Beyond the Blacklists - Detecting Malicious URL Through Machine Learning

Explore a novel malware detection method based on URL behavioral modeling in this 51-minute Black Hat conference talk. Learn about network-level behavioral signature/modeling advantages in malware detection compared to traditional AV signatures and system-level behavioral models. Discover how this approach leverages common code re-use practices among various malware types. Delve into HTTP detection modules, URL parameter features, and machine learning methods for clustering algorithms. Examine cross-family cluster merging techniques and analyze detection result examples. Gain insights into building a better security architecture and hear key Black Hat sound bites from presenters Hao Dong and Jin Shang.