Black Hat //Webcast
Towards Classification of Polymorphic Malware
// Karthik Raman
Polymorphic malware are a menace to modern computing. The challenge faced by antivirus technology is that there is not enough time for new variants of these malware to be collected, sent to antivirus companies, analyzed, and for signatures to be created and returned to customers.
To attempt to address this problem, we explore the classification of malware using machine learning. We compare some classifiers for malware and present a carefully selected set of attributes that result in good classification between malware and clean programs. We discuss the application of this research to security technologies.
Karthik Raman, CISSP, is a security researcher in the Adobe Product Security Incident Response Team (PSIRT), where he focuses on vulnerability analysis and technical collaboration with industry partners. Before joining Adobe, Karthik was a research scientist at McAfee Labs, where he worked on threat analysis, building automation systems, malware analysis, and developing advanced antimalware technology. Karthik holds a MS in Computer Science from UC Irvine and BS degrees in Computer Science and Computer Security from Norwich University.
Alex Lanstein, FireEye
At FireEye, Alex handles a broad set of responsibilities including engineering, security research, and customer training. Most recently, his security research helped lead the take down of the largest spam botnet in history, Rustock, reducing world-wide spam by 30-50%. His research has been published by The Washington Post, BusinessWeek, The Register, and Cisco Systems. Previously, his work was key in taking down major botnets such as Srizbi and Mega-D. His areas of expertise include malware analysis, client-side exploits, and network security.
FireEye's Web and Email Malware Protection Systems (MPS) stop advanced malware, zero-day and targeted APT attacks that aggressively evade signature-based Web and email defenses and compromise the vast majority of networks. FireEye appliances block known malware and its outbound transmissions, and then utilize the most sophisticated virtual machine analysis technology in the world to detect zero-day malware. The dynamic analysis of attacks within virtual environments yields real-time malware forensics to protect the local network and can be shared among subscribers of the FireEye Malware Protection Cloud. FireEye MPS appliances have near-zero false positive rates and are plug-and-play, deploying within 30 minutes.
For more information, please visit www.fireeye.com