Botconf Author Listing

Anastasia Poliakova

Last known affiliation: Alibaba Cloud
Bio: Anastasia Polyakova is senior security engineer in Security Innovation Labs at Alibaba Cloud, working on malware detection and analysis with the power of AI. Before joining Alibaba she worked at Venafi, focusing on application security for cryptographic key and certificates management software. Anastasia graduated from Information Technology and Optics University of Saint-Petersburg.
Date: 2022-04-28
Detecting emerging malware on cloud before VirusTotal can see it
Anastasia Poliakova 🗣 | Andreas Pfadler 🗣 | Yuriy Yuzifovich | Ali Fakeri-Tabrizi | Gan Feng | Hongliang Liu | Thanh Nguyen

Abstract (click to view)

In this session, we will present our approach for detecting newly emerging malware on a cloud platform and predicting its behavior, and doing so before VirusTotal or any other 3rd party detection engine can report it.

We will specifically describe our methodology for detecting emerging malware and predicting its behavior by combining an anomaly detection engine (we refer to as ‘GAD’ – General Anomaly Detection system), and a graph pattern-learning machine.

Slides Icon
Paper Link Icon
Date: 2020-12-04
Honeypot + graph learning + reasoning = scale up your emerging threat analysis
Ali Fakeri-Tabrizi 🗣 | Hongliang Liu 🗣 | Anastasia Poliakova | Yohai Einav

Abstract (click to view)

You must see thousands of new threats hitting your honeypot, what would you do next? Buying more coffee for the security research team so they can keep analyzing more? At Alibaba Cloud, we have the same flood of emerging new threats in our honeypot and we want to present our work to scale up the new threat analysis, with our honeypot system, the graph learning algorithm and the reasoning framework, surely, the most important, human in the loop!

The real-life problem comes after having a large honeypot system. We see new bots in the honeypot every hour, and they also try their best to fool our honeypot. Alibaba Cloud security team’s honeypot supports ssh, telnet, and HTTP protocols, that allows us to catch attacks on different levels. However, with new attacks vectors, it might be difficult to track existing malicious comparing. An attacker can easily change the hash value of binaries, structure of a payload, or adopt new vulnerabilities to attack with the same set of TTP (Tactics, Techniques, and Procedures). To make it worse, such changes are happening every hour.

Scroll to Top