Machine Learning

Speed, scale and accuracy

Avira applies a variety of machine learning techniques to address today’s cybersecurity challenges of scale, speed, and accuracy. We apply an ensemble of techniques: from deep learning and convolutional neural networks to supervised and unsupervised machine learning. These techniques (models) are applied for detection tasks including the detection of malware and phishing, depending on the needs of the customers and the capabilities of the underlying platform.

Swarm intelligence

Avira looks beyond the capabilities of malware scanning engines and heuristics, towards the application of artificial intelligence to threat analysis. We apply it to behavioral analysis and feature extraction. We implement it in the cloud, on virtual machines and within the client desktop. It’s at the heart of our swarm intelligence network of nearly 100 million sensors.

Decades of experience

AI cybersecurity solutions can only be as good as the data being fed into the machine learning platform, and Avira’s data is vast, rich, and complex. This is the fuel powering Avira’s machine learning engine. Avira maintains databases containing hundreds of millions of malicious files, continually updated with fresh intelligence to offer real-time protection.

Excellent false positive performance

Supervised and unsupervised machine learning techniques offer significant benefits in terms of accurate and fast classification of malware. They offer very low false positive rates, and very fast retraining times but they do require a large training base, extensive data expertise, and resources.

Zero-day detection

At the heart of Avira’s zero-day threat detection capability lies NightVision^TM, our third-generation machine learning system. Massively powerful and cloud based, it is capable of analyzing files in over 8,000 dimensions to deliver super-fast categorization of new threats.

NightVision^TM uses an ensemble of machine learning techniques because we’ve got the experience and skills in-house to choose the right model for the right job. The result is a system that benefits from super-low false positive rates and retraining times measured in minutes. This means we attain award-winning levels of accuracy and our customers remain vulnerable to new malware for the shortest possible time.

High accuracy, end-point malware detection

Avira employs machine learning in our anti-malware SDKs to provide the most accurate local threat assessment possible. At the same time, it helps deliver one of the smallest system footprints in the cybersecurity industry.

On local or network devices, Avira’s MicroVision^TM and AndroidVision^TM machine learning models apply powerful analytical rules. These instantly create a risk profile for unknown files on the local platform and help decide whether further analysis is needed with the Avira Protection Cloud.

High confidence, on-Premise, in-network, malware analysis

It is not always possible to share suspicious files with a cloud security service for analysis. Sometimes those files contain highly private or classified information. In these cases, Avira deploys the NightVision^TM machine learning engine on-premise within a secure virtual appliance. It delivers a local assessment of whether an artefact is likely to be malicious.

Feature engineering and extraction

Feature engineering and extraction is best done by hand, and sometimes it needs to be automated.

It develops attributes that comprise of everything from the basics, such as file section size or entropy (obfuscation), to those derived from the structure, such as anomalies created by intended or unintended modifications to files artificially created by the malware author.

Avira’s malware analysts are experts in applying deep learning to feature engineering and extraction to uncover the unknown unknowns. Avira makes extensive use of some of the most advanced convolutional neural networks to automate and scale feature engineering and extraction.