New Paper: Valkyrie: Behavioral Malware Detection using Global Kernel-level Telemetry Data
I’m excited to announce that after a 5 year hiatus I’ve co-authored a new academic paper, which my colleague and co-author Brett presented this past weekend at the 2015 IEEE International Workshop on Machine Learning for Signal Processing in Boston. You can grab the paper (and a BibTeX reference for it) on the publications page.
The paper gives a glimpse into some of the research we’re doing on the Data Science team at CrowdStrike. If this sounds interesting, we’re still looking to add team members, so don’t be shy.
Abstract for the impatient: The growth in malware remains a major challenge to Internet security. In this paper, we present Valkyrie, a classification system that is able to identify malicious binaries purely based on behavioral traits gathered from large-scale telemetry submitted by endhosts using a lightweight sensor component. Valkyrie utilizes the Apache Spark data processing framework and is therefore able to process a large volume of real-world data in a short amount of time. In addition, since Valkyrie conducts all its heavy computation in the cloud, it therefore imposes minimal load on endpoints. Valkyrie achieves high confidence predictions at a very low false positive rate, making it a suitable solution for use with production systems.
Subscribe via RSS