Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Adversarial Sample Generation: Making Machine Learning Systems Robust for Security
Message
<blockquote data-quote="ForgottenSeer 58943" data-source="post: 754076"><p>So true!</p><p></p><p>I think there are mostly only a couple viable methods of protection that will be left. We're rapidly approaching.</p><p></p><p>1) Locking the system. (SRP/Anti-Exe/DefaultDeny/AutoSandboxing) etc.</p><p>2) Artificial Intelligence and/or Machine learning.</p><p></p><p>Traditional HIPS, Firewalls, signatures, and URL Filtration is approaching the end of it's useful life perhaps. Traditional IPS which is signature based is also generally speaking - nearing end of effective life.</p><p></p><p>Consider this - there are dozens of firms working on AI/ML solutions. Cylance is way ahead of the game on endpoints but there are many others working to catch up. (Sophos, Crowdstrike, Trend Micro, Sentinel One, Bromium, Carbon Black, DeepArmor, etc) Trend Micro beta tested their ML modules for almost a year and have rolled it out as an adjunct with their Worry Free business offerings. Effectiveness is yet to be established. Consumers are a bit left behind.. Mostly Webroot (meh), but Cylance is the full blown pure AI/ML solution for consumers and should prove interesting.</p><p></p><p>On the hardware front, most vendors are WAY behind. Fortinet is behind - their mediocre FortiSandbox is more of a stop-gap. Their FortiGate appliances offer nothing more than traditional, aged technologies requiring signatures (and often manual ones). Despite the whole marketing push from them, it's really all the same right now as it was 5 years ago.</p><p></p><p>Sophos is a good bit ahead with their Sandstorm system, InterceptX, etc. They just need to finish integrating their business endpoint with InterceptX then drop that down to consumers. SHP is a stop-gap technology. PfSense, Untangle, Cisco, ZyXEL, Fortinet, and the others - well behind the curve IMO.</p><p></p><p>Home users are actually better off than many enterprise/corporate clients with the launch of Gryphon Router, which uses full AI/ML to spot network anomalies and quarantine devices. It's fun, it's powerful and it works. I am unaware of any commercial vendor that can do what Gryphon does on the fly, without a signature/IPS update for a known variable. Gryphon does it for unknown variables.</p><p></p><p>Honestly - I'm disenchanted with the protection (or lack of) from traditional technologies right now. I know [USER=7463]@cruelsister[/USER] is a controversial cat around here now, however he has a valid point in that if a bypass can be achieved by changing a few variables in an existing piece of malware then you know the defensive technology is flawed. I initially disagreed with this premise, but no longer.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 58943, post: 754076"] So true! I think there are mostly only a couple viable methods of protection that will be left. We're rapidly approaching. 1) Locking the system. (SRP/Anti-Exe/DefaultDeny/AutoSandboxing) etc. 2) Artificial Intelligence and/or Machine learning. Traditional HIPS, Firewalls, signatures, and URL Filtration is approaching the end of it's useful life perhaps. Traditional IPS which is signature based is also generally speaking - nearing end of effective life. Consider this - there are dozens of firms working on AI/ML solutions. Cylance is way ahead of the game on endpoints but there are many others working to catch up. (Sophos, Crowdstrike, Trend Micro, Sentinel One, Bromium, Carbon Black, DeepArmor, etc) Trend Micro beta tested their ML modules for almost a year and have rolled it out as an adjunct with their Worry Free business offerings. Effectiveness is yet to be established. Consumers are a bit left behind.. Mostly Webroot (meh), but Cylance is the full blown pure AI/ML solution for consumers and should prove interesting. On the hardware front, most vendors are WAY behind. Fortinet is behind - their mediocre FortiSandbox is more of a stop-gap. Their FortiGate appliances offer nothing more than traditional, aged technologies requiring signatures (and often manual ones). Despite the whole marketing push from them, it's really all the same right now as it was 5 years ago. Sophos is a good bit ahead with their Sandstorm system, InterceptX, etc. They just need to finish integrating their business endpoint with InterceptX then drop that down to consumers. SHP is a stop-gap technology. PfSense, Untangle, Cisco, ZyXEL, Fortinet, and the others - well behind the curve IMO. Home users are actually better off than many enterprise/corporate clients with the launch of Gryphon Router, which uses full AI/ML to spot network anomalies and quarantine devices. It's fun, it's powerful and it works. I am unaware of any commercial vendor that can do what Gryphon does on the fly, without a signature/IPS update for a known variable. Gryphon does it for unknown variables. Honestly - I'm disenchanted with the protection (or lack of) from traditional technologies right now. I know [USER=7463]@cruelsister[/USER] is a controversial cat around here now, however he has a valid point in that if a bypass can be achieved by changing a few variables in an existing piece of malware then you know the defensive technology is flawed. I initially disagreed with this premise, but no longer. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
