Machine Learning classifier of x32/x64 ELF executables
Any x32/x64 ELF executable file created during container image build and container runtime phases is scanned with Prevasio's ML model.
The model is trained on tens of thousands of malicious and bespoke files, based not only on static file characteristics, but also on the disassembled code and its sequence.
The model targets False Positive Rate of 0.001 (0.1%), resulting in 95.6% detection rate️
over the test set.
Using ML model for scanning allows to preserve detection of known malicious families, even if the samples were modified and recompiled. For example, multiple re-compilation of the Mirai bot with different configurations, such as C&C server, is still reliably covered by Prevasio's ML model.
Prevasio's ML classifier is able to detect malicious executable files within live Docker Hub container images
, such as this one️
. This method is signatureless, and is based on ELF file's static characteristics, its entropy, and the sequence of its disassembled code.