Security Unlocked 9.29.21
Ep 46 | 9.29.21

What the Fuzz?!

Show Notes

Do you have a data science or engineering background? If so, you're in luck. If not, you're also in luck because today's guest found a way to make a few complex subjects understandable for everyone. The first of many topics... Fuzzy hashing. It might sound like an adorable, adventurous Muppet character, but I promise you the reason behind it is not cute at all. The short explanation is "fighting crime with math," and honestly, the short version is all I've got for you. So, sit back and pay attention to an episode even the hosts plan on listening to twice. 

In this episode of Security Unlocked, hosts Nic Fillingham and Natalia Godyla are joined by Edir Garcia Lazo, a data scientist currently working for the Microsoft Defender Cybersecurity Artificial Intelligence Team. Edir specializes in writing cloud machine learning models for the Malware Classification sub-team, working with threat hunters, reverse engineers, or security researchers. Edir talks us through character changes in malicious payloads, polymorphic malware, and the difference between fuzzing and fuzzy hashing.   

Questions we ask: 

  • What inspired the team to look at fuzzy hashing and deep learning as techniques for detection instead of some of the more traditional methods? 
  • Is there a limit to how much change the fuzzy hashing methodology can recognize? 
  • What are some of the major differences between fuzzing and fuzzy hashing? 

What you’ll learn: 

  • Why fuzzy hashes aren't a cure-all and continue to have problems with radically new malware. 
  • Differences between perceptron and a multilayer perceptron. 
  • The compatibility between deep learning and fuzzy hashing. 

Resources:  

Combing through the fuzz: Using fuzzy hashing and deep learning to counter malware detection evasion techniques 

View Edir on LinkedIn

Related:

Listen to: Afternoon Cyber Tea with Ann Johnson

Listen to: Security Unlocked: CISO Series with Bret Arsenault 


Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.