Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Nowhere to Hide - How HW Telemetry and ML Can Make Life Tough for Exploits

RSA Conference via YouTube

Overview

Explore advanced techniques for detecting malware and exploits using hardware telemetry and machine learning in this 50-minute RSA Conference talk. Delve into the details of building scalable, deployable runtime threat and anomaly detection solutions leveraging CPU telemetry. Learn about telemetry sources, feature selection, overhead management, and platform-specific design considerations. Gain insights into profiling exploits with performance monitoring events, classification pipelines, and identifying relevant events through information gain. Examine sample telemetry, feature mapping, and training pipelines for various detection environments. Discover additional CPU-based techniques, including signature detection and hardware-based anomaly detection using control flow tracing. Understand the evolution of malware detection technologies and how CPU telemetry can reveal even the most concealed malicious code at an instruction level.

Syllabus

Intro
The Evolution of Malware Detection Technologies
CPU Telemetry To The Rescue...wait, what is it?
Profiling exploits with performance monitoring events
DEMO
Classification Pipeline
Which PMU Events?
Information Gain is the key
Sample Telemetry
Identifying Relevant Events
Feature Map Example
Training pipeline
Detection Environments
What else can we use from the CPU
Signature Detection
HW-based Anomaly Detection
What is Control Flow?
How does it work?
HW Telemetries for Control Flow Tracing
Training and detection phases

Taught by

RSA Conference

Reviews

Start your review of Nowhere to Hide - How HW Telemetry and ML Can Make Life Tough for Exploits

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.