[Risky Business Podcast] 3 Approaches that Evade Static Machine Learning Detection
This week, VMRay CEO & Co-Founder, Carsten Willems was a guest on the latest episode of the Risky Business Podcast. Carsten spoke with host Patrick Gray about VMRay’s supporting role in Endgame and MRG Effitas’ Static Machine Learning Evasion Contest at DEF CON this year.
The contest required participants to modify 50 working malware samples and test them against sophisticated machine learning models. Carsten outlined the 3 primary techniques that proved successful in evading these machine learning models:
- Overlaying – Adding random bytes to files changing the content and hash
- Benign content – Adding extracted code, entire code and/or file sections from existing Windows System Libraries.
- Packers – Packing a file so it was easy obfuscate features and generate a lot of noise.
At the end of the interview, Carsten closed off the interview with a discussion around how VMRay’s recent Series B round of funding will enable the company to extend its hypervisor-based monitoring technology from the CIRT into broader enterprise security as part of the detection and response infrastructure.
Past VMRay Interviews on Risky Business
- Koen Van Impe Talks About Using VMRay Analyzer for Incident Response
- Carsten Willems Talks About his Cyber Security Background and Sandbox Tech
- Chad Loeven Talks About VMRay Analyzer 2.2’s Unparalleled Usability & Seamless High-Volume Analysis