Explore a conference talk on enhancing malware analysis efficiency through string output ranking. Dive into the concept of strings in malware analysis, their significance, and how ranking algorithms can streamline the triage process. Learn about gradient boosted decision trees, the EMBER training dataset, and feature representation for strings. Discover the open-source StringSifter tool, its installation, and usage through live demonstrations. Gain insights into potential applications and future developments in this field, emphasizing the importance of community support in advancing malware analysis techniques.
Overview
Syllabus
Intro
One String can Make a Difference
What is a String
Wide Strings
Compilation
The Strings Program
Malware Triage
Strings Tells a Story
Hypothesis and Goals
Rankings are Everywhere
Our Favorite Products Serve Up Rankings
Learning to Rank
Gradient Boosted Decision Trees
EMBER Training Dataset
Representing Strings as Features
Example
Evaluation
Putting it All Together
Open Sourcing StringSifter
Install and Use
flarestrings Demo
String Sifter rank_strings Demo
StringSifter rank_strings Demo
rank_strings Options
Other Use Cases and Future Work
Community Support
