Malware Antibodies: A Prototype for Adaptive Immune Response to Threats

Raja Babu Annamala , Research Team Lead , K7 Computing

Georgelin Manuel , Software Developer , K7 Computing

“One man’s tool is another man’s weapon” – Bruce Wayne, The Dark Knight Rises

Security Vendors often face such a dilemma when managing enterprises whose environments differ vastly from each other. A tight protection mechanism at one site could cause false positive issues at another site. But what if the protection mechanism at each site could adapt and evolve to suit its own environment and the nature of threat therein?

This presentation describes a framework for generating proactive protection for threats instantly, on premise, adapted to an enterprise’s specific environment. Malware antibodies are generic detections for suspicious objects triggered by event monitoring or static heuristics on the affected device itself. Alternatively, antibodies can be generated for an object provided as input by the administrator. Specific metadata is extracted from the object and processed on premise using evolutionary algorithms and information retrieval techniques to minimize false positive risk within that environment.

Malware antibodies will always remain within the environment in which they were created. This enables protection mechanisms to be more aggressive and targeted at one site without affecting any other site’s experience. In addition, this framework enables each enterprise to have its own definition of “malicious” with a corresponding set of on-demand malware antibodies. Finally, metadata extracted and processed to aid antibody generation does not leave the enterprise’s environment, unless a strictly optional cloud extension is enabled.

The presentation will include a live demo of a PoC of the framework.

Raja Babu Annamala

Raja Babu graduated from the University of Madras in 2008 with a Master’s degree in Computer Applications. He started his career as a malware analyst at Comodo, where he worked for about three years. He joined K7 Threat Control Lab as Threat Researcher in 2010 and is currently working as Research Team Lead. His main responsibilities include detailed malware analysis, developing automated systems and training new threat researchers. He has earlier co-authored a paper for AVAR 2013. In his free time he likes to watch movies, cooking and spending time with his family.

Georgelin Manuel

Technology with a Master’s degree in Computer and Information Science. Since his inception at K7 Computing, he has been involved in enhancing product features and researching data mining techniques, using machine learning algorithms on various file formats, focusing primarily on Win32 Portable Executables. His interests are data mining and machine learning.