SlideShare a Scribd company logo

Detecting Mobile Malware with Apache Spark with David Pryce

Databricks, profile picture
Databricks

David Pryce discusses the challenges of mobile malware detection and introduces a machine learning solution using Apache Spark to identify and classify mobile threats effectively. The document highlights the growth of mobile malware and the inadequacies of traditional detection methods, emphasizing the need for real-time solutions. A cross-disciplinary team at Wandera is dedicated to addressing these security threats in a scalable and innovative manner.

Data & Analytics
Related topics:
Apache Spark
1 of 20
Downloaded 21 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
David Pryce, Wandera Detecting Mobile Malware with Apache Spark #DSSAIS12
#DSSAIS12 Summary • The problem: Mobile-first malware detection • The data and features • The Machine Learning (ML) model • Why Apache Spark? • Making it production ready • Data Science @ Wandera !2
The power of enterprise mobility !3 Devices are prone to security threats Concerns around appropriate usage Data usage costs are opaque and spiraling Potentially exposing sensitive data Seamless internal communication Added flexibility to working hours Access to more apps and productivity tools E-mail and other services available anywhere
Happy hunting ground for attackers !4 “Mobile threats can no longer be ignored” - AUGUST 2017 - GARTNER MARKET GUIDE TO MOBILE THREAT DEFENSE 100% Mobile malware growth in 2016 435% High severity threats (CVSS) growth in 2016 80% of organizations experienced mobile phishing attack 38% of hackers bypass endpoint defense using social engineering
Introducing the Secure Mobile Gateway !5 ON-DEVICE DETECTION IN-NETWORK PROTECTION
#DSSAIS12 The rise of mobile malware !6 Credit: GData 2017
Our objectives: Identify and Classify !7 SMS MALWARE TYPES Ransomware Spyware Banker Trojan Rooting Adware
#DSSAIS12 Why is this a novel problem? • Mobile malware is on the rise • Signature based detection is no longer scalable or effective • We needed a solution that could • work across both known and unknown threats; • effectively protect our customers; and • enable threat research to quickly identify new outbreaks • First solution = signatures and lists • Our solution = machine learning! !8
#DSSAIS12 The data… !9 Good and bad apps • Source 1: official app stores • Source 2: seen in our devices • Source 3: seen by our gateway 3rd-party threat intelligence External input verified for labels (supervised learning) Currently storing: ~2 million labelled apps +
#DSSAIS12 … and the features !10 Baidu 2016
#DSSAIS12 Feature extraction !11 Direct metadata extraction • Total unique fields for all apps ~ 500,000 • A typical app ~ 10+ fields • SPARSE VECTOR Solution: • Hashing function (vector to indices) • Allows for fast retrieval • With big enough map (2^20) to avoid clashes • DENSE VECTOR
#DSSAIS12 The Machine Learning model • Selected model = Logistic Regression ◦ Models tried = (LogReg, SVM, Decision Tree) • K-fold cross validation to select best parameters • Accuracy: 0.96 
 !12
#DSSAIS12 Why Apache Spark? !13 Model persistence PMML paradigm already integrated Truly big data Millions of data points, millions of fields Ease of use Fast, easy and iterative. From EDA to app in days. Scala and python API. Deployment and Scale From local to cluster is easy!
Wandera 2018 #DSSAIS12 Production ready? !14
P.M.M.L • Predictive Model Markup Language • Industry standard • Pro: Language agnostic, REST API, good algo coverage • Con: large file size !15
#DSSAIS12 Production ready? !16 • Saving to PMML (ML vs MLlib / DF vs RDD) • DataFrame API - doesn’t have PMML functionality (yet) • Hacked PMML to get probabilities for predictions • Size of model ~ 20Mb (compressed) • Overall time to train: less than 2 hours on a big enough cluster F
Live scoring !17 Extracts features & scores app User installs new app 1 2 If score > 0.9 INVESTIGATE / NOTIFY 3
#DSSAIS12 Data Science @ Wandera !18 • Cross-disciplinary team of scientists, analysts & developers • Focus on solving real-world problems in a real-time, distributed network • Global team with presence in USA, London, UK and Czech Republic = Innovative Research + Scalable Architecture + Efficient Feature Delivery
#DSSAIS12 Thanks for listening !19
#DSSAIS12 Appendix 1: model testing results !20 Wandera 2018

