SlideShare a Scribd company logo

Malice through the looking glass

I
Interop
Education
1 of 17
Download to read offline
Malice Through the Looking Glass Behavior Analysis for the Next Decade Jeff Debrosse
“It is better to be roughly right than precisely wrong.” •John Maynard Keynes
ANALYZE THIS… Industry core focus • code analysis • Parse textual content
ANALYZE THAT… Add social engineering analysis to threat analysis • Examine the behavior of the victim (underlying causes) • Treat the disease as well as the symptom(s)!
Security Convenience TRADITIONAL SECURITY DILEMMA
PSYCHOLOGY AND DECEPTION “Psychological manipulation of an individual or set of individuals to produce a desired effect on their behavior.“
TODAY’S AV VENDOR GOAL To increase the security of our customers • Heuristic Technology • Cloud-based Solutions • Others Today we mostly look for: • Known bad objects (blacklisting) • Known good objects (whitelisting, change detection)
THE PSYCHOLOGY OF DETECTION What does behavior analysis have to do with social engineering? • Fake AV sells • Manual analysis = large overhead (and it’s getting larger) • User behavior: another security layer?
THE PSYCHOLOGY OF DETECTION JDLR: Cop Talk for “Just Don’t Look Right” At this point, we may identify software as: • Already classified • Resembles badware (JDLR) • Shares characteristics of badware • Something which may be good or bad, but has proscribed characteristics
THE HUMAN ELEMENT “No matter how low an opinion you have of your users, they will find a way to disappoint you” • Stamos’ Law (or his corollary to Murphy’s Law) • Stamos, BH 2009
PROBABILITY AND EMAIL Bayesian spam filtering • Counts number of incorrect classifications. • Low computational overhead • Very fast machine learning
BAYESIAN ANALYSIS IN ACTION the phrase “male enhancement” is detected in the body of the email (85% probability of the message being spam) the subject contains the phrase “real prescription meds” (95% probability) the body also contains the word (FREE) in all caps (98% probability) the sender’s email address and sending server are different – 99.9% probability)
PROBABILITY AND PEOPLE Can we predict human behavior (with any accuracy)? Behavioral targeting does this today!
GET YOUR GAME (THEORY) ON Game theory attempts to predict behavior such as: • the interaction between two people • movements of financial markets • modern-day warfare
THE PRISONER’S DILEMMA (OR PREDICTABLE RATIONALITY) S1 confess don’t confess 10,10 0,20 S2 don’t 20,0 1,1
CONCLUSION Feedback Ethics Optimized by… • Cloud? • Aggregation? Have we reached the • Behavioral Data? industry’s limits?
QUESTIONS?

Recommended

Cutting costs with pc power management approaches, pitfalls and best practices
Cutting costs with pc power management approaches, pitfalls and best practicesCutting costs with pc power management approaches, pitfalls and best practices
Cutting costs with pc power management approaches, pitfalls and best practicesInterop
 
VDI Monitoring
VDI MonitoringVDI Monitoring
VDI Monitoringkrajav
 
Desktop virtualization primer one size does not fit all
Desktop virtualization primer one size does not fit allDesktop virtualization primer one size does not fit all
Desktop virtualization primer one size does not fit allInterop
 
Branch Office Infrastructure
Branch Office InfrastructureBranch Office Infrastructure
Branch Office InfrastructureAidan Finn
 
Data center
Data centerData center
Data centerEmad Soltani
 
Algorithmic fairness
Algorithmic fairnessAlgorithmic fairness
Algorithmic fairnessAnthonyMelson
 
DeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSODeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSOAlexander Hutton
 
Session 10. Risk Management lekture financial markets
Session 10. Risk Management lekture financial marketsSession 10. Risk Management lekture financial markets
Session 10. Risk Management lekture financial marketsparketkril09
 

Recommended

Cutting costs with pc power management approaches, pitfalls and best practices
Cutting costs with pc power management approaches, pitfalls and best practicesCutting costs with pc power management approaches, pitfalls and best practices
Cutting costs with pc power management approaches, pitfalls and best practicesInterop
 
VDI Monitoring
VDI MonitoringVDI Monitoring
VDI Monitoringkrajav
 
Desktop virtualization primer one size does not fit all
Desktop virtualization primer one size does not fit allDesktop virtualization primer one size does not fit all
Desktop virtualization primer one size does not fit allInterop
 
Branch Office Infrastructure
Branch Office InfrastructureBranch Office Infrastructure
Branch Office InfrastructureAidan Finn
 
