Generating YARA Rules by Classifying Malicious Byte Sequences
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a 27-minute Black Hat conference talk on developing an interpretable machine learning model for generating optimized malware detection signatures. Dive into the process of creating YARA rules by classifying malicious byte sequences, achieving high detection rates with minimal false positives. Learn about stacking convolutions, model training techniques, and signature generation methods. Discover how this approach combines the benefits of machine learning with the transparency and efficiency of signature-based detection for ELF executables targeting i386 and amd64 architectures.
Syllabus
Intro
intro & motivation
making an interpretable model
stacking convolutions
how the model works
model training - finding needles in a haystack
model training - top-k selection
training the model fitting onto a su
training the model - reducing FPS
signature generation - in bulk
signature efficacy
future work
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube