The statistical and algorithmic methods of artificial intelligence have led to impressive breakthroughs that have significantly empowered the domains of finance, marketing, imaging, biology and many others. At the same time, cybersecurity has continued to be a field with more and more advantage going to attackers yet minimal lasting contributions are made from the AI community.
This talk covers observations and lessons learned from some of our own applications of AI to the cybersecurity domain with a more detailed explanation of two methods. First, using computer network data, we share a method for detecting the obfuscation of the command-and-control channel established by some malware. Second, we identify a mechanism to detect the otherwise difficult to distinguish malware Zeus by monitoring malware execution at the Kernel level.
Evan Wright is a member of the Technical Staff for the Threat Discovery Group of the CERT Coordination Center (CERT/CC). The CERT/CC is a division of the Software Engineering Institute at Carnegie Mellon University. He holds a MS in Information Security and Technology Management from Carnegie Mellon University and a BS in Technology Systems from East Carolina University. He has over 20 years experience in computer networking and holds a CCNP and six other certifications. Since joining SEI, he has supported a variety of customers in areas such as IPv6 security, ultra-large scale network monitoring, malicious network traffic detection, intelligence fusion, and cybersecurity applications of machine learning. Before joining SEI, he was a network administrator for a medium sized company and Internet Service Provider in North Carolina.