Deep Learning for Realtime Malware Detection

Explore a comprehensive conference talk on using deep learning for real-time malware detection, focusing on Domain Generation Algorithm (DGA) malware. Learn about an ensemble model combining convolutional neural networks, long short-term memory networks, and natural language processing to analyze domains and identify potentially malicious machine-generated addresses. Discover how these deep learning models, built with Keras and TensorFlow, can capture complex patterns without manual feature engineering and resist reverse engineering attempts. Gain insights into the system's ability to process enterprise-scale network traffic in real-time, make predictions, and alert cybersecurity analysts. Understand the speakers' backgrounds in data engineering, computer science, and cybersecurity, and explore the talk's detailed syllabus covering various aspects of malware detection, deep learning architectures, and practical applications in cybersecurity.

Intro
Disclaimer
Malware Happens
Stopping Malware
Domain Generation Algorithms (DGA)
Combatting DGAS
Algorithmically Generated Text Stands Out
The Problem Statement
Project Alphabet Soup
The Models
Bigram Collocation
Collocation Results
Deep Learning Data
Model Architecture
Translating a Domain for ML
Embedding Layer
Character Embedding
LSTM Layer
Neural Networks for Sequential Input
Long Short-Term Memory Networks
LSTM Neurons Take Sequential Inputs
LSTMs Capture Temporal Dependencies
LSTMs Maintain State
Basics of CNN
Convolutional Neural Network
CNN for Text Analysis
Hidden Layer
The Output
Understanding Scoring
Investigation
Findings
Anatomy of a C&C network
Other Suspicious Activity
Trojan?
Deployment
Model as a Service
Wrapping Up
Questions?
LSTM Architecture
Detailed Ensemble Arch