Machine Learning Engine

Trained to find the bad

In 2017, BluVector was issued the patent for detecting zero-day malware leveraging supervised machine learning (U.S. Patent 9,665,713).

At a high level, supervised machine learning algorithms work by building a model based on “labeled” training data. Labeled means that someone has assigned a category of interest to each training instance. As with all instances of machine learning, training data is critical. Leveraging 8 years of work with the US Intel Community and their threat data (as part of Northrop Grumman), BluVector has unmatched access to some of the most robust training data available.

Unlike unsupervised machine learning, which is leveraged by most security vendors today, BluVector Machine Learning Engine (MLE) algorithms were pre-trained to immediately identify malicious content embedded within common file formats like Office documents, archives, executables, .pdf and system updates. The result: 99.1%+ detection accuracy upon installation.

BluVector Supervised Machine Learning Overview

BluVector has 35+ individual file classifiers and classifies all files on a probability continuum that spans “benign” to “unknown” to “malicious”. Malware can be encapsulated in any number of packages – including office documents, executables, macros contained within a document, embedded JavaScript, and seemingly legitimate system updates.

Because this malware is increasingly used for destructive purposes, it is critical to intercept and analyze these files at the point of network delivery. BluVector has developed a method of detection using its patented supervised machine learning engine to detect file-based malware in milliseconds on the network. Even if the malware has never been seen before. BluVector MLE looks at the content of a file itself for a combination of characteristics that represent good or malicious software and is able to accurately identify attributes of files designed to perform the functions typical of malware.

Team member
Author Name
Business Title
With nearly 20 years of experience in the security industry, Travis Rosiek is a highly accomplished cyber defense professional having led several commercial and U.S. government programs. He is known for developing and executing strategic plans to build the technical capacity across product development, quality assurance, technical marketing, professional services and sales engineering. Prior to his role at BluVector, Rosiek held several leadership roles including CTO at Tychon and Federal CTO at FireEye as well as senior roles at CloudHASH Security, McAfee and Defense Information Systems Agency (DISA).

All Threat Reports