[Risky Business Podcast] 3 Approaches that Evade Static Machine Learning Detection

Oct 02nd 2019

This week, VMRay CEO & Co-Founder, Carsten Willems was a guest on the latest episode of the Risky Business Podcast. Carsten spoke with host Patrick Gray about VMRay’s supporting role in Endgame and MRG Effitas’ Static Machine Learning Evasion Contest at DEF CON this year.

The contest required participants to modify 50 working malware samples and test them against sophisticated machine learning models. Carsten outlined the 3 primary techniques that proved successful in evading these machine learning models:

  • Overlaying – Adding random bytes to files changing the content and hash
  • Benign content – Adding extracted code, entire code and/or file sections from existing Windows System Libraries.
  • Packers –  Packing a file so it was easy obfuscate features and generate a lot of noise.

At the end of the interview, Carsten closed off the interview with a discussion around how VMRay’s recent Series B round of funding will enable the company to extend its hypervisor-based monitoring technology from the CIRT into broader enterprise security as part of the detection and response infrastructure.

 

 

Past VMRay Interviews on Risky Business