The progress of AI in the last decade has seemed almost magical. But we will discuss the unique challenges posed by Security and what makes this domain the biggest challenge for AI. Reporting from the frontlines, we will describe the deployment of large-scale production-grade AI systems to combat security breaches, using lessons learned at Avast from defending over 400 million consumers every single day. Topics will cover the recent AI advancements in file-based anti-malware solutions, behavior-based on-device solutions, and network-based IoT security solutions.

1. • Double Content
Sub-copy to go here
Sub-copy to go here
Sub-copy to go here
Sub-copy to go here
Sub-copy to go here
Sub-copy to go here
Sub-copy to go here
Sub-copy to go here
Sub-copy to go here
Sub-copy to go here
• Double Content
Sub-copy to go here
Sub-copy to go here
Sub-copy to go here
Sub-copy to go here
Sub-copy to go here
Sub-copy to go here
Sub-copy to go here
Sub-copy to go here
Sub-copy to go here
Sub-copy to go here
1
Security is AI’s biggest challenge,
AI is Security’s greatest opportunity
Dr. Rajarshi Gupta | Head of AI, Avast | Sep 2018
Security is AI’s biggest challenge,
AI is Security’s greatest opportunity
Dr. Rajarshi Gupta | Head of AI, Avast | Nov 2018

2. ONLY domain of AI where
there is a true adversary who
can also make use ofAI
BLACK HAT WHITE HAT
Security is AI’s Biggest Challenge
2

3. Most threats have very
short longevity; machines
can act muchfaster
VELOCITY SPEED
VARIETY ACCURACY
ML is also really good at
taking into account large
amounts of contextualdata
VOLUME SCALABILITY
Coping with the sheer volume
of new threats would be
impossible without ML
AI is Security’s Greatest Opportunity
3

4. Come pit your AI skills
against a true adversary
4344

5. MACHINE
LEARNING
AVAST CLOUD ENGINE
MONTHLY
ENGAGEMEN
T
290M+
145M
+
MONTHLY
ENGAGEMENT
> 10,000 Servers
Across 10 Locations
Worldwide, processing
monthly:
> 300M Files
> 200Bn URLs
Every Month,
Avast:
Handles 30+ million
new executable files, 25
percent of which are
usually malicious
continuously
sifts through 390TB of
quality security
data
Every Month, Avast:
Prevents +2 billion
malware attacks
Pushes 50 PB of data
The World's Largest Consumer SecurityNetwork
5
1. WEB SHIELD
2. STATIC SCANNER
3. EMULATOR
4. DEEP SCREEN (SANDBOX)
5. CYBER CAPTURE
6. BEHAVIOUR SHIELD

6. Agenda for This Talk
6
• Malware Detection in the Cloud
• Network Detection for IoT
• Defense against Adversarial AI

7. Malware Detection
in the Cloud

8. Advanced Threat Detection and PreventionArchitecture:
No silverbullet
8
AVAST NEXT GENERATION AV PLATFORM
1. WEB SHIELD: protects at the entry level against network-
based exploits, malicious URLs and anomalies
2. STATIC SCANNER: performs real-timesecurity
assessments using cloud-based reputationdata
and the local classificationengine
3. WEB SHIELD: protects at the entry level against network-
based exploits, malicious URLs and anomalies
4. DEEPSCREEN (SANDBOX): secures ahypervisor-based
virtual environment to test suspect files
5. CYBER CAPTURE: uses the full power ofAvast’s threat
lab’s “clean room” to assess a file’s innermost workings
6. BEHAVIOR SHIELD: monitors each environment as
programs run and protects against malicious behavior
1.WEBSHIELD
2.STATICSCANNER
3.EMULATOR
4.DEEPSCREEN(SANDBOX)
5.CYBERCAPTURE
6.CYBERCAPTURE

9. Avast Local Expert390 TB of Quality Data 3,000 Intelligently-Designed Clusters
Months of Processing... ... Completed Daily in Real-Time
COLLECTION EXTRACTION TRAINING EXECUTION
Harness as much
data as possible
Deconstruct data into
billions of artifacts
Update models to understand
the intention of a sample
Precisely and quickly identify
what is benign vs. malicious
6X more consumer
PC users than the
nearest competitor(1)
Proprietary Local Expert architecture
leverages over 500+ features
(e.g. size, origin, age, and file entropy)
New models can be trained on
the entire historical dataset in
less than 12 hours
Endpoint-based models are
updated 200+ times per day
Goal:
Avast
Advantage:
Training the Avast Machine LearningEngine
9
Purpose-built approach that takes < 12 hours to add
new features, train, and deploy into production