More Related Content

PDF
An Update on Scaling Data Science Applications with SparkR in 2018 with Heiko...
Databricks
 
PDF
How Apache Spark Changed the Way We Hire People with Tomasz Magdanski
Databricks
 
PDF
Spark and Online Analytics: Spark Summit East talky by Shubham Chopra
Spark Summit
 
PPTX
Virtualizing Analytics with Apache Spark: Keynote by Arsalan Tavakoli
Spark Summit
 
PDF
The Pursuit of Happiness: Building a Scalable Pipeline Using Apache Spark and...
Databricks
 
PDF
How to Rebuild an End-to-End ML Pipeline with Databricks and Upwork with Than...
Databricks
 
PDF
Data Warehousing with Spark Streaming at Zalando
Databricks
 
PDF
Using Spark-Solr at Scale: Productionizing Spark for Search with Apache Solr...
Databricks
 
An Update on Scaling Data Science Applications with SparkR in 2018 with Heiko...
Databricks
 
How Apache Spark Changed the Way We Hire People with Tomasz Magdanski
Databricks
 
Spark and Online Analytics: Spark Summit East talky by Shubham Chopra
Spark Summit
 
Virtualizing Analytics with Apache Spark: Keynote by Arsalan Tavakoli
Spark Summit
 
The Pursuit of Happiness: Building a Scalable Pipeline Using Apache Spark and...
Databricks
 
How to Rebuild an End-to-End ML Pipeline with Databricks and Upwork with Than...
Databricks
 
Data Warehousing with Spark Streaming at Zalando
Databricks
 
Using Spark-Solr at Scale: Productionizing Spark for Search with Apache Solr...
Databricks
 

What's hot (20)

PDF
An End-to-End Spark-Based Machine Learning Stack in the Hybrid Cloud with Far...
Databricks
 
PDF
Spark at Airbnb
Hao Wang
 
PPTX
Insights Without Tradeoffs Using Structured Streaming keynote by Michael Armb...
Spark Summit
 
PDF
Deep Learning for Large-Scale Online Fraud Detection—Fighting Fraudsters Amon...
Databricks
 
PDF
Apache Spark Listeners: A Crash Course in Fast, Easy Monitoring
Databricks
 
PDF
How R Developers Can Build and Share Data and AI Applications that Scale with...
Databricks
 
PDF
Spark Summit EU talk by Pat Patterson
Spark Summit
 
PDF
"Lessons learned using Apache Spark for self-service data prep in SaaS world"
Pavel Hardak
 
PDF
Automated Production Ready ML at Scale
Databricks
 
PDF
Accelerating Machine Learning on Databricks Runtime
Databricks
 
PDF
Monitoring Half a Million ML Models, IoT Streaming Data, and Automated Qualit...
Databricks
 
PDF
Lessons Learned from Using Spark for Evaluating Road Detection at BMW Autonom...
Databricks
 
PDF
The Power of Unified Analytics with Ali Ghodsi
Databricks
 
PPTX
Virtualizing Analytics with Apache Spark: Keynote by Arsalan Tavakoli
Spark Summit
 
PDF
Moving eBay’s Data Warehouse Over to Apache Spark – Spark as Core ETL Platfor...
Databricks
 
PDF
Building an AI-Powered Retail Experience with Delta Lake, Spark, and Databricks
Databricks
 
PDF
Managing the Complete Machine Learning Lifecycle with MLflow
Databricks
 
PDF
Unifying Streaming and Historical Telemetry Data For Real-time Performance Re...
Databricks
 
PPTX
Spline 2 - Vision and Architecture Overview
Vaclav Kosar
 
PDF
Real-Time Analytics and Actions Across Large Data Sets with Apache Spark
Databricks
 
An End-to-End Spark-Based Machine Learning Stack in the Hybrid Cloud with Far...
Databricks
 
