Presentation Material
AI Generated Summarymay contain errors
Here is a summarized version of the content:
The speaker discusses the challenges of using machine learning to detect and remediate non-process threats (NPTs), which are malicious files that don’t execute as standalone processes. Examples of NPTs include PDF files, for Adobe Reader, in a way that makes it behave maliciously.
One challenge is identifying what constitutes malicious behavior in these cases. For instance, the speaker notes that DLL files can be malicious even if they’re loaded by a trusted process like rundll32.exe.
The speaker suggests that automation can help deal with the scale of the problem, but warns about the pitfalls of relying solely on machine learning. They highlight the importance of combining domain expertise with machine learning to create a compelling solution.
The speaker also shares examples of NPTs, including GTBot, which dropped an MRC application with a config file that caused it to behave maliciously. In this case, simply flagging the MRC application as malicious would be a mistake, as it’s not the application itself but rather its configuration and context that make it malicious.
The speaker concludes by emphasizing the need for caution when using machine learning in cybersecurity and the importance of augmenting it with other approaches to create a comprehensive solution.