10. Using Neural Nets to Optimize the Engine
Published at ICLR2018
• Goal: augment our traditional handcrafted
models with machine-generatedfeatures
Train a Convolutional Neural Net using the raw
sequence of bytes from the binary files
Training set of 20 million Windows PE files
• Results
Raw model achieves comparable accuracy to hand crafted features
Choosing machine-generated features makes it much harder to evade
Enriched features model shows extra gain of using both sets of features
1
0

11. Network Detection
for IoT Devices

12. Managing IoT Security
Problem Mitigation
✓ Every device isconnected
✓ Devices are built by non-security companies
whose motivations are lower prices and easier
connectivity, notsecurity
✓ Rarely or neverpatched
✓ Mostly opaque/closed deviceswith
no securitysoftware
✓ Need to observe from the network
✓ Each device is limited in its applications
✓ Structuredand repetitivebehavior– easyto model
19

13. POINT OF
INFECTION VIDEO CAMERA
URL
VIDEO CAMERA
DNS
Gateway
BEFORE MIRAI INFECTION DURING MIRAI INFECTION
VIDEO CAMERA
9.0.91.38
9.0.0.125
9.0.0.185
9.0.0.245
9.0.1.82
9.0.100.68
9.0.102.77
9.0.105.66
9.0.108.148
9.0.109.16
9.0.110.172
9.0.113.202
9.0.115.171
9.0.118.154
MIRAI_BOT
MIRAI_REPORT
MIRAI_CNC
9.0.239.143
9.0.83.160
Detecting A SmartHome Security Breach
20

14. HOW WHAT
How We Protect IoT Devices
Swarm
Behavior
Network
Type of
Data Sent
Infrastructure
Analysis
Amount of
Data Sent
Device Types
Traffic
Analysis
Capabilities
Vulnerabilities
14

15. Detecting Anomalies on IoT Traffic
Router
Unknown
MalwareSpread
DataLeak
HVACTV PrinterMusic HomeAssistantCamera New
DoS
IoTSurface
GameConsole
Two parallel approaches
Build an ensemble classifier in incremental steps, with models focused on known attacks
Build a deep neural net that is broad enough to identify all the known attacks, and more
15

16. ATTACK TYPE
May focus on a device
type, or servicetype
DEVICE TYPE
IoT devices have
very limitedbehavior
Identifying devices allow
us to model their behavior
SERVICE TYPE
Many devices plus
internet makes up
services, e.g.Netflix
Multi-Level ModelInput: Flow statistics from millions of homes
Deep Neural Net for IoT Traffic
Benign
Block access
to this domain
Block feed
transmission
Block communication
between these devices
Anomalies
Device
type
Input device traffic
information for
many devices, in
many homes over
a long timeperiod
Home
Type
Servic
e
Type
DDos: Many devices
attacking same domain
Benign
Unexpected
destination for
baby monitor feed
Benign
Unexpected traffic
between devices
within a home
Output: Autonomously identify anomalous traffic
Recognize unknown attacks
Identify the device or service causing the attacks
16

17. Defense Against
Adversarial AI

18. DeepFake: Human Beings are Easy to Fool
18
Source: Buzzfeed
AI generated video having President Obama “speak” fake words

19. Deep Learning Algorithms are also Easy to Fool
LabTest Summary
(Stationary)
Target Class: Speed Limit 45
Misclassify
SubtlePoster SubtlePoster CamoGraffiti CamoArt CamoArt
Evtimov, Ivan, Kevin Eykholt, Earlence Fernandes, Tadayoshi Kohno, Bo Li,
Atul Prakash,Amir Rahmati, and Dawn Song. "Robust Physical-WorldAttacks
on Machine Learning Models." arXiv preprint arXiv: 1707.08945 (2017).
19

20. DeepAttacks
Definition: Malicious Content Automatically Generated by AI Algorithms
Video
Audio
Images
URLs & Webpages
Binary Files
Network Flows
Upcoming Existing
20

21. Use the response
to learn about the
Classifier and
improve guess
Defense 1: Track the
queries and limit the
number of attempts
CLASSIFIER
21
ATTACKER
Defense 2: Train the Classifier
simultaneously with own version of
Attacker, in order to make it better
at identifying generated examples
ATTACKER
DeepAttacks: Defenses in Security
Try an example
Response: Good/Bad
Generative Adversarial Network (GAN)
Defense 3: Build targeted models
to identify the handiwork of such
ML-based generators

22. Conclusion

23. Come pit your AI skills
against a true adversary
23