Spark at Airbnb
Hao Wang
 
Insights Without Tradeoffs Using Structured Streaming keynote by Michael Armb...
Spark Summit
 
Deep Learning for Large-Scale Online Fraud Detection—Fighting Fraudsters Amon...
Databricks
 
Apache Spark Listeners: A Crash Course in Fast, Easy Monitoring
Databricks
 
How R Developers Can Build and Share Data and AI Applications that Scale with...
Databricks
 
Spark Summit EU talk by Pat Patterson
Spark Summit
 
"Lessons learned using Apache Spark for self-service data prep in SaaS world"
Pavel Hardak
 
Automated Production Ready ML at Scale
Databricks
 
Accelerating Machine Learning on Databricks Runtime
Databricks
 
Monitoring Half a Million ML Models, IoT Streaming Data, and Automated Qualit...
Databricks
 
Lessons Learned from Using Spark for Evaluating Road Detection at BMW Autonom...
Databricks
 
The Power of Unified Analytics with Ali Ghodsi
Databricks
 
Virtualizing Analytics with Apache Spark: Keynote by Arsalan Tavakoli
Spark Summit
 
Moving eBay’s Data Warehouse Over to Apache Spark – Spark as Core ETL Platfor...
Databricks
 
Building an AI-Powered Retail Experience with Delta Lake, Spark, and Databricks
Databricks
 
Managing the Complete Machine Learning Lifecycle with MLflow
Databricks
 
Unifying Streaming and Historical Telemetry Data For Real-time Performance Re...
Databricks
 
Spline 2 - Vision and Architecture Overview
Vaclav Kosar
 
Real-Time Analytics and Actions Across Large Data Sets with Apache Spark
Databricks
 
Ad

Similar to Detecting Mobile Malware with Apache Spark with David Pryce (20)

PDF
Detecting Mobile Malware with Apache Spark with David Pryce
Databricks
 
PDF
Scaling up with Cisco Big Data: Data + Science = Data Science
eRic Choo
 
PPTX
Evolving Beyond the Data Lake: A Story of Wind and Rain
MapR Technologies
 
PPTX
MapR Product Update - Spring 2017
MapR Technologies
 
PDF
Smack Stack and Beyond—Building Fast Data Pipelines with Jorg Schad
Spark Summit
 
PPTX
Cassandra Summit 2014: Apache Cassandra at Telefonica CBS
DataStax Academy
 
PPTX
20160000 Cloud Discovery Event - Cloud Access Security Brokers
Robin Vermeirsch
 
PDF
Accelerate Big Data Application Development with Cascading
Cascading
 
PPTX
MapR and Machine Learning Primer
Mathieu Dumoulin
 
PPTX
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Symantec
 
PPTX
Webinar: Déployez facilement Kubernetes & vos containers
Mesosphere Inc.
 
PDF
High-performance database technology for rock-solid IoT solutions
Clusterpoint
 
PPTX
[Webinar] Getting to Insights Faster: A Framework for Agile Big Data
Infochimps, a CSC Big Data Business
 
PDF
Predictive Maintenance Using Recurrent Neural Networks
Justin Brandenburg
 
PDF
Big Data LDN 2017: How to leverage the cloud for Business Solutions
Matt Stubbs
 
PPTX
Get Started with Cloudera’s Cyber Solution
Cloudera, Inc.
 
PPTX
ProtectWise Revolutionizes Enterprise Network Security in the Cloud with Data...
DataStax Academy
 
PDF
Mendix-7-Keynote
Michael Swarte
 
PDF
Splunk for DevOps - Faster Insights - Better Code
Philipp Drieger
 
PPTX
How to get Real-Time Value from your IoT Data - Datastax
DataStax
 
Detecting Mobile Malware with Apache Spark with David Pryce
Databricks
 
Scaling up with Cisco Big Data: Data + Science = Data Science
eRic Choo
 
Evolving Beyond the Data Lake: A Story of Wind and Rain
MapR Technologies
 
MapR Product Update - Spring 2017
MapR Technologies
 
Smack Stack and Beyond—Building Fast Data Pipelines with Jorg Schad
Spark Summit
 
Cassandra Summit 2014: Apache Cassandra at Telefonica CBS
DataStax Academy
 
20160000 Cloud Discovery Event - Cloud Access Security Brokers
Robin Vermeirsch
 
Accelerate Big Data Application Development with Cascading
Cascading
 
MapR and Machine Learning Primer
Mathieu Dumoulin
 
Get Your Head in the Cloud: A Practical Model for Enterprise Cloud Security
Symantec
 
