• The Kaspersky Security Network (KSN) is a complex distributed infrastructure developed by Kaspersky Lab and dedicated to intelligently processing cybersecurity-related data streams from millions of voluntary participants around the world. By analyzing these data streams automatically in the cloud, the system ensures the fastest reaction times to new and yet unknown cyberthreats and the maintenance of the highest levels of protection for every partner or customer. It is one of the most important components of Kaspersky Lab’s multi-layered, next generation approach to protection. Essential to this approach is our HuMachine™ intelligence, which combines expert analysis, machine learning algorithms and big data, allowing us to spot patterns, changes and new threats in the cyber landscape – with skill and accuracy.



    The scheme above illustrates the basic elements of KSN including:

    • Astraea Reputation System. The system aggregates all the statistics with meta-information about suspicious objects worldwide in real-time. Following the analysis, the object’s reputation is calculated. Detection decisions towards malicious objects become immediately available to all users through KSN. If Astraea has no sufficient information about the object to make a verdict by the moment, the rating will be recalculated later after extra information is collected.
    • Similarity Hash Detection System, a ML-based technology to detect malware variations. The cloud component of the system collects multiple file features from different sources including in-lab automatic systems of malware processing. Then a machine learning approach is used to find the features common to the whole group of similar malicious files. Based on these features, Similarity Hashes (SH) are calculated and published through KSN. The endpoint product extracts a file’s features at the endpoint, calculates its SH and checks it through both local and cloud SH databases. This approach allows Kaspersky Lab products to detect whole families of quickly changing polymorphic malware.
    • Android Cloud ML for mobile threats detection. In this system, the predictive model takes the form of a Decision Tree Ensemble. This type of powerful ML model trained on millions of samples can detect malware with high accuracy but it requires lots of resources to run which would be hard to get on mobile device. This is where we benefit from the cloud approach. First, the agent on a user’s device collects multiple features of an Android application - its entry points, permissions, etc. - to get the most accurate description of the app (no sensitive user data is collected). This data vector is sent to the KSN cloud where it is passed through the Android Cloud ML model, and its classification decision is immediately sent back to the mobile device.

    The KSN approach provides the following benefits for final security level of customers’ systems and their data:

    • Detection of advanced and previously unknown malware
    • Reduction of detection errors (False Positives)
    • Significant reduction of response time to new threats - in contrast to traditional signature-based responses from hours to seconds or minutes.

    The basic principles of KSN data protection

    • Information processed is limited to that needed in order to improve detection algorithms, refine the products’ operation and offer better solutions to our customers;
    • The information processed is received from customers who have accepted an EndUser License Agreement (EULA) and KSN agreement where the kind of information obtained is described in full;
    • Participation in the KSN agreement can be opted in or out of, at any time, in the solution settings;
    • The data received by KSN is not attributed to a specific individual. The information is used in the form of aggregated statistics, on separated servers with strict policies regarding access rights;
    • The information shared is protected, even during transit in accordance with legal requirements and stringent industry standards, including through encryption, digital certificates, firewalls and more.

Related Products

US 8966634 B2

System and method for correcting antivirus records and using corrected antivirus records for...

Read more

US 8819835 B2

Silent-mode signature testing in anti-malware processing

Read more

US 8819774 B2

System and method for protecting cloud services from unauthorized access and malware attacks

Read more

US 8732836 B2

System and method for correcting antivirus records to minimize false malware detections

Read more

US 8661547 B1

System and method for protecting cloud services from unauthorized access and malware attacks

Read more

US 8640245 B2

Optimization of anti-malware processing by automated correction of detection rules

Read more

US 8572740 B2

Method and system for detection of previously unknown malware

Read more

US 8356354 B2

Silent-mode signature testing in anti-malware processing

Read more

US 7640589 B1

Detection and minimization of false positives in anti-malware processing

Read more

US 9350756 B2

System and method for correcting antivirus records using antivirus server

Read more

US 9614867 B2

System and method for detection of malware on a user device using corrected antivirus records

Read more

US 9361605 B2

System and method for filtering spam messages based on user reputation

Read more

US 9485098 B1

System and method of user authentication using digital signatures

Read more

US 9667657 B2

System and method of utilizing a dedicated computer security service

Read more

Principles for the processing of user data by Kaspersky Lab security solutions and technologies

Read more

Whitepaper

Kaspersky Security Network - Big Data-powered Security

Read more

Whitepaper

Kaspersky Security Network

Read more

Video: KSN in a nutshell

Read more

Blogpost: Protection From A Cloud — What Is Kaspersky Security Network

Read more

Recognition

  • Certified by ICSA Labs Advanced Threat Defense test. Kaspersky Anti Targeted Attack Platform achieved incredible 100% detection rate with 0% false positive

  • A competitive analysis of the market for APT Protection solutions by The Radicati Group has awarded Kaspersky Lab’s Anti Targeted Attack platform with “Trail Blazer” leadership position.

Related Technologies

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.

Accept and Close