Module 10 of C1b3rWall Academy 2021, “Forensic analysis. Malware and stealth techniques”, moves to the second block of content. It begins with a keynote lecture by Mario Guerra from Disruptive Consulting, which focuses on reducing, as much as possible, the advantage cybercriminals have in terms of their malware analysis capabilities. Mario explained that, in threat detection, there are several categories such as configuration analysis, threat modeling, indicators of compromise and the behavior of the threat itself. These categories relate to the following variables:

  • Transparency. Visibility of an alert that analytics brings to the analyst (what happened and what it means).
  • Durability. Readiness with which the analytic approach withstands adversary change.
  • Ease of implementation. Amount of time, effort, and data required for implementation.
  • Coverage. Number of analytics needed to provide maximum research coverage.
  • Adaptability. How well an organization tunes the approach to its specific environment to improve the false positive/negative rate.

Machine learning-based detection

He also explains that everything to do with machine learning has its origin in big data. The goal is for the system to be able to detect harmful agents on the basis of the criteria established in the algorithm. The creation of personal algorithms makes it possible to adjust them to special needs, achieving a better or more specific product than a commercial product, making it possible to reduce false positives/negatives.

When samples of malware are available from a threat group that is relevant to the organization, the development of detection technologies based on machine learning can aid in the detection of new samples of such threats.

The difference between a machine learning algorithm and a traditional one is that the latter provides the system with sequential step-by-step instructions on how to operate, whereas machine learning systems learn from the samples to differentiate between good and bad according to the defined threshold. This will make it possible to automate the work of signature creation.

We still have a lot to learn about cybersecurity, but every subject that our speakers touch on is very interesting. I invite you to follow the complete program of the C1b3rWall Academy 2021, which I assure you will not be in vain.

At the following link is the complete News-365 article and you can register here to access all the presentations belonging to this module.

Posted by Juan M. Corchado

Juan Manuel Corchado (15 de Mayo de 1971, Salamanca, España) Catedrático en la Universidad de Salamanca. Ha sido Vicerrector de Investigación desde el 2013 hasta el 2017 y Director del Parque Científico de la Universidad de Salamanca. Elegido dos veces como Decano de la Facultad de Ciencias, es Doctor en Ciencias de la Computación por la Universidad de Salamanca y, además, es Doctor en Inteligencia Artificial por la University of the West of Scotland. Dirige el Grupo de Investigación Reconocido BISITE (Bioinformática, Sistemas Inteligentes y Tecnología Educativa), creado en el año 2000. Director del IOT Digital Innovation Hub y presidente del AIR Institute, J. M. Corchado también es Profesor Visitante en el Instituto Tecnológico de Osaka desde enero de 2015, Profesor visitante en la Universiti Malaysia Kelantan y Miembro del Advisory Group on Online Terrorist Propaganda of the European Counter Terrorism Centre (EUROPOL). J. M. Corchado ha sido presidente de la asociación IEEE Systems, Man and Cybernetics, y coordinador académico del Instituto Universitario de Investigación en Arte y Tecnología de la Animación de la Universidad de Salamanca e investigador en las Universidades de Paisley (UK), Vigo (Spain) y en el Plymouth Marine Laboratory (UK). En la actualidad compagina toda su actividad con la dirección de los programas de Máster en Seguridad, Animación Digital, Telefonía Movil, Dirección de Sistemas de Información, Internet de las Cosas, Social Media, Diseño e Impresión 3D, Blockchain, Z System, Industria 4.0, Gestión de Proyectos Ágiles y Smart Cities & Intelligent Buildings​, en la Universidad de Salamanca y su trabajo como editor jefe de las revistas ADCAIJ (Advances in Distributed Computing and Artificial Intelligence Journal), OJCST (Oriental Journal of Computer Science and Technology) o Electronics MDPI (Computer Science & Engineering section). J. M. Corchado desarrolla principalmente trabajos en proyectos relacionados con Inteligencia Artificial, Machine Learning, Blockchain, IoT, Fog Computing, Edge Computing, Smart Cities, Smart Grids y Análisis de sentimiento.