Explore a hybrid machine learning architecture for malware classification in this 27-minute Black Hat conference talk. Discover how the approach combines static and dynamic analysis methodologies, utilizing Mandiant's Windows kernel emulator for dynamic analysis and processing emulation reports with a 1D convolutional neural network. Learn about the static analysis component based on Endgame's ensemble model. Delve into topics such as adversarial machine learning, emulation techniques, data set preparation, and the neural network structure. Gain insights on the results, challenges with adversarial malware, and future directions in this field. Presented by Dmitrijs Trizna, this talk offers valuable takeaways for cybersecurity professionals and researchers interested in advanced malware detection techniques.
Malware Classification With Machine Learning Enhanced by Windows Kernel Emulation
Overview
Syllabus
Introduction
Amber
Adversarial ML
Emulation
What we get
The model
Data set
APA and API calls
Embedded layer
Convolution layer
Neural network
Results
Adversarial Malware
Future Work
Takeaways
Taught by
Black Hat