Data center
Data centerData center
Data centerEmad Soltani
 
Algorithmic fairness
Algorithmic fairnessAlgorithmic fairness
Algorithmic fairnessAnthonyMelson
 
DeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSODeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSOAlexander Hutton
 
Session 10. Risk Management lekture financial markets
Session 10. Risk Management lekture financial marketsSession 10. Risk Management lekture financial markets
Session 10. Risk Management lekture financial marketsparketkril09
 
The Role of Agent-Based Modelling in Extending the Concept of Bounded Rationa...
The Role of Agent-Based Modelling in Extending the Concept of Bounded Rationa...The Role of Agent-Based Modelling in Extending the Concept of Bounded Rationa...
The Role of Agent-Based Modelling in Extending the Concept of Bounded Rationa...Edmund Chattoe-Brown
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO CompliancePECB
 
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Alex Pinto
 
Guest Lecture Business Rules Management / Decision Management Utrecht University
Guest Lecture Business Rules Management / Decision Management Utrecht UniversityGuest Lecture Business Rules Management / Decision Management Utrecht University
Guest Lecture Business Rules Management / Decision Management Utrecht UniversityMartijn Zoet
 
"Cognitive Traps in Security Planning"
"Cognitive Traps in Security Planning""Cognitive Traps in Security Planning"
"Cognitive Traps in Security Planning"Ian MacVicar
 
Privacy in AI/ML Systems: Practical Challenges and Lessons Learned
Privacy in AI/ML Systems: Practical Challenges and Lessons LearnedPrivacy in AI/ML Systems: Practical Challenges and Lessons Learned
Privacy in AI/ML Systems: Practical Challenges and Lessons LearnedKrishnaram Kenthapadi
 
Algorithmic Fairness: A Brief Introduction
Algorithmic Fairness: A Brief IntroductionAlgorithmic Fairness: A Brief Introduction
Algorithmic Fairness: A Brief IntroductionAnthonyMelson
 
BSidesLV 2013 - Using Machine Learning to Support Information Security
BSidesLV 2013 - Using Machine Learning to Support Information SecurityBSidesLV 2013 - Using Machine Learning to Support Information Security
BSidesLV 2013 - Using Machine Learning to Support Information SecurityAlex Pinto
 
Social media & sentiment analysis splunk conf2012
Social media & sentiment analysis splunk conf2012Social media & sentiment analysis splunk conf2012
Social media & sentiment analysis splunk conf2012Michael Wilde
 
David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...
David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...
David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...Travel Tech Conference Russia
 
Introduction to FAIR - Factor Analysis of Information Risk
Introduction to FAIR - Factor Analysis of Information RiskIntroduction to FAIR - Factor Analysis of Information Risk
Introduction to FAIR - Factor Analysis of Information RiskOsama Salah
 
The Banality of Certainty: Organizational, ethical and cognitive pathologies ...
The Banality of Certainty: Organizational, ethical and cognitive pathologies ...The Banality of Certainty: Organizational, ethical and cognitive pathologies ...
The Banality of Certainty: Organizational, ethical and cognitive pathologies ...EffectiveStates
 
Fix What Matters: A Data Driven Approach to Vulnerability Management
Fix What Matters: A Data Driven Approach to Vulnerability ManagementFix What Matters: A Data Driven Approach to Vulnerability Management
Fix What Matters: A Data Driven Approach to Vulnerability ManagementMichael Roytman
 
Explaining Black-Box Machine Learning Predictions - Sameer Singh, Assistant P...
Explaining Black-Box Machine Learning Predictions - Sameer Singh, Assistant P...Explaining Black-Box Machine Learning Predictions - Sameer Singh, Assistant P...
Explaining Black-Box Machine Learning Predictions - Sameer Singh, Assistant P...Sri Ambati
 
Fix What Matters
Fix What MattersFix What Matters
Fix What MattersEd Bellis
 
Breaking Bad in Cyberspace Understanding why and how Black Ha
Breaking Bad in Cyberspace Understanding why and how Black HaBreaking Bad in Cyberspace Understanding why and how Black Ha
Breaking Bad in Cyberspace Understanding why and how Black HaVannaSchrader3
 
Big Human Data
Big Human DataBig Human Data
Big Human DataBenjamin Ellis
 
What data scientists really do, according to 50 data scientists
What data scientists really do, according to 50 data scientistsWhat data scientists really do, according to 50 data scientists
What data scientists really do, according to 50 data scientistsHugo Bowne-Anderson
 
Homonoids, Tools and Methodologies – An Engineer’s Reality Check
Homonoids, Tools and Methodologies – An Engineer’s Reality CheckHomonoids, Tools and Methodologies – An Engineer’s Reality Check
Homonoids, Tools and Methodologies – An Engineer’s Reality CheckAndreas Koschak
 
The Future of Advanced Analytics
The Future of Advanced AnalyticsThe Future of Advanced Analytics
The Future of Advanced AnalyticsHaystax Technology
 
Preparing for the cloud
Preparing for the cloudPreparing for the cloud
Preparing for the cloudInterop
 
Portable clouds navigating cloud standards
Portable clouds navigating cloud standardsPortable clouds navigating cloud standards
Portable clouds navigating cloud standardsInterop
 

More Related Content

Similar to Malice through the looking glass

The Role of Agent-Based Modelling in Extending the Concept of Bounded Rationa...
The Role of Agent-Based Modelling in Extending the Concept of Bounded Rationa...The Role of Agent-Based Modelling in Extending the Concept of Bounded Rationa...
The Role of Agent-Based Modelling in Extending the Concept of Bounded Rationa...Edmund Chattoe-Brown
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO CompliancePECB
 
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Alex Pinto
 
Guest Lecture Business Rules Management / Decision Management Utrecht University
Guest Lecture Business Rules Management / Decision Management Utrecht UniversityGuest Lecture Business Rules Management / Decision Management Utrecht University
Guest Lecture Business Rules Management / Decision Management Utrecht UniversityMartijn Zoet
 
"Cognitive Traps in Security Planning"
"Cognitive Traps in Security Planning""Cognitive Traps in Security Planning"
"Cognitive Traps in Security Planning"Ian MacVicar
 
Privacy in AI/ML Systems: Practical Challenges and Lessons Learned
Privacy in AI/ML Systems: Practical Challenges and Lessons LearnedPrivacy in AI/ML Systems: Practical Challenges and Lessons Learned
Privacy in AI/ML Systems: Practical Challenges and Lessons LearnedKrishnaram Kenthapadi
 
Algorithmic Fairness: A Brief Introduction
Algorithmic Fairness: A Brief IntroductionAlgorithmic Fairness: A Brief Introduction
Algorithmic Fairness: A Brief IntroductionAnthonyMelson
 
BSidesLV 2013 - Using Machine Learning to Support Information Security
BSidesLV 2013 - Using Machine Learning to Support Information SecurityBSidesLV 2013 - Using Machine Learning to Support Information Security
BSidesLV 2013 - Using Machine Learning to Support Information SecurityAlex Pinto
 
Social media & sentiment analysis splunk conf2012
Social media & sentiment analysis splunk conf2012Social media & sentiment analysis splunk conf2012
Social media & sentiment analysis splunk conf2012Michael Wilde
 
David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...
David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...
David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...Travel Tech Conference Russia
 
Introduction to FAIR - Factor Analysis of Information Risk
Introduction to FAIR - Factor Analysis of Information RiskIntroduction to FAIR - Factor Analysis of Information Risk
Introduction to FAIR - Factor Analysis of Information RiskOsama Salah
 
The Banality of Certainty: Organizational, ethical and cognitive pathologies ...
The Banality of Certainty: Organizational, ethical and cognitive pathologies ...The Banality of Certainty: Organizational, ethical and cognitive pathologies ...
The Banality of Certainty: Organizational, ethical and cognitive pathologies ...EffectiveStates
 
Fix What Matters: A Data Driven Approach to Vulnerability Management
Fix What Matters: A Data Driven Approach to Vulnerability ManagementFix What Matters: A Data Driven Approach to Vulnerability Management
Fix What Matters: A Data Driven Approach to Vulnerability ManagementMichael Roytman
 
Explaining Black-Box Machine Learning Predictions - Sameer Singh, Assistant P...
Explaining Black-Box Machine Learning Predictions - Sameer Singh, Assistant P...Explaining Black-Box Machine Learning Predictions - Sameer Singh, Assistant P...
Explaining Black-Box Machine Learning Predictions - Sameer Singh, Assistant P...Sri Ambati
 
Fix What Matters
Fix What MattersFix What Matters
Fix What MattersEd Bellis
 
Breaking Bad in Cyberspace Understanding why and how Black Ha
Breaking Bad in Cyberspace Understanding why and how Black HaBreaking Bad in Cyberspace Understanding why and how Black Ha
Breaking Bad in Cyberspace Understanding why and how Black HaVannaSchrader3
 
