hunter-harritt-Ype9sdOPdYc-unsplash_edit
adasec-data_edited.jpg

AI for Zero Day Malware Attacks

In this world where the future is AI driven, if you are excited about artificial intelligence fighting an evil AI and protecting every single bit of data, Join Us.

 

Accurate Detection

ProExploitX(1).png

Better than most traditional AVs and other traditional malware attack detection and response solutions available in the market Ada can detect/predict unseen attacks.

 

Why traditional tech isn't efficient?

  1. Whenever a malware is found by the researchers, a virus DB is updated with new malicious signatures. Traditional security software while scanning for malicious files try to find a malicious signature that exists in the DB.

  2. Problem with this approach is that, malicious signature of a malware can easily be tampered by the use of cypters or any such technology easily available on the internet.

  3. This leads AVs to see a malicious file as a legitimate file and that is bad.

  4. Furthermore, zero-day malware attack (that nobody has ever seen before) takes time to reverse engineer for in-depth analysis.

  5. By then companies have lost capital, customer data and much more.

Extraction of .asm and .bytes Files

Traditional Approach.png

After acquiring a PE (portable executable). In order to extract assembly and hexadecimal code, our system reverse engineers the PE. Once .asm and .bytes files are extracted, our AI system further extracts the opcode and bytes from the .asm and hex dump files respectively. Behavior of different opcodes are examined and prepared as data points in order to feed them to a trained model as a feature of malware definition.

asm.PNG

Assembly File

bytes.PNG

Hex Dump

Minimizing log Loss

Traditional Approach (3).png

Now, data point is ready to be tested. We use multi class log loss metrics to measure the performance of our model. Our goal will be to minimize the loss. Hence, if the probability of the data point belonging to a particular class is high, and if log loss is also high -  it penalizes the model and trains it again.

RECALL

Let's Talk_