detection evasion Archives - ThreatsHub Cybersecurity News

Using process creation properties to catch evasion techniques

June 30, 2022 TH Author Cybersecurity, detection evasion, Microsoft security intelligence, process creation, process injection

We developed a robust detection method in Microsoft Defender for Endpoint that can catch known and unknown variations of a process execution class used by attackers to evade detection. This class of stealthy execution techniques include process doppelganging, process herpadering, and process ghosting.
The post Using process creation properties to catch evasion techniques appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

New machine learning model sifts through the good to unearth the bad in evasive malware

July 25, 2019 TH Author AI and machine learning, antivirus, Automation, Cybersecurity, detection evasion, Endpoint security, LockerGoga, machine learning, Microsoft Defender Advanced Threat Protection, Microsoft Defender ATP, Microsoft security intelligence, monotonic models, next generation protection, Windows Defender Antivirus

Most machine learning models are trained on a mix of malicious and clean features. Attackers routinely try to throw these models off balance by stuffing clean features into malware. Monotonic models are resistant against adversarial attacks because they are trained differently: they only look for malicious features. The magic is this: Attackers can’t evade a monotonic model by adding clean features. To evade a monotonic model, an attacker would have to remove malicious features.
The post New machine learning model sifts through the good to unearth the bad in evasive malware appeared first on Microsoft Security. READ MORE HERE…