What data scientists really do, according to 50 data scientists
What data scientists really do, according to 50 data scientistsWhat data scientists really do, according to 50 data scientists
What data scientists really do, according to 50 data scientistsHugo Bowne-Anderson
 
Homonoids, Tools and Methodologies – An Engineer’s Reality Check
Homonoids, Tools and Methodologies – An Engineer’s Reality CheckHomonoids, Tools and Methodologies – An Engineer’s Reality Check
Homonoids, Tools and Methodologies – An Engineer’s Reality CheckAndreas Koschak
 
The Future of Advanced Analytics
The Future of Advanced AnalyticsThe Future of Advanced Analytics
The Future of Advanced AnalyticsHaystax Technology
 

Similar to Malice through the looking glass (20)

The Role of Agent-Based Modelling in Extending the Concept of Bounded Rationa...
The Role of Agent-Based Modelling in Extending the Concept of Bounded Rationa...The Role of Agent-Based Modelling in Extending the Concept of Bounded Rationa...
The Role of Agent-Based Modelling in Extending the Concept of Bounded Rationa...
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO Compliance
 
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
 
Guest Lecture Business Rules Management / Decision Management Utrecht University
Guest Lecture Business Rules Management / Decision Management Utrecht UniversityGuest Lecture Business Rules Management / Decision Management Utrecht University
Guest Lecture Business Rules Management / Decision Management Utrecht University
 
"Cognitive Traps in Security Planning"
"Cognitive Traps in Security Planning""Cognitive Traps in Security Planning"
"Cognitive Traps in Security Planning"
 
Privacy in AI/ML Systems: Practical Challenges and Lessons Learned
Privacy in AI/ML Systems: Practical Challenges and Lessons LearnedPrivacy in AI/ML Systems: Practical Challenges and Lessons Learned
Privacy in AI/ML Systems: Practical Challenges and Lessons Learned
 
Algorithmic Fairness: A Brief Introduction
Algorithmic Fairness: A Brief IntroductionAlgorithmic Fairness: A Brief Introduction
Algorithmic Fairness: A Brief Introduction
 
BSidesLV 2013 - Using Machine Learning to Support Information Security
BSidesLV 2013 - Using Machine Learning to Support Information SecurityBSidesLV 2013 - Using Machine Learning to Support Information Security
BSidesLV 2013 - Using Machine Learning to Support Information Security
 
Social media & sentiment analysis splunk conf2012
Social media & sentiment analysis splunk conf2012Social media & sentiment analysis splunk conf2012
Social media & sentiment analysis splunk conf2012
 
David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...
David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...
David Turnbull - Hotel data - In the kingdom of the blind, the one eyed man i...
 
Introduction to FAIR - Factor Analysis of Information Risk
Introduction to FAIR - Factor Analysis of Information RiskIntroduction to FAIR - Factor Analysis of Information Risk
Introduction to FAIR - Factor Analysis of Information Risk
 
The Banality of Certainty: Organizational, ethical and cognitive pathologies ...
The Banality of Certainty: Organizational, ethical and cognitive pathologies ...The Banality of Certainty: Organizational, ethical and cognitive pathologies ...
The Banality of Certainty: Organizational, ethical and cognitive pathologies ...
 
Fix What Matters: A Data Driven Approach to Vulnerability Management
Fix What Matters: A Data Driven Approach to Vulnerability ManagementFix What Matters: A Data Driven Approach to Vulnerability Management
Fix What Matters: A Data Driven Approach to Vulnerability Management
 
Explaining Black-Box Machine Learning Predictions - Sameer Singh, Assistant P...
Explaining Black-Box Machine Learning Predictions - Sameer Singh, Assistant P...Explaining Black-Box Machine Learning Predictions - Sameer Singh, Assistant P...
Explaining Black-Box Machine Learning Predictions - Sameer Singh, Assistant P...
 
