Machine Learning

Machine learning is how Avira scales the detection and classification of malware. It is one of the powerful techniques we use to protect our technology partners and their customers from threats. Machine learning enables Avira to predict the future.

Download Whitepaper

Speed, scale and accuracy

Avira applies a variety of machine learning techniques to address today’s cybersecurity challenges of scale, speed, and accuracy. We apply an ensemble of techniques: from deep learning and convolutional neural networks to supervised and unsupervised machine learning. These techniques (models) are applied for detection tasks including the detection of malware and phishing, depending on the needs of the customers and the capabilities of the underlying platform.

Swarm intelligence

Avira looks beyond the capabilities of malware scanning engines and heuristics, towards the application of artificial intelligence to threat analysis. We apply it to behavioral analysis and feature extraction. We implement it in the cloud, on virtual machines and within the client desktop. It’s at the heart of our swarm intelligence network of nearly 100 million sensors.

Decades of experience

AI cybersecurity solutions can only be as good as the data being fed into the machine learning platform, and Avira’s data is vast, rich, and complex. This is the fuel powering Avira’s machine learning engine. Avira maintains databases containing hundreds of millions of malicious files, continually updated with fresh intelligence to offer real-time protection.

Excellent false positive performance

Supervised and unsupervised machine learning techniques offer significant benefits in terms of accurate and fast classification of malware. They offer very low false positive rates, and very fast retraining times but they do require a large training base, extensive data expertise, and resources.

Applying Machine Learning

Zero-day detection

At the heart of Avira’s zero-day threat detection capability lies NightVisionTM, our third-generation machine learning system. Massively powerful and cloud based, it is capable of analyzing files in over 8,000 dimensions to deliver super-fast categorization of new threats.

NightVisionTM uses an ensemble of machine learning techniques because we’ve got the experience and skills in-house to choose the right model for the right job. The result is a system that benefits from super-low false positive rates and retraining times measured in minutes. This means we attain award-winning levels of accuracy and our customers remain vulnerable to new malware for the shortest possible time.

High accuracy, end-point malware detection

Avira employs machine learning in our anti-malware SDKs to provide the most accurate local threat assessment possible. At the same time, it helps  deliver one of the smallest system footprints in the cybersecurity industry.

On local or network devices, Avira’s MicroVisionTM and AndroidVisionTM machine learning models apply powerful analytical rules. These instantly create a risk profile for unknown files on the local platform and help decide whether further analysis is needed with the Avira Protection Cloud.

 

High confidence, on-Premise, in-network, malware analysis

It is not always possible to share suspicious files with a cloud security service for analysis. Sometimes those files contain highly private or classified information. In these cases, Avira deploys the NightVisionTM machine learning engine on-premise within a secure virtual appliance. It  delivers a local assessment of whether an artefact is likely to be malicious.

Feature engineering and extraction 

Feature engineering and extraction is best done by hand, and sometimes it needs to be automated.

It develops attributes that comprise of everything from the basics, such as file section size or entropy (obfuscation), to those derived from the structure, such as anomalies created by intended or unintended modifications to files artificially created by the malware author.

Avira’s malware analysts are experts in applying deep learning to feature engineering and extraction to uncover the unknown unknowns. Avira makes extensive use of some of the most advanced convolutional neural networks to automate and scale feature engineering and extraction.

 

Machine learning for behavioral analysis 

Avira collects vast amounts of anonymized data from its sensor networks. From our customers – consumers or business users-or from routers, firewalls and gateways, we get visibility into new and emerging malware. From our IoT SafeThings router agents, we collect metadata and apply machine learning to classify usage patterns and build a normalized model of use that detects anomalies. We do all of this to protect the users in the connected world.

Blog

Technologies

Protecting the smart home

Avira's SafeThings allows service providers and router manufacturers to protect customers' smart homes from IoT threats.

Learn more

AI and machine learning

Machine learning on the endpoint and in the cloud is one of the core technologies we use to protect people in the connected world.

Learn more

Avira Protection Cloud

At the heart of Avira's anti-malware and threat intelligence systems lies the Avira Protection Cloud.

Learn more

Avira scan technology

Find out how Avira’s scan engines utilize the most advanced machine learning, heuristics and generics. 

Learn more

Data protection 

Understanding how to protect customer data, and build a licensing model is an important part of a technology partnership.

Learn more


Avira’s Insights Blog

News, views and insights from Avira experts on current issues in the cyber-security industry.

AI & machine learning, threat intelligence & APIs, malware analysis, data privacy

Let's have a chat about how we can offer you a tailored solution...

Build your own security systems with our anti-malware SDKs, and enhance your threat intelligence.

Contact us