Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Machine learning vs. social engineering
Published Jun 07 2018 10:21 AM 695 Views
Microsoft

Check out the new blog about how Microsoft machine learning technologies address non-PE attacks that rely on social engineering. Go to the full blog

 

fig4-cloud-ml-models.png

 

Here are some excerpts:

 

Modern social engineering attacks use non-portable executable (PE) files like malicious scripts and macro-laced documents, typically in combination with social engineering lures. Every month, Windows Defender AV detects non-PE threats on over 10 million machines. These threats commonly arrive as  attachments on phishing email or through drive-by web downloads, removable drives, or browser exploits. The most common non-PE threat file types are JavaScript and VBScript...

 

... Windows Defender AV combines local machine learning models, behavior-based detection algorithms, generics, and heuristics with a detonation system and powerful ML models in the cloud to provide real-time protection against polymorphic malware. Expert input from researchers, advanced technologies like Antimalware Scan Interface (AMSI), and rich intelligence from the Microsoft Intelligent Security Graph continue to enhance next-generation endpoint protection platform (EPP) capabilities in Windows Defender Advanced Threat Protection.

Version history
Last update:
‎Jun 07 2018 10:21 AM
Updated by: