Overview
Explore a novel malware detection method based on URL behavioral modeling in this 51-minute Black Hat conference talk. Learn about network-level behavioral signature/modeling advantages in malware detection compared to traditional AV signatures and system-level behavioral models. Discover how this approach leverages common code re-use practices among various malware types. Delve into HTTP detection modules, URL parameter features, and machine learning methods for clustering algorithms. Examine cross-family cluster merging techniques and analyze detection result examples. Gain insights into building a better security architecture and hear key Black Hat sound bites from presenters Hao Dong and Jin Shang.
Syllabus
Introduction
Overview
HTTP detection modules
Put URL Under Microscope
URL Parameter Features
Transforming parameters
ML Methods Comparison
A comparison of the clustering algorithms
Clustering Method
Cross-Family Cluster Merging
Example of Detection Result
The better security arch.
Black Hat Sound Bytes
Taught by
Black Hat