Talk / Overview
Everything and everyone are being connected, creating an opportunity for resourceful threat actors to conduct low-volume persistent attacks that are tailored to high valuable targets. By investing in sophisticated techniques, attackers render traditional approaches against targeted attacks ineffective,
resulting in an acute need for innovative defense mechanisms. In this talk, I will introduce our work towards developing a holistic strategy that supports the security practitioner in bridging this gap. In particular, we address key challenges encountered during the phases of detection, analysis and response, and propose machine learning approaches that allow the security analyst to
identify spear-phishing emails without the need to rely on their content, perform malware triage based on the structural characterization of malicious code and correlate threat intelligence at scale through an open-source platform for threat data. Individually, these techniques push the boundaries of existing research against targeted attacks by rendering the main entry vector largely ineffective, assisting at better understanding the nature of malicious code and enabling the sharing and correlation of threat data. As a whole, these ideas open new avenues for research on defense mechanisms and represent an attempt to counteract the unbalance between resourceful actors and society at large.