What's Machine Learning mean?

Can you please give us some information about what the new Valkyrie has?

I believe its another term used for A.I.

We are performing many different analysis on a file in Valkyrie. Machine Learning is one of them and basically it analyses the file static attributes from different perspectives and tries to find common patterns with previously analyzed files. Here comes the Machine learning, which performs these findings. And, if the attributes turn out to be similar to malware files that have already been identified (even if this file is newly created) Valkyrie can detect this. Same for clean files as well.

This is one of the superiority of Valkyrie over regular detection techniques.

So it learns continuously from samples. It always scans files and every file info improve its capability.
Today I sent many samples to new Valkyrie and approx. all files detected as malware by “Machine Learning”
Thank you or your answer Fatih.

It learns from the samples, but currently the machine learning training is performed in offline. Thus it is not in real-time. We’re collecting many files and then perform training periodically.

We have plan to convert it online, for each file uploaded to this system, but this needs a major implementation, plus a good selection of samples to be trained. We should not let bad samples ‘poisoning’ the Machine Learning algorithm.

Now, I can understand better about machine learning.
I have another question, I submit the samples which has the final verdict “Undetected” to malware analyst.
How much time they need to answer me?

Another question is, will you have a plan to implement this system into CIS? CIS can upload those unknown and zero-day samples to Valkyrie by default.


The manual analysis time depends on the work load of the team. It may take from a few hours to a few days.

We have plans to integrate to CIS, but not now. We need to be confident that it will support millions of users before integrating CIS.

Thank you Fatih for your valuable feedbacks :-TU
I am looking forward to official release with more informations about it,

Keep up the good works,
Türkiye’den sevgilerle :wink:

Qihoo 360 products has QVM - is their “Machine Learning” technology.

"QVM is our proprietary technology that detects malware through an artificial-intelligence algorithm capable of machine learning to recognize new forms of malware. QVM technology offers a robust model for recognizing malware characteristics using the massive amount of data that we have compiled on confirmed malware in our blacklist and verified safe programs files in our whitelist. This model is used as a basis for a detection algorithm which is automatically enhanced and updated with new malware samples submitted by our users to our servers.

Program files that do not appear in our blacklist and whitelist are scanned using QVM, and any ‘‘hits’’ returned by this technology are presumed to be malicious and removed or quarantined. As malware is constantly being created or morphing, QVM has the advantage of being able to detect threats that have not been previously identified. According to PC Security Labs, an independent security product test organization, QVM has a detection rate of 74.9% for unknown new malware, which surpasses most heuristic detection technologies".

Hm… Not sure if that’s the problem. Since CIS uses a trusted vendors list, wouldn’t it be better to feed Valkyrie with those? :slight_smile:

Just ran across a good video about machine learning

Why do we no longer see this property? :embarassed:

its still there its just called static detection

Would it be ok for me to inquire how many characteristics the machine learning portion examines of the file and what your plans are for improving upon this and implementing this into CIS?

Hundreds of characteristics belonging to binary and its run-time behavior are used for Valkyrie Machine Learning and this number is still increasing day by day. It is a never ending story and a continuous improvement effort. Our target is ~100 % reliable detection by Machine Learning and ~0% false positive rates. Service is currently in use at Valkyrie. CIS is also using machine learning to some extent to detect malware. There is a close tie between Valkyrie and CIS machine learning efforts. Further integration is intended in the near future.

Thank you for your response, 100% is a pretty hefty goal, seen some very close, but not without False Positives and False Negatives. I look forward to watching and testing the integration as time unfolds :slight_smile: