Advanced AI solution for enterprise malware detection

Advanced AI solution for enterprise malware detection_

For one of our clients, we developed an enterprise malware detection application that runs on an enterprise’s data centre storage systems (SAN) and does real-time monitoring of the SAN I/O activity. This cybersecurity solution employs an advanced AI solution for anomaly detection that allows blocking malware from corrupting enterprise data.

Client _

  • ProLion GmbH
  • Cybersecurity, anti-malware solutions
  • Vienna, AT

Business case _

  • Malware detection
  • Monitor the storage usage

Industry _

  • IT Services
  • Data centers
  • Storage
  • Cybersecurity

Services _

Project type _

  • Web
  • Distributed backend

Technology _

  • Java
  • NetApp Clustered Data ONTAP
  • Hazelcast
  • Docker
  • REST endpoints
  • AWS virtualisation
  • Machine learning

Challenges _

Since malware can hit in many different forms and have a heavy impact on the final user, we have to:

  • Provide a powerful custom solution that protects against all threats (both known and new/unknown).
  • Ensure the best malware detection accuracy while keeping false positives at a minimum (or zero).
  • Deliver real-time detection and protection that spans across the whole SAN network.
  • Keep SAN performance unaffected.

Solutions _

We met client’s high expectations with a series of cross-technology solutions:

  • AI anomaly detection techniques that determine what is “normal” traffic and allow it to pass while “suspicious” traffic is blocked.
  • Model training and evaluation with extensive real data collected from production SAN logs.
  • Processing and enhancement of collected data set to obtain an even greater synthetic “real-like” dataset.
  • Setting up of simulated SAN environments, and release of malware to collect footprints.
  • Model parameters tweaking to ensure the highest precision and recall scores.
  • Implementation of distributed architecture, with sensors on each SAN node and dedicated processing nodes to run the detection model.
  • Development of a home-grown decision tree variant that is both accurate and lightweight enough for the use case.
  • Hyperparameter tuning to minimize the model while maintaining accuracy.

Interested to know more about our expertise in cybersecurity solutions?

29 years in business | 2700 software projects | 760 clients | 24 countries

We turn ideas into software. What is yours?

Get in touch

7 + 14 =