Generating YARA Rules by Classifying Malicious Byte Sequences

preview_player
Показать описание
While ML models for malware detection have become an industry standard for heuristically detecting malware, signature-based detection still proliferates thanks to ease of updates, transparency of detection logic, and operability in compute-constrained environments. In this work, we propose an interpretable machine learning model that can generate signatures tuned to optimize detection and minimize false positives on a given corpus of malware and benign samples. On a corpus of malicious and benign ELF executables targeting i386 and amd64, we observe detection rates in the 80% range with a false positive rate of 0% on the benign corpus with a few hundred YARA rules...

By: Mathy Vanhoef

Full Abstract & Presentation Materials:
  1. Black Hat
Рекомендации по теме
Generating YARA Rules 0:26:33

Generating YARA Rules by Classifying Malicious Byte Sequences

Using YARA to 0:05:43

Using YARA to identify and classify malware samples

Learn to create 0:16:21

Learn to create Yara Rules for malware classification and to scan malware Files

Write a collection 0:01:22

Write a collection of 100 generic YARA rules for Threat Hunting

Using Disassembled Code 0:18:24

Using Disassembled Code to Create Yara Rules!

What are Yara 0:14:15

What are Yara Rules (and How Cybersecurity Analysts Use Them)

Classify Malware with 0:25:21

Classify Malware with YARA

Learning with ReversingLabs: 0:07:17

Learning with ReversingLabs: What are the YARA Rules?

DEF CON 26 0:18:53

DEF CON 26 - Andrea Marcelli - Looking for the perfect signature an automatic YARA rules

How To Write 0:07:33

How To Write a YARA Rule That Can Find Binaries That Have More Than 3 URLs

Detecting Nullmixer with 0:19:32

Detecting Nullmixer with Yara - Crafting a Custom Rule

Novice Exercise: Write 0:00:48

Novice Exercise: Write a YARA rule that can find itself

CYBER THREAT HUNTING: 0:11:47

CYBER THREAT HUNTING: CREATING YARA RULES

YARA: The Malware 0:09:47

YARA: The Malware Detection Tool You Need to Know

Learning with ReversingLabs: 0:07:59

Learning with ReversingLabs: Identifying File Content with YARA Rules Whiteboard

YARA Rules to 0:17:29

YARA Rules to Rule them All (DEF CON 30, Virtual)

Creating YARA Rules 0:06:02

Creating YARA Rules and Identifying infected files using ClamAV

BSides Belfast 2018: 0:41:50

BSides Belfast 2018: How To Use Algorithms To Create Yara Rules For Hunting by Sebestian Larnier

Malware Analysis - 0:21:07

Malware Analysis - Malware Hunting and Classification with YARA

How to Use 0:02:59

How to Use Built-In YARA Rulesets in VMRay Analyzer V2.1

Using Yara Rules 0:11:24

Using Yara Rules With IDA Pro - New Tool!

Range Force: Yara 0:34:28

Range Force: Yara Rule Generation

How to Hunt 0:03:37

How to Hunt for Threats Using YARA Rules

SANS Webcast - 1:05:49

SANS Webcast - YARA - Effectively using and generating rules