Can you imagine a world where incident alerts arrive 30 minutes or less before the incident even happens?
You would have the power to prevent problems and deliver a truly seamless experience to your customers.
Sound impossible? Think again.
Machine Learning is often associated with big data and the analysis of enormous volumes of data to produce some actionable results.
The larger the data, the better the result in Machine Learning based on the amount of data and the algorithms chosen.
With the right Artificial Intelligence (AI) solution, you can maintain uptime, reduce manual incident-management tasks and increase productivity.
But is Machine Learning really that important?
The sentiment that machine learning is really nothing to get excited about, or that it’s just a redressing of age-old statistical techniques, is growing increasingly ubiquitous. But the trouble is, it isn’t true.
Machine Learning is not just glorified Statistics.
Let’s walk you through Machine Learning with Acronis.
The first step is a stack trace analysis.
A stack trace is a report of the active stack frames at a certain point in time during the execution of a program.
When a program is run, memory is often dynamically allocated in two places: 1. the stack and 2. the heap.
Memory is contiguously allocated on a stack, but not on a heap – as indicated by their names.
Put simply, it is possible to detect code injections from ransomware using process stack trace analysis based on the Machine Learning approach.
Real-life scenario
Acronis compiled enormous volumes of data by taking clean Windows systems that run scores of legitimate processes.
Then, obtained millions of legitimate stack traces of these processes and, using decision tree learning, built different models of “good” behaviour.
They took malicious stack traces from various sources to provide “bad” examples and based on these millions of learning samples, patterns were developed.
Using decision tree learning, this moved from observations about an item to conclusions about the item’s target value.
The goal is to create a model that predicts the value of a target variable based on several input variables.
Acronis experts use decision tree learning because the performance of the client machine shouldn’t be affected while collecting and sending the data.
This algorithm achieves goals!
So, when is Machine Learning activated in the actual product?
Acronis Active Protection is based on behavioural heuristics.
In version 2.0 several new heuristics were added, which are looking for legitimate processes.
If Active Protection notices something strange is going on with a legitimate process, it takes a stack trace and sends it to Machine Learning modules, where the behaviour is compared with existing models of clean and infected stack traces to determine if it’s a threat or not.
If the behaviour is confirmed to be malicious, the user gets an alert suggesting that they should block the ransomware-like process.
As a result, Machine Learning also reduces any potential false positives as it acts as the second authority for heuristics to make a final decision.
The new level of anti-ransomware defence
With Machine Learning leading the way, all of these technologies bring Acronis Active Protection to a whole new level, especially when it comes to zero-day threats.
It creates a model of which processes are legitimate, so even if ‘bad guys’ find a new vulnerability or way to infiltrate the system, Machine Learning will detect the ransomware’s processes and put a stop to them.
Machine Learning models can be used to analyse scripts and we are already working in this direction.
NioGuard Security Lab performed a test that showed that most backup solutions are unable to detect ransomware attacks.
Acronis Active Protection is much more effective compared to other anti-malware solutions and can be easily activated as part of Acronis data protection solutions.
Acronis Machine Learning Improves Ransomware Detection
Acronis Active Protection is an advanced technology that uses sophisticated analysis to monitor and stop erratic processes on your system.
If ransomware somehow manages to get through your anti-virus and starts to encrypt files, Acronis Active Protection will detect the encryption and immediately halt it – automatically restoring the files to the most recently backed up version.
This technology comes standard as part of Acronis Data Protection solutions and has prevented more than 200,000 ransomware attacks.
Leave us a comment below about your experience with machine learning.
[…] forward, machine data associated with IoT will likely become a significant factor contributing to data […]