Explore a 27-minute Black Hat conference talk on developing an interpretable machine learning model for generating optimized malware detection signatures. Dive into the process of creating YARA rules by classifying malicious byte sequences, achieving high detection rates with minimal false positives. Learn about stacking convolutions, model training techniques, and signature generation methods. Discover how this approach combines the benefits of machine learning with the transparency and efficiency of signature-based detection for ELF executables targeting i386 and amd64 architectures.
Generating YARA Rules by Classifying Malicious Byte Sequences
Overview
Syllabus
Intro
intro & motivation
making an interpretable model
stacking convolutions
how the model works
model training - finding needles in a haystack
model training - top-k selection
training the model fitting onto a su
training the model - reducing FPS
signature generation - in bulk
signature efficacy
future work
Taught by
Black Hat
