Explore a novel malware detection method based on URL behavioral modeling in this 51-minute Black Hat conference talk. Learn about network-level behavioral signature/modeling advantages in malware detection compared to traditional AV signatures and system-level behavioral models. Discover how this approach leverages common code re-use practices among various malware types. Delve into HTTP detection modules, URL parameter features, and machine learning methods for clustering algorithms. Examine cross-family cluster merging techniques and analyze detection result examples. Gain insights into building a better security architecture and hear key Black Hat sound bites from presenters Hao Dong and Jin Shang.
Beyond the Blacklists - Detecting Malicious URL Through Machine Learning
Overview
Syllabus
Introduction
Overview
HTTP detection modules
Put URL Under Microscope
URL Parameter Features
Transforming parameters
ML Methods Comparison
A comparison of the clustering algorithms
Clustering Method
Cross-Family Cluster Merging
Example of Detection Result
The better security arch.
Black Hat Sound Bytes
Taught by
Black Hat
