まっちゃだいふくの日記

セキュリティのこと、ITの気になった記事をリンクしています。

How Microsoft found a Huawei driver that opened systems to attack | Ars Technica@ Windows Defender APTすげぇな。

How Microsoft found a Huawei driver that opened systems to attack | Ars Technica:How Microsoft found a Huawei driver that opened systems to attack | Ars Technica

The interesting part of the story is how Microsoft found the bad driver in the first place.
Microsoft Defender ATP does not rely solely on signature-based endpoint antimalware to detect known threats; it also uses heuristics that look for behavior that appears suspicious, even if no particular malware has been identified. Windows itself notices certain actions taken by software and reports them to the Defender ATP cloud service, and machine learning-based algorithms look for anomalies in these reports.

How Microsoft found a Huawei driver that opened systems to attack | Ars Technica