Tiberiu Boros

Software Developer / Computer Scientist Adobe

BIOGRAPHY

Tiberiu Boros is a Ph.D. in computer science, specifically in the field of Text-to-Speech (TTS) Synthesis. He is currently working for Adobe Systems Romania and is an associate of the Research Institute for Artificial Intelligence of the Romanian Academy. Additionally, he maintains two Machine Learning open source projects (TTS-Cube and NLP-Cube) and is a contributor to the DyNet Machine Learning Framework (developed by Carnegie Mellon University and many others). His research is focused on applied Natural Language and Speech Processing.

Project SCOUT. Deep Learning for malicious code detection

The number of client-side attack vectors has increased dramatically in the last decade. From exploiting browser vulnerabilities to miners or drive-by downloads, attackers commonly use Javascript code to achieve their goals. In the past, malicious code classification has been achieved using standard feature-engineering over static code analysis or dynamic code execution patterns.
We propose a new deep-learning inspired methodology for detecting malicious code, based on latent representations computed in an un-supervised manner. We explore three different methodologies for computing the latent representations in a deep encoder-decoder architecture: self-attention, global style tokens (GST) and “memory-based” representations.
The three strategies for computing latent representations capture different aspects of how the code is written: (a) the GST tokens capture specific attacker techniques like code that is obfuscated or encrypted or that does many string manipulations; (b) the memory-based method learns “code patterns” such as iterators, if/else statements, asserts etc. and (c) the multi-head attention method captures on-the-fly summarizations of code-segments that are hard to reconstruct (don’t follow standard patterns).
1. The self-attention model represents code as the concatenated values of all heads in a multi-head attention system;
2. The GST method computes a probability distribution (attention) over a fixed number of style tokens (embeddings) and the latent representation is obtained as the weighted sum over all the tokens;
3. Finally, the memory-based method is similar to GST, but it computes multiple probability distributions over different buckets of style-tokens.

The latent code representations are used as input for a multilayer perceptron that classifies a code segment as being malicious or not. Our initial experiments on previously unseen data show state-of-the art results in classifying both isolated code-sequences as well as entire JS files as being malicious or benign.

The same latent-representation extraction methodology can be used over multiple datasets, regardless of the programming language, to attend a wide-variety of code-related tasks or problems as: identifying vulnerable code, identifying bad practices, indexing code (finding similar code), copyright issues, etc.
This talk is co-presented with Marius Manica, Cyber Incident Response at Adobe

Are you the next cyber security superstar?

If you are passionate about an information security topic or you have strong technical skills developing researches on your own, you should definitely Apply at Call for Papers. By submitting you will have the chance to showcase your work to +2000 attendees.

Other speakers joining this year

Milan Gabor

CEO Viris

Tudor Damian

CIO and Managing Partner Avaelgo

Gabriel Cirlig

Security Researcher WhiteOps

Ready for this year's presentations?

By registering you will unlock access to 60+ speakers and two full days with cyber security news & showcases from worldwide leaders.

0
SPEAKERS
0
COUNTRIES
0
ATTENDEES
0
HACKING
COMPETITIONS
0
COMPANIES

Sponsors & Partners

They help us make this conference possible.

POWERED BY

Orange „brings you closer to what matters to you”.

This is our brand promise: to bring our clients closer to what’s essential to them and to keep them always connected and in touch with the latest technologies, by offering them the best and safest communication experience.

WWW.ORANGE.RO

PLATINUM PARTNERS

Ixia provides testing, visibility, security solutions, network testing tools and virtual network security solutions to strengthen applications across physical and virtual networks.

WWW.IXIACOM.COM

Secureworks provides threat intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

WWW.SECUREWORKS.COM

GOLD PARTNERS
SILVER PARTNERS
GAMING PARTNER
VIP & SPEAKERS LOUNGE PARTNER
BRONZE PARTNERS
COMMUNITY & MEDIA PARTNERS