Given the high pace at which new malware variants are generated, antivirus programs struggle to keep their signatures up-to-date, and AV scanners suffer from a considerable quantity of false negatives. The generation of effective signatures against new malware variants, while avoiding false positive detections, is a highly desirable but challenging task, typically requiring a substantial portion of human expert’s time. Artificial intelligence techniques can be applied to solve the malware signature generation problem.

The ultimate goal is to develop an algorithm able to automatically create a generalized family signature, eventually reducing threat exposure and increasing the quality of the detection. The proposed technique automatically generates an optimal signature to identify a malware family with very high precision and good recall using heuristics, evolutionary and linear programming algorithms.

In this talk I will present YaYaGen (Yet Another YARA Rule Generator), a tool to automatically generate Android malware signatures. Performances have been evaluated on a massive dataset of millions of applications available in the Koodous project, showing that in a few minutes the algorithm can generate precise ruleset able to catch 0-day malware, better than human generated ones.

Speakers:

Andrea Marcelli, PhD Student @ Politecnico di Torino and Security Researcher

https://jimmy-sonny.github.io/";}" data-sheets-userformat="{"2":769,"3":{"1":0},"11":3,"12":0}">Andrea Marcelli is a PhD Student and Security Researcher at Hispasec Sistemas. He received his M.Sc. degree in Computer Engineering from Politecnico of Torino, Italy, in 2015 and he is currently a third year doctoral student in Computer and Control Engineering at the same institute. His research interests include malware analysis, semi-supervised modeling, machine learning and optimization problems, with main applications in computer security. Since the end of 2016 he has been part of the security research team at Hispasec Sistemas, working on the Koodous project, where he develops new AI-based tools to automate large scale Android malware analysis, including malware clustering, network graph analytics and automatic YARA signatures generation.

@_S0nn1_, https://jimmy-sonny.github.io/

Detailed Presentation:

(Source: DEF CON 26)

 
 

8669803288?profile=original
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)