Author Topic: What's Machine Learning mean?  (Read 3086 times)

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5430
  • COMODO Rocks!
    • Free Comodo Products!
What's Machine Learning mean?
« on: September 02, 2015, 01:23:14 PM »
Can you please give us some information about what the new Valkyrie has?

COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Online wasgij6

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5536
Re: What's Machine Learning mean?
« Reply #1 on: September 02, 2015, 01:35:28 PM »
I believe its another term used for A.I.
| Win 10 Pro (x64) | UAC Disabled | CFW | Intel i7 4770k | Asus Maximus VI Formula Mobo | Asus GeForce GTX 780 | G.Skill TridentX 32gb RAM | Samsung 850 Pro SSD |

Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 157
Re: What's Machine Learning mean?
« Reply #2 on: September 02, 2015, 06:05:25 PM »
We are performing many different analysis on a file in Valkyrie. Machine Learning is one of them and basically it analyses the file static attributes from different perspectives and tries to find common patterns with previously analyzed files. Here comes the Machine learning, which performs these findings. And, if the attributes turn out to be similar to malware files that have already been identified (even if this file is newly created) Valkyrie can detect this. Same for clean files as well.

This is one of the superiority of Valkyrie over regular detection techniques.

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5430
  • COMODO Rocks!
    • Free Comodo Products!
Re: What's Machine Learning mean?
« Reply #3 on: September 02, 2015, 08:13:18 PM »
We are performing many different analysis on a file in Valkyrie. Machine Learning is one of them and basically it analyses the file static attributes from different perspectives and tries to find common patterns with previously analyzed files. Here comes the Machine learning, which performs these findings. And, if the attributes turn out to be similar to malware files that have already been identified (even if this file is newly created) Valkyrie can detect this. Same for clean files as well.

This is one of the superiority of Valkyrie over regular detection techniques.
So it learns continuously from samples. It always scans files and every file info improve its capability.
Today I sent many samples to new Valkyrie and approx. all files detected as malware by "Machine Learning"
Thank you or your answer Fatih.
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 157
Re: What's Machine Learning mean?
« Reply #4 on: September 02, 2015, 09:01:07 PM »
It learns from the samples, but currently the machine learning training is performed in offline. Thus it is not in real-time. We're collecting many files and then perform training periodically.

We have plan to convert it online, for each file uploaded to this system, but this needs a major implementation, plus a good selection of samples to be trained. We should not let bad samples 'poisoning' the Machine Learning algorithm.

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5430
  • COMODO Rocks!
    • Free Comodo Products!
Re: What's Machine Learning mean?
« Reply #5 on: September 03, 2015, 05:24:36 AM »
It learns from the samples, but currently the machine learning training is performed in offline. Thus it is not in real-time. We're collecting many files and then perform training periodically.

We have plan to convert it online, for each file uploaded to this system, but this needs a major implementation, plus a good selection of samples to be trained. We should not let bad samples 'poisoning' the Machine Learning algorithm.
Now, I can understand better about machine learning.
I have another question, I submit the samples which has the final verdict "Undetected" to malware analyst.
How much time they need to answer me?

Another question is, will you have a plan to implement this system into CIS? CIS can upload those unknown and zero-day samples to Valkyrie by default.

Thanks,
yigido
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 157
Re: What's Machine Learning mean?
« Reply #6 on: September 03, 2015, 09:00:26 AM »
Now, I can understand better about machine learning.
I have another question, I submit the samples which has the final verdict "Undetected" to malware analyst.
How much time they need to answer me?

Another question is, will you have a plan to implement this system into CIS? CIS can upload those unknown and zero-day samples to Valkyrie by default.

Thanks,
yigido

The manual analysis time depends on the work load of the team. It may take from a few hours to a few days.

We have plans to integrate to CIS, but not now. We need to be confident that it will support millions of users before integrating CIS.

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5430
  • COMODO Rocks!
    • Free Comodo Products!
Re: What's Machine Learning mean?
« Reply #7 on: September 03, 2015, 09:42:58 AM »
Thank you Fatih for your valuable feedbacks  :-TU
I am looking forward to official release with more informations about it,

Keep up the good works,
Türkiye'den sevgilerle  ;)
yigido
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline Ya5h Kh4n

  • Comodo's Hero
  • *****
  • Posts: 5147
Re: What's Machine Learning mean?
« Reply #8 on: September 09, 2015, 03:30:23 PM »
So it learns continuously from samples. It always scans files and every file info improve its capability.
Today I sent many samples to new Valkyrie and approx. all files detected as malware by "Machine Learning"
Thank you or your answer Fatih.