Fix What Matters
Fix What MattersFix What Matters
Fix What Matters
 
Breaking Bad in Cyberspace Understanding why and how Black Ha
Breaking Bad in Cyberspace Understanding why and how Black HaBreaking Bad in Cyberspace Understanding why and how Black Ha
Breaking Bad in Cyberspace Understanding why and how Black Ha
 
Big Human Data
Big Human DataBig Human Data
Big Human Data
 
What data scientists really do, according to 50 data scientists
What data scientists really do, according to 50 data scientistsWhat data scientists really do, according to 50 data scientists
What data scientists really do, according to 50 data scientists
 
Homonoids, Tools and Methodologies – An Engineer’s Reality Check
Homonoids, Tools and Methodologies – An Engineer’s Reality CheckHomonoids, Tools and Methodologies – An Engineer’s Reality Check
Homonoids, Tools and Methodologies – An Engineer’s Reality Check
 
The Future of Advanced Analytics
The Future of Advanced AnalyticsThe Future of Advanced Analytics
The Future of Advanced Analytics
 

More from Interop

Preparing for the cloud
Preparing for the cloudPreparing for the cloud
Preparing for the cloudInterop
 
Portable clouds navigating cloud standards
Portable clouds navigating cloud standardsPortable clouds navigating cloud standards
Portable clouds navigating cloud standardsInterop
 
Planning for (and deploying!) 4 g wireless
Planning for (and deploying!) 4 g wirelessPlanning for (and deploying!) 4 g wireless
Planning for (and deploying!) 4 g wirelessInterop
 
Planning and implementing windows 7
Planning and implementing windows 7Planning and implementing windows 7
Planning and implementing windows 7Interop
 
Overview and current topics in solid state storage
Overview and current topics in solid state storageOverview and current topics in solid state storage
Overview and current topics in solid state storageInterop
 
Outsourcing it security yes, it’s still your problem
Outsourcing it security yes, it’s still your problemOutsourcing it security yes, it’s still your problem
Outsourcing it security yes, it’s still your problemInterop
 
Next gen lan infrastructure
Next gen lan infrastructureNext gen lan infrastructure
Next gen lan infrastructureInterop
 
New approaches to vulnerability management
New approaches to vulnerability managementNew approaches to vulnerability management
New approaches to vulnerability managementInterop
 
Mst cloud interoperability process
Mst cloud interoperability processMst cloud interoperability process
Mst cloud interoperability processInterop
 
Mobile security new challenges practical solutions
Mobile security new challenges practical solutionsMobile security new challenges practical solutions
Mobile security new challenges practical solutionsInterop
 
Mobile computing threats
Mobile computing threatsMobile computing threats
Mobile computing threatsInterop
 
Mobile application development strategies
Mobile application development strategiesMobile application development strategies
Mobile application development strategiesInterop
 
Managing your virtual environment
Managing your virtual environmentManaging your virtual environment
Managing your virtual environmentInterop
 
Managing change in the data center network
Managing change in the data center networkManaging change in the data center network
Managing change in the data center networkInterop
 
Managing a public cloud
Managing a public cloudManaging a public cloud
Managing a public cloudInterop
 
Extending the lifecycle of your storage area network
Extending the lifecycle of your storage area networkExtending the lifecycle of your storage area network
Extending the lifecycle of your storage area networkInterop
 
Desktop virtualization best practices
Desktop virtualization best practicesDesktop virtualization best practices
Desktop virtualization best practicesInterop
 
Deep dive why networking must fundamentally change
Deep dive why networking must fundamentally changeDeep dive why networking must fundamentally change
Deep dive why networking must fundamentally changeInterop
 
Deep dive storage networking the path to performance
Deep dive storage networking the path to performanceDeep dive storage networking the path to performance
Deep dive storage networking the path to performanceInterop
 
Deep dive network requirementsfor enterprise video conferencing
Deep dive network requirementsfor enterprise video conferencingDeep dive network requirementsfor enterprise video conferencing
Deep dive network requirementsfor enterprise video conferencingInterop
 

More from Interop (20)

Preparing for the cloud
Preparing for the cloudPreparing for the cloud
Preparing for the cloud
 
Portable clouds navigating cloud standards
Portable clouds navigating cloud standardsPortable clouds navigating cloud standards
Portable clouds navigating cloud standards
 
Planning for (and deploying!) 4 g wireless
Planning for (and deploying!) 4 g wirelessPlanning for (and deploying!) 4 g wireless
Planning for (and deploying!) 4 g wireless
 
Planning and implementing windows 7
Planning and implementing windows 7Planning and implementing windows 7
Planning and implementing windows 7
 
Overview and current topics in solid state storage
Overview and current topics in solid state storageOverview and current topics in solid state storage
Overview and current topics in solid state storage
 
Outsourcing it security yes, it’s still your problem
Outsourcing it security yes, it’s still your problemOutsourcing it security yes, it’s still your problem
Outsourcing it security yes, it’s still your problem
 
Next gen lan infrastructure
Next gen lan infrastructureNext gen lan infrastructure
Next gen lan infrastructure
 
