Cyber Incident Response Adobe
Having more than 7 years of experience in security, Marius has had the opportunity to see all of the branches of the industry – from state institutions to state-sponsored attacks, from private companies to privacy incidents, from law enforcement to security analyst to threat hunter and incident responder. Having had this level of exposure in such a short time has allowed him to learn faster and faster and keep up with the industry. Anyone that worked with him would describe Marius as a professional first and foremost. His dedication can be seen from his highly-focused work ethic and attention to details.
Project SCOUT. Deep Learning for malicious code detection
We propose a new deep-learning inspired methodology for detecting malicious code, based on latent representations computed in an un-supervised manner. We explore three different methodologies for computing the latent representations in a deep encoder-decoder architecture: self-attention, global style tokens (GST) and “memory-based” representations.
The three strategies for computing latent representations capture different aspects of how the code is written: (a) the GST tokens capture specific attacker techniques like code that is obfuscated or encrypted or that does many string manipulations; (b) the memory-based method learns “code patterns” such as iterators, if/else statements, asserts etc. and (c) the multi-head attention method captures on-the-fly summarizations of code-segments that are hard to reconstruct (don’t follow standard patterns).
1. The self-attention model represents code as the concatenated values of all heads in a multi-head attention system;
2. The GST method computes a probability distribution (attention) over a fixed number of style tokens (embeddings) and the latent representation is obtained as the weighted sum over all the tokens;
3. Finally, the memory-based method is similar to GST, but it computes multiple probability distributions over different buckets of style-tokens.
The latent code representations are used as input for a multilayer perceptron that classifies a code segment as being malicious or not. Our initial experiments on previously unseen data show state-of-the art results in classifying both isolated code-sequences as well as entire JS files as being malicious or benign.
The same latent-representation extraction methodology can be used over multiple datasets, regardless of the programming language, to attend a wide-variety of code-related tasks or problems as: identifying vulnerable code, identifying bad practices, indexing code (finding similar code), copyright issues, etc.
This talk is co-presented with Tiberiu Boros, Computer Scientist at Adobe
Are you the next cyber security superstar?
Ready for this year's presentations?
By registering you will unlock access to 60+ speakers and two full days with cyber security news & showcases from worldwide leaders.
Sponsors & Partners
They help us make this conference possible.
Orange „brings you closer to what matters to you”.
This is our brand promise: to bring our clients closer to what’s essential to them and to keep them always connected and in touch with the latest technologies, by offering them the best and safest communication experience.