Last year we published an #AskSecPro series where we explained how signature-based malware analysis works, as well as how traditional signatures are created. An area we don’t often talk about in public channels, but has played a pivotal role in SiteLock becoming a global leader in website security solutions, is our research and development efforts in new security technologies. In addition to our more traditional approaches to malware detection, SiteLock continues to explore new frontiers in technological improvement to push the field of security research forward. For some time SiteLock has been developing machine learning mechanisms as part of its process for discovering new malware iterations on an automatic basis. Our research in the field has shown that machine learning promises to be an important part of early malware detection and preliminary identification. One of the most significant breakthroughs we’ve had in machine learning as it pertains to malware detection and signatures, has been in feature-based signature analysis.
Tag: machine learning
You could consider signature-based analysis to be like a policeman running the plates of every car in a parking lot against the police department’s database of stolen vehicles. While this may be an effective method for finding stolen vehicles, if the license plate on the car has been changed or obscured, the car will most likely be overlooked. Keeping with this analogy, behavioral analysis would be the detective.