Signatureless Malware Detection

Industry Solution
Step #1
Perform training with the following kinds of machine data. Ingest machine data during times of low activity on your endpoint and high activity on your endpoint, so that the full scope of functionality of your software is captured in training. Ingest one or more of the following machine data from Category #1. Ingest one or more of the following machine data from Category #2. And ingest one or more of the following machine data from Category #3.
Category #1
  • General system-wide error messages from /var/log/syslog
  • Auditing logs of application rulesets
  • Auditing logs of security contexts
  • Auditing logs of login attempts from /var/log/auth.log
  • Auditing logs of user management or group management
  • Auditing logs of password management
  • Application specific logs from /var/log
  • File system status of files and directories from stat
  • Auditing logs of package management
  • Auditing logs of configuration management
Category #2
  • Raw dumps from sniffing at Layers 2-3
  • Raw dumps from /proc of kernel data structures
  • Raw dumps of kernel routing tables
  • Network services configuration files
  • Network interface configuration files
Category #3
  • Headless raw dumps of active executables
  • Memory profiles of active executables
  • Summaries of memory debugging, memory management or memory profiling
  • File integrity checking with checksum matching prior to either base infection or payload infection
  • Summaries of resource utilization: physical, network, I/O, disks, processes, etc.
Step #2
Periodically upload a new source of machine data and get its prediction report. The new source should contain that same kind of machine data with close similarity in structure and formatting to the machine data ingested in training. At a minimum the new source must contain the deltas of that same kind of machine data ingested in training. The maximum number of prediction reports per endpoint is 1 Report/Second.
Step #3
Parse the predictions report that's in JSON format for threat notifications.
Get Started
Start your free 30-day trial
Sign up to get started using your free, no contract 30-day trial. Register endpoints, perform training and create reports!
  • Free 30-Day Trial
  • Monthly Subscription: $25/Endpoint
  • No Commitment
  • Includes 50GB Free Storage
  • Additional Storage: $0.3101/GB
  • Super Fast Response: 1 Report/Second
  • Get Results Today!
Name:
Company Name:
Email:
Country: