Getting attacked by a malicious software is a nightmare. They are not only highly difficult to cure, but the thought that they can show up any day, anywhere is a cause for sleepless nights. The attackers are getting more and more sophisticated and intelligent. They are also getting very destructive and disruptive, using large variations in techniques and numbers. The traditional technique of identification and tracking of signatures of malware and derivatives is not enough to detect highly malleable and malicious malware.
The malware detection engines have to transform themselves to think ahead of the malware and get more sophisticated to to detect existing and new malicious activities at the earliest. Ideally every one expects Zero Day Protection, that means fix the problem before it starts creating any nuisance.
CoreView team got a fantastic opportunity to build an engine for Malware detection, powered by AI/ML.
The customer had a malware detection technology based on traditional techniques, and it worked very well. Now they were looking to transform this technology using AI/ML to provide zero day protection, and gain a competitive edge.
Also, with many users are using the software on mobile devices, hence the proposed solutions footprint also had to be taken into consideration.
The customer security solution is already in use by a few 10s of million customers; hence the solution needed high accuracy; the tolerance for errors was very very minimal. You can imagine, even 1% of customers of the total customer base, having to make calls to Customer care; it would be a nightmare to handle!
The customer had a fantastic vision for using Data science in their future tech, and hence they had a sound data strategy and a working infrastructure, in place, which guaranteed huge amounts of relevant, labeled data points, and a steady flow of new and unknown data.
Initial attempts tried by other vendors were not providing required accuracy, resulting in significant loss of time and hence causing heartburns to stakeholders and customer’s AI/ML team.
Given the opportunity, CoreView team swung into action right away. Multiple discussions were conducted with the domain experts and analyze of the existing data was carried out.
We then did a detailed feature engineering of the available, known good data, to identify close to hundred useful data features. Multiple tests were done to identify the features with a propensity for prediction and classification. A number of classifier models with multiple variations in each, were selected for the potential. Data Pipelines were created for ingestion, processing-cleanup and training of these models. Every model was trained and tested with huge amounts to data (read ~100 million data points in all). The models were tested on unknown data, tweaked and tuned for optimal results.
Once the models were trained and spewing out results, they were subjected to new data loads, every other day to keep monitoring consistency of results.
Finally with a lot of training, re-training and monitoring; a pipeline of models was selected as a proposed final solution. It was subjected to rigorous testing along side the existing solutions to monitor effectiveness and provide more feedback to the models.
A set of APIs were developed for consumption, training, feedback , which facilitated the integration with the other parts of the solution.
We not only met their accuracy expectations, but we beat it by significant margins!
We could achieve a FPR rate of < 0.3% which was phenomenal and their team could hardly believe it.
The Customer was able to accurately classify the data/files coming to them with malicious behavior with a very high level of accuracy and more magnitudes and magnitudes of times faster than the traditional solution.
Our Customer’s customers are standing to gain, accurate and fast protection, zero day protection from unknown threats.
This was all done under 5 months, flat!
Innovative solution and Huge competitive edge delivered , yet again by CoreView!