Skip to main
Technology

Cloud threat intel: Kaspersky Security Network (KSN)

The complex cloud infrastructure collects and analyses cybersecurity-related data from millions of voluntary participants around the world to provide the fastest reaction to new threats through the use of Big Data analysis, machine learning and human expertise.


The Kaspersky Security Network (KSN) is a complex distributed infrastructure developed by Kaspersky Lab and dedicated to intelligently processing cybersecurity-related data streams from millions of voluntary participants around the world. By analyzing these data streams automatically in the cloud, the system ensures the fastest reaction times to new and yet unknown cyberthreats and the maintenance of the highest levels of protection for every partner or customer. It is one of the most important components of Kaspersky Lab’s multi-layered, next generation approach to protection which combines expert analysis, machine learning algorithms and big data, allowing us to spot patterns, changes and new threats in the cyber landscape – with skill and accuracy.



The scheme above illustrates the basic elements of KSN including:

  • Astraea Reputation System. The system aggregates all the statistics with meta-information about suspicious objects worldwide in real-time. Following the analysis, the object’s reputation is calculated. Detection decisions towards malicious objects become immediately available to all users through KSN. If Astraea has no sufficient information about the object to make a verdict by the moment, the rating will be recalculated later after extra information is collected.
  • Similarity Hash Detection System, a ML-based technology to detect malware variations. The cloud component of the system collects multiple file features from different sources including in-lab automatic systems of malware processing. Then a machine learning approach is used to find the features common to the whole group of similar malicious files. Based on these features, Similarity Hashes (SH) are calculated and published through KSN. The endpoint product extracts a file’s features at the endpoint, calculates its SH and checks it through both local and cloud SH databases. This approach allows Kaspersky Lab products to detect whole families of quickly changing polymorphic malware.
  • Cloud ML for Android for mobile threats detection. In this system, the predictive model takes the form of a Decision Tree Ensemble. This type of powerful ML model trained on millions of samples can detect malware with high accuracy but it requires lots of resources to run which would be hard to get on mobile device. This is where we benefit from the cloud approach. First, the agent on a user’s device collects multiple features of an Android application - its entry points, permissions, etc. - to get the most accurate description of the app (no sensitive user data is collected). This data vector is sent to the KSN cloud where it is passed through the Cloud ML for Android model, and its classification decision is immediately sent back to the mobile device.

The KSN approach provides the following benefits for final security level of customers’ systems and their data:

  • Detection of advanced and previously unknown malware
  • Reduction of detection errors (False Positives)
  • Significant reduction of response time to new threats - in contrast to traditional signature-based responses from hours to seconds or minutes.

The basic principles of KSN data protection

  • Information processed is limited to that needed in order to improve detection algorithms, refine the products’ operation and offer better solutions to our customers;
  • The information processed is received from customers who have accepted an EndUser License Agreement (EULA) and KSN agreement where the kind of information obtained is described in full;
  • Participation in the KSN agreement can be opted in or out of, at any time, in the solution settings;
  • The data received by KSN is not attributed to a specific individual. The information is used in the form of aggregated statistics, on separated servers with strict policies regarding access rights;
  • The information shared is protected, even during transit in accordance with legal requirements and stringent industry standards, including through encryption, digital certificates, firewalls and more.

Related Products

Kaspersky Anti Targeted Attack Platform
Proven advanced threat detection empowered by machine learning and HuMachine™ intelligence
Kaspersky Security for Mail Server
For Microsoft Exchange, Linux-based mail servers and IBM Lotus Domino
Kaspersky Small Office Security
Kaspersky Small Office Security protects more of the things that matter to your business – including your money, identity & confidential customer information.
Kaspersky Anti Ransomware Tool
Don’t get held to ransom! Protect your business today!
Kaspersky Security for Virtualization
Protect your virtual infrastructure
Kaspersky Anti-Virus
Safeguards your PC and all the precious things you store on it
Kaspersky Internet Security
Helps protect every aspect of your digital life – on PC, Mac & Android
Kaspersky Total Security
Gives you a smarter way to protect your family – on PC, Mac, Android, iPhone & iPad
Kaspersky File Server Security
For Windows and Linux
icon-storage
Kaspersky Network Attached Storage Security
Security for Network Attached Storages
Kaspersky Private Security Network
The comprehensive threat intelligence database for isolated networks and stringent data-sharing restrictions
Kaspersky Endpoint Security for Business Total
Ultimate security for every aspect of your business
Kaspersky Free
Helps you keep your PC safe from infections, phishing and more
WHITEPAPER

Kaspersky Security Network - Big Data-powered Security


Principles for the processing of user data by Kaspersky...

WHITEPAPER

Kaspersky Security Network

Video: KSN in a nutshell

Blogpost: Protection From A Cloud — What Is Kaspersky...

Recognition

Related Technologies

Behavior Analysis
Behavior Monitoring with Memory Protection provide the most efficient ways to protect against advanced threats and zero-day malware.
Big data
Expert system Astraea produces detection of malicious objects through processing of big data
Machine Learning
ML-based technologies are used in both products and infrastructure.