Machine learning is how Avira scales the detection and classification of malware. It is one of the powerful techniques we employ to protect our technology partners and their customers from threats. Machine learning enables Avira to predict the future.Download Whitepaper
Avira applies a variety of machine learning techniques to address today’s cyber-security challenges of scale, speed, and accuracy. We apply an ensemble of techniques: from Deep Learning and Convolutional Neural Networks to Supervised and Unsupervised machine learning. These techniques (models) are applied for detection tasks including malware detection and phishing detection, depending on the needs of the customers and the capabilities of the underlying platform.
Avira looks beyond the capabilities of malware scanning engines and heuristics, towards the application of Artificial Intelligence to threat analysis. We apply it to behavioral analysis and feature extraction. We implement it in the cloud, on virtual machines and within the client desktop. It’s at the heart of our Swarm Intelligence network of nearly 100 million sensors.
AI cybersecurity solutions can only be as good as the data being fed into the Machine Learning platform, and Avira’s data is vast, rich and complex, this is the fuel powering Avira’s Machine Learning engine. Avira maintain databases containing hundreds of millions of malicious files, continually updated with fresh intelligence to offer real-time protection.
Supervised and unsupervised machine learning techniques offer significant benefit in terms of accurate and fast classification of malware. They offer very low False Positive rates, and very fast retraining times but they do require a large training base, extensive data expertise, and resources.
At the heart of Avira’s Zero Day threat detection capability lies NightVisionTM, our third-Generation machine learning system. Massively powerful and cloud-based, it is capable of analyzing files in over 8,000 dimensions to deliver super-fast categorization of new threats.
NightVisionTM uses an ensemble of machine learning techniques because we’ve got the experience and skills in-house to choose the right model for the right job. The result is a system that benefits from super-low false positive rates and retraining times measured in minutes. This means we attain award-winning levels of accuracy and our customers remain vulnerable to new malware for the shortest possible time.
Avira employs machine learning in our Anti-malware SDKs to provide the most possible accurate local threat assessment. At the same time it helps deliver one of the smallest system footprints in the cyber-security industry.
On local or network devices Avira’s MicroVisionTM and AndroidVisionTM machine learning models apply powerful analytical rules. These instantly create a risk profile for unknown files on the local platform and help decide whether further analysis is needed with the Avira Protection Cloud.
It is not always possible to share suspicious files with a cloud security service for analysis. Sometimes those files contain highly private or classified information. In these cases Avira deploys the NightVisionTM machine learning engine on-premise within a secure virtual appliance. It delivers a local assessment of whether an artefact is likely to be malicious.
Feature engineering and extraction is best done by hand, and sometimes it needs to be automated.
It develops attributes that comprise of everything from the basics - such as file section size or entropy (obfuscation) to those derived from the structure such as anomalies created by intended or unintended modifications to files artificially created by the malware author.
Avira’s malware analysts are experts in applying deep learning to feature engineering and extraction to uncover the unknown unknowns. Avira makes extensive use of some of the most advanced Convolutional Neural Networks to automate and scale feature engineering and extraction.
Avira collects vast amounts of anonymized data from its sensor networks. From our customers – consumers or business users, or from routers, firewalls and gateways, we get visibility into new and emerging malware. From our IoT SafeThings router agents we collect metadata and apply machine learning to classify usage patterns, and build a normalized model of use that detect anomalies. We do all of this to protect the users in the connected world.
Avira's SafeThings allows service providers and router manufacturers to protect customers' smart homes from IoT threats.Learn more
Machine learning on the endpoint and in the cloud is one of the core technologies we use to protect people in the connected world.Learn more
At the heart of Avira's anti-malware and threat intelligence systems lies the Avira Protection Cloud.Learn more
Understanding how to protect customer data, and build a licensing model is an important part of a technology partnership.Learn more