a machine to code
Neel Sundaresan - Teaching a machine to code
 
Rishabh Mehrotra - Recommendations in a Marketplace: Personalizing Explainabl...
Rishabh Mehrotra - Recommendations in a Marketplace: Personalizing Explainabl...Rishabh Mehrotra - Recommendations in a Marketplace: Personalizing Explainabl...
Rishabh Mehrotra - Recommendations in a Marketplace: Personalizing Explainabl...
 
Soumith Chintala - Increasing the Impact of AI Through Better Software
Soumith Chintala - Increasing the Impact of AI Through Better SoftwareSoumith Chintala - Increasing the Impact of AI Through Better Software
Soumith Chintala - Increasing the Impact of AI Through Better Software
 
Roy Lowrance - Predicting Bond Prices: Regime Changes
Roy Lowrance - Predicting Bond Prices: Regime ChangesRoy Lowrance - Predicting Bond Prices: Regime Changes
Roy Lowrance - Predicting Bond Prices: Regime Changes
 

Recently uploaded

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 

Recently uploaded (20)

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 

Talha Obaid, Email Security, Symantec at MLconf ATL 2017

  • 1. Machine Learning for Detecting Malware Talha Obaid Ling Zhou Timothy You Xinlei Cai MLConf – Atlanta Sep 2017 Email Security Scripting
  • 2. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only The Team! Ling Zhou Timothy You Xinlei Cai Talha Obaid
  • 3. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Machine Learning @ Symantec • Early adopter of ML in industry • SRL – Symantec Research Labs • CAML – Centre for Advanced Machine Learning • Malware detection, spam identification • Helped achieve the compounded impact • Malware polymorphism https://www.symantec.com/connect/blogs/meet-symantec-labs-industrys-best-kept-secret
  • 4. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Reference: https://www.symantec.com/connect/blogs/machine-learning-not-only-answer How I got infected?
  • 5. Email – as a carrier!
  • 6. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Email is the weapon of choice! • One in 131 emails contained malicious link or attachment, the highest rate in five years • The rate jumped from 1 in 220 emails in 2015 to 1 in 131 emails in 2016 • In 2016 Small to Medium sized Businesses were the most impacted by phishing attacks with 1 in 95 emails containing malware • Email sent daily in 2016 – 269 billion* • The general office worker receives an average of 600 emails per week* • Blended attacks - Email as a career for malicious URL • Office document files are an effective weapon • Lighter footprint and hiding in plain sight Reference: https://www.symantec.com/security-center/threat-report * Email Statistics Report, 2017-2021, Radicati Group, February 2017 Copyright © Symantec
  • 7. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Worldwide Email Forecast Worldwide Email Users* (M) 3,718 3,823 3,930 4,037 4,147 % Growth 3% 3% 3% 3% Reference: https://www.radicati.com/wp/wp-content/uploads/2017/01/Email-Statistics-Report-2017-2021-Executive-Summary.pdf * Includes both Business and Consumer Email users Daily Email Traffic 2017 2018 2019 2020 2021 Total Worldwide Emails Sent/Received Per Day (B) 269.0 281.1 293.6 306.4 319.6 % Growth 4.5% 4.4% 4.4% 4.3% Worldwide Daily Email Traffic (B), 2017-2021 Worldwide Email User Forecast (M), 2017–2021
  • 8. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Email: Locky malware delivery vector Reference: https://www.symantec.com/security-center/threat-report http://www.latimes.com/business/technology/la-me-ln-hollywood-hospital-bitcoin-20160217-story.html https://arstechnica.com/information-technology/2016/02/locky-crypto-ransomware-rides-in-on-malicious-word-document-macro/ Copyright © Symantec • Released in 2016 • Still active in 2017 • “Enable macro if data encoding is incorrect” • If the user does enable macros, the macros then save and run a binary file that downloads the actual encryption Trojan • Hospital in Hollywood payed $17,000 in bitcoin to hackers
