Generating YARA Rules by Classifying Malicious Byte Sequences
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a 27-minute Black Hat conference talk on developing an interpretable machine learning model for generating optimized malware detection signatures. Dive into the process of creating YARA rules by classifying malicious byte sequences, achieving high detection rates with minimal false positives. Learn about stacking convolutions, model training techniques, and signature generation methods. Discover how this approach combines the benefits of machine learning with the transparency and efficiency of signature-based detection for ELF executables targeting i386 and amd64 architectures.
Syllabus
Intro
intro & motivation
making an interpretable model
stacking convolutions
how the model works
model training - finding needles in a haystack
model training - top-k selection
training the model fitting onto a su
training the model - reducing FPS
signature generation - in bulk
signature efficacy
future work
Taught by
Black Hat
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network