Webinar: Déployez facilement Kubernetes & vos containers
Mesosphere Inc.
 
High-performance database technology for rock-solid IoT solutions
Clusterpoint
 
[Webinar] Getting to Insights Faster: A Framework for Agile Big Data
Infochimps, a CSC Big Data Business
 
Predictive Maintenance Using Recurrent Neural Networks
Justin Brandenburg
 
Big Data LDN 2017: How to leverage the cloud for Business Solutions
Matt Stubbs
 
Get Started with Cloudera’s Cyber Solution
Cloudera, Inc.
 
ProtectWise Revolutionizes Enterprise Network Security in the Cloud with Data...
DataStax Academy
 
Mendix-7-Keynote
Michael Swarte
 
Splunk for DevOps - Faster Insights - Better Code
Philipp Drieger
 
How to get Real-Time Value from your IoT Data - Datastax
DataStax
 
Ad

More from Databricks (20)

PPTX
DW Migration Webinar-March 2022.pptx
Databricks
 
PPTX
Data Lakehouse Symposium | Day 1 | Part 1
Databricks
 
PPT
Data Lakehouse Symposium | Day 1 | Part 2
Databricks
 
PPTX
Data Lakehouse Symposium | Day 2
Databricks
 
PPTX
Data Lakehouse Symposium | Day 4
Databricks
 
PDF
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
Databricks
 
PDF
Democratizing Data Quality Through a Centralized Platform
Databricks
 
PDF
Learn to Use Databricks for Data Science
Databricks
 
PDF
Why APM Is Not the Same As ML Monitoring
Databricks
 
PDF
The Function, the Context, and the Data—Enabling ML Ops at Stitch Fix
Databricks
 
PDF
Stage Level Scheduling Improving Big Data and AI Integration
Databricks
 
PDF
Simplify Data Conversion from Spark to TensorFlow and PyTorch
Databricks
 
PDF
Scaling your Data Pipelines with Apache Spark on Kubernetes
Databricks
 
PDF
Scaling and Unifying SciKit Learn and Apache Spark Pipelines
Databricks
 
PDF
Sawtooth Windows for Feature Aggregations
Databricks
 
PDF
Redis + Apache Spark = Swiss Army Knife Meets Kitchen Sink
Databricks
 
PDF
Re-imagine Data Monitoring with whylogs and Spark
Databricks
 
PDF
Raven: End-to-end Optimization of ML Prediction Queries
Databricks
 
PDF
Processing Large Datasets for ADAS Applications using Apache Spark
Databricks
 
PDF
Massive Data Processing in Adobe Using Delta Lake
Databricks
 
DW Migration Webinar-March 2022.pptx
Databricks
 
Data Lakehouse Symposium | Day 1 | Part 1
Databricks
 
Data Lakehouse Symposium | Day 1 | Part 2
Databricks
 
Data Lakehouse Symposium | Day 2
Databricks
 
Data Lakehouse Symposium | Day 4
Databricks
 
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
Databricks
 
Democratizing Data Quality Through a Centralized Platform
Databricks
 
Learn to Use Databricks for Data Science
Databricks
 
Why APM Is Not the Same As ML Monitoring
Databricks
 
The Function, the Context, and the Data—Enabling ML Ops at Stitch Fix
Databricks
 
Stage Level Scheduling Improving Big Data and AI Integration
Databricks
 
Simplify Data Conversion from Spark to TensorFlow and PyTorch
Databricks
 
Scaling your Data Pipelines with Apache Spark on Kubernetes
Databricks
 
Scaling and Unifying SciKit Learn and Apache Spark Pipelines
Databricks
 
Sawtooth Windows for Feature Aggregations
Databricks
 
Redis + Apache Spark = Swiss Army Knife Meets Kitchen Sink
Databricks
 
Re-imagine Data Monitoring with whylogs and Spark
Databricks
 
Raven: End-to-end Optimization of ML Prediction Queries
Databricks
 
Processing Large Datasets for ADAS Applications using Apache Spark
Databricks
 
Massive Data Processing in Adobe Using Delta Lake
Databricks
 

Recently uploaded (20)

PPTX
advance b rammar.pptxfdgdfgdfsgdfgsdgfdfgdfgsdfgdfgdfg
rohullahansari5
 
PPTX
The THESIS FINAL-DEFENSE-PRESENTATION.pptx
hshakobe3
 
PPTX
Moving the Public Sector (Government) to a Digital Adoption
PaulYoung221210
 
PDF
Lecture1 pattern recognition............
ZafriFarid
 
PPT
Reliability_Chapter_ presentation 1221.5784
abobaker13
 
PPTX
climate analysis of Dhaka ,Banglades.pptx
rrawjatun
 
PPTX
STUDY DESIGN details- Lt Col Maksud (21).pptx
AyeshaAsha11
 
PPTX
Business Acumen Training GuidePresentation.pptx
stephvshelton19
 
PPTX
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
 
PPTX
IBA_Chapter_11_Slides_Final_Accessible.pptx
SrikantKapoor1
 
PPTX
Major-Components-ofNKJNNKNKNKNKronment.pptx
dushyantsharma1221
 
PDF
Foundation of Data Science unit number two notes
sanguleumeshit
 
PPT
Chapter 2 METAL FORMINGhhhhhhhjjjjmmmmmmmmm
JanakiRaman206018
 
PDF
Recruitment and Placement PPT.pdfbjfibjdfbjfobj
Alka392097
 
PPTX
Business Ppt On Nestle.pptx huunnnhhgfvu
ashaurya327
 
PDF
Fluorescence-microscope_Botany_detailed content
dollydoll12
 
PDF
Launch Your Data Science Career in Kochi – 2025
sharafas2563
 
PPTX
Supervised vs unsupervised machine learning algorithms
agarwal18harsh08
 
PPTX
Introduction to Knowledge Engineering Part 1
busyprogrammersguide
 
PPT
Chapter 3 METAL JOINING.pptnnnnnnnnnnnnn
JanakiRaman206018
 
advance b rammar.pptxfdgdfgdfsgdfgsdgfdfgdfgsdfgdfgdfg
rohullahansari5
 
The THESIS FINAL-DEFENSE-PRESENTATION.pptx
hshakobe3
 
Moving the Public Sector (Government) to a Digital Adoption
PaulYoung221210
 
Lecture1 pattern recognition............
ZafriFarid
 
Reliability_Chapter_ presentation 1221.5784
abobaker13
 
climate analysis of Dhaka ,Banglades.pptx
rrawjatun
 
STUDY DESIGN details- Lt Col Maksud (21).pptx
AyeshaAsha11
 
Business Acumen Training GuidePresentation.pptx
stephvshelton19
 
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
 
IBA_Chapter_11_Slides_Final_Accessible.pptx
SrikantKapoor1
 
Major-Components-ofNKJNNKNKNKNKronment.pptx
dushyantsharma1221
 
Foundation of Data Science unit number two notes
sanguleumeshit
 
Chapter 2 METAL FORMINGhhhhhhhjjjjmmmmmmmmm
JanakiRaman206018
 
Recruitment and Placement PPT.pdfbjfibjdfbjfobj
Alka392097
 
Business Ppt On Nestle.pptx huunnnhhgfvu
ashaurya327
 
Fluorescence-microscope_Botany_detailed content
dollydoll12
 
Launch Your Data Science Career in Kochi – 2025
sharafas2563
 
Supervised vs unsupervised machine learning algorithms
agarwal18harsh08
 
Introduction to Knowledge Engineering Part 1
busyprogrammersguide
 
Chapter 3 METAL JOINING.pptnnnnnnnnnnnnn
JanakiRaman206018
 

Detecting Mobile Malware with Apache Spark with David Pryce

  • 1. David Pryce, Wandera Detecting Mobile Malware with Apache Spark #DSSAIS12
  • 2. #DSSAIS12 Summary • The problem: Mobile-first malware detection • The data and features • The Machine Learning (ML) model • Why Apache Spark? • Making it production ready • Data Science @ Wandera !2
  • 3. The power of enterprise mobility !3 Devices are prone to security threats Concerns around appropriate usage Data usage costs are opaque and spiraling Potentially exposing sensitive data Seamless internal communication Added flexibility to working hours Access to more apps and productivity tools E-mail and other services available anywhere
