Malware Classification With Machine Learning Enhanced by Windows Kernel Emulation

Explore a hybrid machine learning architecture for malware classification in this 27-minute Black Hat conference talk. Discover how the approach combines static and dynamic analysis methodologies, utilizing Mandiant's Windows kernel emulator for dynamic analysis and processing emulation reports with a 1D convolutional neural network. Learn about the static analysis component based on Endgame's ensemble model. Delve into topics such as adversarial machine learning, emulation techniques, data set preparation, and the neural network structure. Gain insights on the results, challenges with adversarial malware, and future directions in this field. Presented by Dmitrijs Trizna, this talk offers valuable takeaways for cybersecurity professionals and researchers interested in advanced malware detection techniques.