Due to the exploding number of unique malware binaries on the Internet and the slow process required for manually analyzing these binaries, security practitioners today have only limited visibility into the functionality implemented by the global population of malware. This issue is a clear motivation for research on automated malware capability detection. However, to date little work has been focused explicitly on quickly and automatically detecting high level malware functionality such as the ability of malware to take screenshots, communicate via IRC, or surreptitiously operate users’ webcams. We have engaged this issue by researching and developing CrowdSource, an open source automatic malware reverse engineering engine. CrowdSource approaches the problem of malware capability identification in a unique way, by training a machine learning based malware capability detection engine on millions of technical documents from the web. In this talk we will present our latest results from the second phase of our research and development effort, giving a detailed description of our algorithms and describing our system's accuracy and performance.

Josh Saxe is a lead research engineer at Invincea Labs, where he serves as technical lead on the DARPA Cyber Genome program, seeking to produce automated systems that discover, analyze and visualize evolutionary relationships between malicious software artifacts. Josh also serves as technical lead on a DARPA Cyber Fast Track effort dubbed "CrowdSource," on which he leads the development of algorithms for rapidly and automatically characterizing novel malware binaries' functionality using crowdsourced, machine learning-based methods.

Loading more stuff…

Hmm…it looks like things are taking a while to load. Try again?

Loading videos…