Uncovering Unknown Threats With Human-Readable Machine Learning

Aided by machine learning, we analyzed data on 3 million software downloads from hundreds of thousands of internet-connected machines. We looked into the major domains from where different malware categories were downloaded and discussed which client applications were mostly targeted by malware infection. We also looked at code signing abuse and examined certain certification authorities that were found with certificates that were used for signing malicious code. In this blog post, we will discuss how we developed a human-readable machine learning system that is able to determine whether a downloaded file is benign or malicious in nature. The development of this actionable intelligent system stemmed from the question: How can we make our knowledge about global software download events actionable?