  • 4. Happy hunting ground for attackers !4 “Mobile threats can no longer be ignored” - AUGUST 2017 - GARTNER MARKET GUIDE TO MOBILE THREAT DEFENSE 100% Mobile malware growth in 2016 435% High severity threats (CVSS) growth in 2016 80% of organizations experienced mobile phishing attack 38% of hackers bypass endpoint defense using social engineering
  • 5. Introducing the Secure Mobile Gateway !5 ON-DEVICE DETECTION IN-NETWORK PROTECTION
  • 6. #DSSAIS12 The rise of mobile malware !6 Credit: GData 2017
  • 7. Our objectives: Identify and Classify !7 SMS MALWARE TYPES Ransomware Spyware Banker Trojan Rooting Adware
  • 8. #DSSAIS12 Why is this a novel problem? • Mobile malware is on the rise • Signature based detection is no longer scalable or effective • We needed a solution that could • work across both known and unknown threats; • effectively protect our customers; and • enable threat research to quickly identify new outbreaks • First solution = signatures and lists • Our solution = machine learning! !8
  • 9. #DSSAIS12 The data… !9 Good and bad apps • Source 1: official app stores • Source 2: seen in our devices • Source 3: seen by our gateway 3rd-party threat intelligence External input verified for labels (supervised learning) Currently storing: ~2 million labelled apps +
  • 10. #DSSAIS12 … and the features !10 Baidu 2016
  • 11. #DSSAIS12 Feature extraction !11 Direct metadata extraction • Total unique fields for all apps ~ 500,000 • A typical app ~ 10+ fields • SPARSE VECTOR Solution: • Hashing function (vector to indices) • Allows for fast retrieval • With big enough map (2^20) to avoid clashes • DENSE VECTOR
  • 12. #DSSAIS12 The Machine Learning model • Selected model = Logistic Regression ◦ Models tried = (LogReg, SVM, Decision Tree) • K-fold cross validation to select best parameters • Accuracy: 0.96 
 !12
  • 13. #DSSAIS12 Why Apache Spark? !13 Model persistence PMML paradigm already integrated Truly big data Millions of data points, millions of fields Ease of use Fast, easy and iterative. From EDA to app in days. Scala and python API. Deployment and Scale From local to cluster is easy!
  • 15. P.M.M.L • Predictive Model Markup Language • Industry standard • Pro: Language agnostic, REST API, good algo coverage • Con: large file size !15
  • 16. #DSSAIS12 Production ready? !16 • Saving to PMML (ML vs MLlib / DF vs RDD) • DataFrame API - doesn’t have PMML functionality (yet) • Hacked PMML to get probabilities for predictions • Size of model ~ 20Mb (compressed) • Overall time to train: less than 2 hours on a big enough cluster F
  • 17. Live scoring !17 Extracts features & scores app User installs new app 1 2 If score > 0.9 INVESTIGATE / NOTIFY 3
  • 18. #DSSAIS12 Data Science @ Wandera !18 • Cross-disciplinary team of scientists, analysts & developers • Focus on solving real-world problems in a real-time, distributed network • Global team with presence in USA, London, UK and Czech Republic = Innovative Research + Scalable Architecture + Efficient Feature Delivery
  • 20. #DSSAIS12 Appendix 1: model testing results !20 Wandera 2018