I just noticed that heise security posted a short note on our recent paper presented at DIMVA 2008. Cool. As an addition to the technical paper, I am thus also providing the slides for my talk. Have fun.
I just noticed that heise security posted a short note on our recent paper presented at DIMVA 2008. Cool. As an addition to the technical paper, I am thus also providing the slides for my talk. Have fun.
Yesterday, I have been presenting some of our joint work with the University of Mannheim on malware analysis at this year's DIMVA. The corresponding paper is available online:
Learning and Classification of Malware Behavior. To appear in Proceedings of Fifth Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2008.
Thorsten Holz wrote a nice summary of our key results in his blog yesterday. In essence, we devise a method for automatic classification of malware families based on their behavior. The method proceeds by learning behavioral patterns from malware monitored in a sandbox. Starting from a set of malware binaries labeled by an anti-virus scanner, the method generalizes observed behavior so that variants undetected by anti-virus products can be identified. Moreover, the method is transparent to the security practitioner as the learning model can be examined and decisions made by the system can be traced back to behavioral patterns discriminative for each malware family.
Learning and Classification of Malware Behavior. To appear in Proceedings of Fifth Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2008.
Thorsten Holz wrote a nice summary of our key results in his blog yesterday. In essence, we devise a method for automatic classification of malware families based on their behavior. The method proceeds by learning behavioral patterns from malware monitored in a sandbox. Starting from a set of malware binaries labeled by an anti-virus scanner, the method generalizes observed behavior so that variants undetected by anti-virus products can be identified. Moreover, the method is transparent to the security practitioner as the learning model can be examined and decisions made by the system can be traced back to behavioral patterns discriminative for each malware family.
Subscribe to:
Posts (Atom)
Posts
