Explore a novel approach to malware capability detection in this Black Hat USA 2013 conference talk. Learn about CrowdSource, an open-source machine learning-based reverse engineering tool that leverages millions of technical documents from the web to identify high-level malware functionality. Discover how this DARPA Cyber Fast Track-funded project aims to provide rapid, automated analysis of malware capabilities, including the ability to detect features like screenshot capture, IRC communication, and webcam operation. Gain insights into the tool's innovative features, such as probabilistic capability detection and traceable output with web document citations. Examine the algorithm behind CrowdSource, its training process using web data, and compelling results demonstrating its effectiveness in reverse engineering active malware variants. Understand the potential impact of this tool on improving visibility into the global malware landscape and accelerating the malware analysis process for security practitioners.
CrowdSource - Crowd Trained Machine Learning Model for Malware Capability Detection
Overview
Syllabus
Introduction
Outline
Motivation
Needs
Visualization
Automated Analysis Research
Project Structure
Motivation for Work
Training Data
Auto Document Detection
Datasets
Stack Overflow
Superuser
Experiment
Model Setup
Query Setup
Query Demo
Variable Success
Results
Custom Model
Bayesian Network
Socket
Proof Message
Inference
Bayesian Update
Accuracy
Precision Recall
Speed
Impact
Adaptability
Yarra
Malware Demographics
Matrix Visualization
Output
Sample
API Calls
Taught by
Black Hat
