Speakers

Deeper Than Deep

Deep Learning, Forensics, Reverse Engineering

Sean
Park


Visual and Generative Malware Outbreak Detection

Senior Malware Scientist
Trend Micro

Sean Park is Senior Malware Scientist within Trend Micro’s Machine Learning Group, an elite team of researchers solving highly difficult problems in the battle against cybercrime. His main research focus is deep learning based threat detection including generative adversarial malware clustering, metamorphic malware detection using semantic hashing and Fourier transform, malicious URL detection with attention mechanism, OS X malware outbreak detection, semantic malicious script autoencoder, and heterogeneous neural network for Android APK detection. He previously worked for Kaspersky, FireEye, Symantec, and Sophos. He also created a critical security system for banking malware at a top Australian bank.

Visual and Generative Malware Outbreak Detection

Many machine learning researchers tend to think of malware detection problem as dataset collection, model selection, model training, hyperparameter tuning to maximise accuracy and to minimise false positives, and finally filling out the confusion matrix. The fundamental drawback of this blind machine learning development cycle combined with traditional machine learning algorithms is we can't have a glimpse of why the model sees it as malicious or clean. Without knowing why, how would you even convince yourself you are right?
Considering the diversity of malware is restricted to each campaign launched by malware author’s automated mutation tool, experienced human analysts can spot the variants of a family in a nick of time without too many training samples. Functioning quite similar to human brain’s neural network, deep learning offers a very nice tool to visually recognise these malware variants. Armed with the generative power of adversarial network, deep learning will get the additional capability to detect previously unseen outbreaks of a malware campaign with only a handful of samples. I will show you why deep learning models are effective in detecting new malware variants by visualising the look of various malware families.

Marvin
Cruz


Shifting Malware Technologies

Senior Threat Researcher
Trend Micro

A seasoned reverse-engineer, forensic investigator, and incident responder. Several patents and trade secret holder for Trend. Currently, working in Taipei as a malware and threat technology consultant. Worked with several teams in TrendMicro; Benchmarking, Escalation Engineer, TRT, Regional Trendlabs, etc. to name a few. On his free time, loves to read a good book and participate in Church and charity activities.

Shifting Malware Technologies

I would like to discuss small shifts in current malware and threat technologies that could affect us in the near/far future. Like for example, serializing a binary .NET assembly program to JScript or VBA macro code is a technology that could introduce additional complications in our current solutions. Think of instant conversion of Mimikatz binary into JScript format and its possible offensive attack advantage. Another new technology is Web Assembly (Wasm) which is not surprisingly cybercrime actors are already into it (especially in malicious Coin Miner threats). Small shifts in malicious code injections technology e.g. Process Doppelganging, Early Bird, Ctrl-Inject and other tech will be covered.

Joseph
Cepe

ML-Boosted Massive Malware Processing

Senior Threat Researcher
Trend Micro

JC is an Anti-Malware Researcher with high interest on reverse engineering, behavior analysis, and pattern recognition. He currently ensures top detection rate in various 3rd-party benchmarking initiatives (such as AV-Test, AV-Comparatives, and NSSLabs). He started with Machine Learning 10 years ago working on classification and clustering technologies. He also maintains the only known CUDA-based binary clustering technology of TrendLabs’ FRS operations called “ABC-Synapse”, leveraging on the high parallel computing capability of Graphics Processing Units (GPUs). He holds a degree in Computer Science from UST.

ML-Boosted Massive Malware Processing

As sophistication and volume of malware increase, software security specialists continue to work smarter than ever to block cyber threats. Taking advantage of various “sensors,” Machine Learning (ML) is used to help determine the impact for users, as well as classify unknown file samples if they are malicious or benign. Also, as cybercriminals attempt to conceal malicious code through various encryption, we tap on explainer modules for some ML algorithms such as Linear Regression and Random Forest to assist Threat Response Teams in analysis and solution delivery. Lastly, to address the massive volume of malware, the talk shares some approaches using High Performance Computing(HPC) in GPU together with ML.

MJ Villanueva

Nor-Malfunction: The Power hiDDEn Within

Threat Researcher
Trend Micro

Michael Jay Villanueva started out his career in Trend Micro in 2015. He works as a threat analyst and researcher under the Core Technology team. During his career, he was able to analyze different threats, create malware reports and clean-up patterns for customers. He also contributes write-ups to TrendLabs Security Intelligence blog. Currently, he is focused in handling deep and wide malware analysis, as well as conducting research for noteworthy/emerging threats. Prior to that, he is a Magna Cum Laude graduate of AMA Computer College from where he holds a Bachelor of Science degree in Computer Science. He loves to sing and play different musical instruments like guitar and drums. He also loves traveling and playing computer games.

Nor-Malfunction: The Power hiDDEn Within

Dynamic Data Exchange (DDE) is an old protocol that provides a way for applications to share data and communicate with each other. Among the applications that makes use DDE, Microsoft Office Applications are the prime targets since this function has been identified by Microsoft as a feature and is working as intended which means that it won’t get patched out anytime soon.

Miguel
Ang

Nor-Malfunction: The Power hiDDEn Within

Threat Researcher
Trend Micro

Miguel Carlo Ang is a graduate of Mapua Institute of Technology and started his career in cybersecurity at Trend Micro in 2011. Starting at Web Reputation Services, he was able to analyze suspicious websites and perform research and documentation for the solution delivered. He also worked as a threat research engineer where he was able to analyze different threats, make technical reports, and make sandboxing solutions for them. Currently, as an end-to-end analysis expert, he now focuses on malware research: analyzing the “bigger picture” and the latest threats that is in the wild today.

Nor-Malfunction: The Power hiDDEn Within

Dynamic Data Exchange (DDE) is an old protocol that provides a way for applications to share data and communicate with each other. Among the applications that makes use DDE, Microsoft Office Applications are the prime targets since this function has been identified by Microsoft as a feature and is working as intended which means that it won’t get patched out anytime soon.

Mithi
Sevilla


Deep Learning: RNNs and Adversarial Examples

AI Consultant

Mithi previously worked as a self-driving car session lead and mentor in Udacity. She's now working on various deep-learning projects

Deep Learning: RNNs and Adversarial Examples

This talk provides a gentle introduction on how deep-learning can solve sequential problems and explores attacks against deep-learning systems.