Advanced AI solution for enterprise malware detection

Advanced AI solution for enterprise malware detection_

For one of our clients, we developed an enterprise malware detection application that runs on an enterprise’s data centre storage systems (SAN) and does real-time monitoring of the SAN I/O activity. This cybersecurity solution employs an advanced AI solution for anomaly detection that allows blocking malware from corrupting enterprise data.

Client _

  • ProLion GmbH
  • Cybersecurity, anti-malware solutions
  • Vienna, AT

Business case _

  • Malware detection
  • Monitor the storage usage

Industry _

  • IT Services
  • Data centers
  • Storage
  • Cybersecurity

Services _

Project type _

  • Web
  • Distributed backend

Technology _

  • Java
  • NetApp Clustered Data ONTAP
  • Hazelcast
  • Docker
  • REST endpoints
  • AWS virtualisation
  • Machine learning

Challenges _

Since malware can hit in many different forms and have a heavy impact on the final user, we have to:

  • Provide a powerful custom solution that protects against all threats (both known and new/unknown).
  • Ensure the best malware detection accuracy while keeping false positives at a minimum (or zero).
  • Deliver real-time detection and protection that spans across the whole SAN network.
  • Keep SAN performance unaffected.

Solutions _

We met client’s high expectations with a series of cross-technology solutions:

  • AI anomaly detection techniques that determine what is “normal” traffic and allow it to pass while “suspicious” traffic is blocked.
  • Model training and evaluation with extensive real data collected from production SAN logs.
  • Processing and enhancement of collected data set to obtain an even greater synthetic “real-like” dataset.
  • Setting up of simulated SAN environments, and release of malware to collect footprints.
  • Model parameters tweaking to ensure the highest precision and recall scores.
  • Implementation of distributed architecture, with sensors on each SAN node and dedicated processing nodes to run the detection model.
  • Development of a home-grown decision tree variant that is both accurate and lightweight enough for the use case.
  • Hyperparameter tuning to minimize the model while maintaining accuracy.
Download case study as .pdf file

Interested to know more about our expertise in cybersecurity solutions?

Get in touch
29 years in business | 2700 software projects | 760 clients | 24 countries

We turn ideas into software. What is yours?

Get in touch

4 + 2 =