New approaches to vulnerability management
New approaches to vulnerability managementNew approaches to vulnerability management
New approaches to vulnerability management
 
Mst cloud interoperability process
Mst cloud interoperability processMst cloud interoperability process
Mst cloud interoperability process
 
Mobile security new challenges practical solutions
Mobile security new challenges practical solutionsMobile security new challenges practical solutions
Mobile security new challenges practical solutions
 
Mobile computing threats
Mobile computing threatsMobile computing threats
Mobile computing threats
 
Mobile application development strategies
Mobile application development strategiesMobile application development strategies
Mobile application development strategies
 
Managing your virtual environment
Managing your virtual environmentManaging your virtual environment
Managing your virtual environment
 
Managing change in the data center network
Managing change in the data center networkManaging change in the data center network
Managing change in the data center network
 
Managing a public cloud
Managing a public cloudManaging a public cloud
Managing a public cloud
 
Extending the lifecycle of your storage area network
Extending the lifecycle of your storage area networkExtending the lifecycle of your storage area network
Extending the lifecycle of your storage area network
 
Desktop virtualization best practices
Desktop virtualization best practicesDesktop virtualization best practices
Desktop virtualization best practices
 
Deep dive why networking must fundamentally change
Deep dive why networking must fundamentally changeDeep dive why networking must fundamentally change
Deep dive why networking must fundamentally change
 
Deep dive storage networking the path to performance
Deep dive storage networking the path to performanceDeep dive storage networking the path to performance
Deep dive storage networking the path to performance
 
Deep dive network requirementsfor enterprise video conferencing
Deep dive network requirementsfor enterprise video conferencingDeep dive network requirementsfor enterprise video conferencing
Deep dive network requirementsfor enterprise video conferencing
 

Recently uploaded

ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxnelietumpap1
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 

Recently uploaded (20)

ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptx
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 

Malice through the looking glass

  • 1. Malice Through the Looking Glass Behavior Analysis for the Next Decade Jeff Debrosse
  • 2. “It is better to be roughly right than precisely wrong.” •John Maynard Keynes
  • 3. ANALYZE THIS… Industry core focus • code analysis • Parse textual content
  • 4. ANALYZE THAT… Add social engineering analysis to threat analysis • Examine the behavior of the victim (underlying causes) • Treat the disease as well as the symptom(s)!
  • 5. Security Convenience TRADITIONAL SECURITY DILEMMA
  • 6. PSYCHOLOGY AND DECEPTION “Psychological manipulation of an individual or set of individuals to produce a desired effect on their behavior.“
  • 7. TODAY’S AV VENDOR GOAL To increase the security of our customers • Heuristic Technology • Cloud-based Solutions • Others Today we mostly look for: • Known bad objects (blacklisting) • Known good objects (whitelisting, change detection)
  • 8. THE PSYCHOLOGY OF DETECTION What does behavior analysis have to do with social engineering? • Fake AV sells • Manual analysis = large overhead (and it’s getting larger) • User behavior: another security layer?
  • 9. THE PSYCHOLOGY OF DETECTION JDLR: Cop Talk for “Just Don’t Look Right” At this point, we may identify software as: • Already classified • Resembles badware (JDLR) • Shares characteristics of badware • Something which may be good or bad, but has proscribed characteristics
  • 10. THE HUMAN ELEMENT “No matter how low an opinion you have of your users, they will find a way to disappoint you” • Stamos’ Law (or his corollary to Murphy’s Law) • Stamos, BH 2009
  • 11. PROBABILITY AND EMAIL Bayesian spam filtering • Counts number of incorrect classifications. • Low computational overhead • Very fast machine learning
  • 12. BAYESIAN ANALYSIS IN ACTION the phrase “male enhancement” is detected in the body of the email (85% probability of the message being spam) the subject contains the phrase “real prescription meds” (95% probability) the body also contains the word (FREE) in all caps (98% probability) the sender’s email address and sending server are different – 99.9% probability)
  • 13. PROBABILITY AND PEOPLE Can we predict human behavior (with any accuracy)? Behavioral targeting does this today!
  • 14. GET YOUR GAME (THEORY) ON Game theory attempts to predict behavior such as: • the interaction between two people • movements of financial markets • modern-day warfare
  • 15. THE PRISONER’S DILEMMA (OR PREDICTABLE RATIONALITY) S1 confess don’t confess 10,10 0,20 S2 don’t 20,0 1,1
  • 16. CONCLUSION Feedback Ethics Optimized by… • Cloud? • Aggregation? Have we reached the • Behavioral Data? industry’s limits?