Qihoo 360 products has QVM - is their "Machine Learning" technology.

"QVM is our proprietary technology that detects malware through an artificial-intelligence algorithm capable of machine learning to recognize new forms of malware. QVM technology offers a robust model for recognizing malware characteristics using the massive amount of data that we have compiled on confirmed malware in our blacklist and verified safe programs files in our whitelist. This model is used as a basis for a detection algorithm which is automatically enhanced and updated with new malware samples submitted by our users to our servers.

Program files that do not appear in our blacklist and whitelist are scanned using QVM, and any ''hits'' returned by this technology are presumed to be malicious and removed or quarantined. As malware is constantly being created or morphing, QVM has the advantage of being able to detect threats that have not been previously identified. According to PC Security Labs, an independent security product test organization, QVM has a detection rate of 74.9% for unknown new malware, which surpasses most heuristic detection technologies".
« Last Edit: September 09, 2015, 03:33:18 PM by yessnooo »

Offline windstorm

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 3630
Re: What's Machine Learning mean?
« Reply #9 on: September 20, 2015, 09:17:04 AM »
It learns from the samples, but currently the machine learning training is performed in offline. Thus it is not in real-time. We're collecting many files and then perform training periodically.

We have plan to convert it online, for each file uploaded to this system, but this needs a major implementation, plus a good selection of samples to be trained. We should not let bad samples 'poisoning' the Machine Learning algorithm.

Hm.. Not sure if that's the problem. Since CIS uses a trusted vendors list, wouldn't it be better to feed Valkyrie with those?  :)

Online wasgij6

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5536
Re: What's Machine Learning mean?
« Reply #10 on: September 23, 2015, 02:13:14 PM »
Just ran across a good video about machine learning

https://www.youtube.com/watch?t=3&v=bHvf7Tagt18
| Win 10 Pro (x64) | UAC Disabled | CFW | Intel i7 4770k | Asus Maximus VI Formula Mobo | Asus GeForce GTX 780 | G.Skill TridentX 32gb RAM | Samsung 850 Pro SSD |

Offline SD Ahmad

  • Comodo's Hero
  • *****
  • Posts: 809
    • http://orient-news.net/en
Re: What's Machine Learning mean?
« Reply #11 on: August 07, 2016, 03:35:43 AM »
Why do we no longer see this property?  :embarassed:

Online wasgij6

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5536
Re: What's Machine Learning mean?
« Reply #12 on: August 07, 2016, 01:36:32 PM »
Why do we no longer see this property?  :embarassed:

its still there its just called static detection
| Win 10 Pro (x64) | UAC Disabled | CFW | Intel i7 4770k | Asus Maximus VI Formula Mobo | Asus GeForce GTX 780 | G.Skill TridentX 32gb RAM | Samsung 850 Pro SSD |

Lucentwarrior

  • Guest
Re: What's Machine Learning mean?
« Reply #13 on: November 13, 2016, 10:31:21 AM »
It learns from the samples, but currently the machine learning training is performed in offline. Thus it is not in real-time. We're collecting many files and then perform training periodically.

We have plan to convert it online, for each file uploaded to this system, but this needs a major implementation, plus a good selection of samples to be trained. We should not let bad samples 'poisoning' the Machine Learning algorithm.

Would it be ok for me to inquire how many characteristics the machine learning portion examines of the file and what your plans are for improving upon this and implementing this into CIS?

Offline valkyrie_team

  • Newbie
  • *
  • Posts: 2
  • Valkryie Team
    • Valkyrie
Re: What's Machine Learning mean?
« Reply #14 on: November 14, 2016, 05:50:05 AM »
hi,
Hundreds of characteristics belonging to binary and its run-time behavior are used for Valkyrie Machine Learning and this number is still increasing day by day. It is a never ending story and a continuous improvement effort. Our target is ~100 % reliable detection by Machine Learning and ~0% false positive rates. Service is currently in use at Valkyrie. CIS is also using machine learning to some extent to detect malware. There is a close tie between Valkyrie and CIS machine learning efforts. Further integration is intended in the near future.
regards,
Valkyrie Team

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek