4. ANALYZE THAT…
Add social engineering analysis to
threat analysis
• Examine the behavior of the victim
(underlying causes)
• Treat the disease as well as the
symptom(s)!
5. Security Convenience
TRADITIONAL SECURITY DILEMMA
7. TODAY’S AV VENDOR GOAL
To increase the security of our customers
• Heuristic Technology
• Cloud-based Solutions
• Others
Today we mostly look for:
• Known bad objects (blacklisting)
• Known good objects (whitelisting, change
detection)
8. THE PSYCHOLOGY OF DETECTION
What does behavior analysis have
to do with social engineering?
• Fake AV sells
• Manual analysis = large overhead (and it’s
getting larger)
• User behavior: another security layer?
9. THE PSYCHOLOGY OF DETECTION
JDLR: Cop Talk for “Just Don’t Look Right”
At this point, we may identify software as:
• Already classified
• Resembles badware (JDLR)
• Shares characteristics of badware
• Something which may be good or bad, but has
proscribed characteristics
10. THE HUMAN ELEMENT
“No matter how low an
opinion you have of
your users, they will
find a way to
disappoint you”
• Stamos’ Law (or his corollary
to Murphy’s Law)
• Stamos, BH 2009
11. PROBABILITY AND EMAIL
Bayesian spam filtering
• Counts number of incorrect
classifications.
• Low computational
overhead
• Very fast machine learning
12. BAYESIAN ANALYSIS IN ACTION
the phrase “male enhancement” is detected in the body of the
email (85% probability of the message being spam)
the subject contains the phrase “real prescription meds” (95%
probability)
the body also contains the word (FREE) in all caps (98%
probability)
the sender’s email address and sending server are different –
99.9% probability)
13. PROBABILITY AND PEOPLE
Can we predict human
behavior (with any accuracy)?
Behavioral targeting does this
today!
14. GET YOUR GAME (THEORY) ON
Game theory attempts to
predict behavior such as:
• the interaction between two
people
• movements of financial
markets
• modern-day warfare