  • 10. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Exampli Gratia AutoClose, Random variable, String split
  • 11. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Fake variable Fake comment Fake condition
  • 12. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Multiple Function String split
  • 13. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only String encryption Random variable Function Call hidden
  • 14. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only String Encryption Random variable Multi function Click event
  • 15. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only String hidden Fake condition
  • 17. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Domain Differences Programming Language • Non-Ambiguous • Deterministic language • Clear distinction between syntax and semantics • Semicolons, Tabs vs Spaces, Editor wars • Identifier, sub routine calls, imports • Comments, conventions, notations • Design patterns Natural Language • Ambiguous • Context-bound languages • Less distinguished between syntax and semantic • Puns, Rants, Parodies, Imitations • TF-IDF • LSTM – Long short term memory • Bag of words Copyright © Symantec
  • 18. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Machine Learning Applications – Code! Automatic Patch Generation by Learning Correct Code by Fan et. al. Reference: https://www.newscientist.com/article/mg23331144-500-ai-learns-to-write-its-own-code-by-stealing-from-other-programs/ http://people.csail.mit.edu/rinard/paper/popl16.pdf Copyright © Symantec
  • 19. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only https://www.forbes.com/sites/adrianbridgwater/2016/03/07/machine-learning-needs-a-human-in-the-loop https://blogs.technet.microsoft.com/machinelearning/2016/10/17/the-power-of-human-in-the-loop-combine-human-intelligence-with-machine-learning/ Human-In-The-Loop?
  • 20. How we do it
  • 21. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Rule ^ ML Email Analyze Inflation Macro Extraction Parsing Feature Extraction Copyright © Symantec
  • 22. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Feature Selection (Total 72 Features) ML_1... ML_12… ML_2... ML_13… ML_3... ML_14…* ML_4... ML_15… ML_5... ML_16… ML_6... ML_17… ML_7… ML_18… ML_8… ML_19… ML_9… ML_20… ML_10… ML_21…* ML_11… … Note: Features with (*) can be expanded to the count of each item. ML_21_1… ML_14_1… ML_21_2… ML_14_1… ML_21_3… ML_14_1… ML_21_4… ML_14_1… ML_21_5… ML_14_1… ML_21_1… ML_14_1… ML_21_1… ML_14_1… ML_21_1… ML_14_1… ML_21_1… ML_14_1… ML_21_1… ML_14_1… … 29 features … 21 features
  • 23. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Optimization ML_1… (Composite) ML_2… ML_3… ML_4… ML_14_3… 1 31469 1245 35 211 0 2 44617 1264 14 171 0 3 33247 1045 14 158 0 … … … … … … 1234 18828 682 29 222 1 … … … … … … 40000 1273048 844 19 151 0 • Treat ML_1… feature since it is dependent on other features. • Treat features like ML_14_3… since categorical feature.
  • 24. Results – very recent ones!
  • 25. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Spam run – from Aug 21 to Aug 27 { "desc": "Shell call", "artifact": " Shell "Explorer.exe " & strCommande, vbNormalFocus, " }, Copyright © Symantec
  • 26. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Just this morning … 15 Sep 2017
  • 27. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Recently captured… { "desc": "Small routine with string manipulation", "artifact": " Chinook = (AscB(Sumatran_Rhinoceros))" "artifact": " Tapir = Chinook(Mid(Sand_Lizard, Chipmunk, 1)) - Int(M..." }, { "desc": "Small routine with run & Obfuscated object concat & Obfuscated object creation arguments shell & Createobject run one-liner", "artifact": " CreateObject(Pig + "Shell").Run Module1.Ibis(Sea_Dragon, "" },
  • 28. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only { "desc": "Obfuscated object variable", "artifact": "Set miLxhuTjOMrpjvLQQNhstoiWlCkOdozYkasyizjweDRGlKRkgtkgxHZyAoLfJFFaMSFJDNiRekNpWbkbkzhjETbcA tytnDmZxruTFIhTLSCM = CreateObject(ujcYEkvJXWWtqcIKOpdaxorehRVbSNYlQPiQQao" }, { "desc": "Obfuscated object creation arguments", "artifact": "Set qvBvooYSTaFymchvnZIkLUSrhheHIwfYCSyrpgvjePoCKWbhMYoOBOJVcKO = CreateObject(kbUBGIKqbHJyTmAmPbuHSBjqouVxfwCfSfEWfcNXxXYAhCJKXcegnoejsdNMnNKeFdfnieGnOXJv cjJlkKZDSV" }, { "desc": "Long obfuscated variable assignment", "artifact": "ZGwEiLSTkOsQSFcFzZVPMMuHalgKESzgWlohddzbmveToRIxzt" },
  • 29. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only { "desc": "Macro with constant manipulation in function call", "artifact": "dNDfJESUPztgDlcNnWNZLIPsGgXDVndgUDYaarDOIWeCVstlSACjSVcUyLZ = CWvXJUNlxQcbDqNtnmQhCsifqGFBSHE$(327 - 240) & CWvXJUNlxQcbDqNtnmQhCsifqGFBSHE$(324 - 241) & CWvXJUNl…" }, { "desc": "Highly random long string found", "artifact": "mRClEXzmRGxUqDPLJHcHeEMgjtqozQbuXXYIpdNJOtykVB" }, { "desc": "Object creation variable identifier", "artifact": "qvBvooYSTaFymchvnZIkLUSrhheHIwfYCSyrpgvjePoCKWbhMYoOBOJVcKO" }, { "desc": "Random subroutine name", "artifact": "dnHLjlClNBEYNnZihnFPOighaDbyTOUim" },
  • 30. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only { "desc": "Random identifier with suspicious assignments", "artifact": "ujcYEkvJXWWtqcIKOpdaxorehRVbSNYlQPiQQaoCIdBbVAdczWFVpbOGsxrmOTqKykcaurtoAaRUmQJgntcvICwoBcYTiBopmrc kXChHdQUOKtTcnKzV = Chr$(327 - 240) & Chr$(324 - 241) & Chr$(24…" }, { "desc": "Shell/SaveToFile string contains strange variable name", "artifact": "RhIzeRHLbzssvNwesaErYKfXuynMPZjWdUBgPAZZUnlhknaNjNAQERoHClFgeuvBPWPbMQPsAeXlYymHXZdCZTRMfteev" }, { "desc": "File with following name was created and run created", "artifact": "XABNAGkAYwByAG8AcwBvAGYAdAA=XABxAGIASwBWAEsAdgBsAGgAdwBpAEoAUgBLAC4AZQB4AGUA" }, And… we capture a lot more!
  • 31. Copyright © 2017 Symantec Corporation SYMANTEC PROPRIETARY– Limited Use Only Findings & Going Forward … • “If an artifact is missing” means a sample is missed – not anymore • All features contribute to the verdict in unison • Obfuscation is still a challenge and will remain to be one • Identify why a variable of string type is assigned a byte array? • Why an assignment expression is more than say 200 characters? • Keep transitioning inflating malware samples from sandbox to static analysis
  • 32. Thank You! Talha Obaid Ling Zhou Timothy You Xinlei Cai Email Security Join us! www.symantec.com/about/careers

Editor's Notes

  1. Domain experts – Malware classes Malware engine experts ML guy
  2. Though we have chats and messengers Locky malware Edited. Broke up the slides into two.
  3. Though we have chats and messengers Locky malware
  4. Dealt so far regarding NLP
  5. Extracting features from samples. Shuffling the samples and put them into two sample sets: training and testing. Applying machine learning algorithms on those samples. Validating the Machine Learning results. Resized the hexagons to fit the words better. Comment on the image: I think the text within the circles will be undecipherable to the audience. I could hardly read it even if I try to bring my eyes closer to the screen.
  6. Machine learning is not a black box, and we have to be very conscious while using features. The features used should be totally independent among themselves, and dependent on the verdict, i.e. on the left side. We realized that these two features, VBA size was a composite feature, whereas CByte was categorical, meaning forcing sub grouping within the model.
  7. Add numbers here, of how many were matched
  8. 3328 long value assigned to variable '