This week at THREADS, an annual conference focusing on security research and offensive and defensive network discoveries, Josh Saxe will give a presentation on Invincea Labs’ latest work to automatically detect malware capabilities. In his talk, titled “CrowdSource: A Crowd-Trained Machine Learning Model for Malware Capability Detection”, Josh Saxe will present the current state of Invincea Labs’ ongoing research to use machine learning with technical documents to automatically reverse engineer malware.
The abstract for Josh’s talk is below:
Due to the exploding number of unique malware binaries on the Internet and the slow process required for manually analyzing these binaries, security practitioners today have only limited visibility into the functionality implemented by the global population of malware. This issue is a clear motivation for research on automated malware capability detection. However, to date little work has been focused explicitly on quickly and automatically detecting high level malware functionality such as the ability of malware to take screenshots, communicate via IRC, or surreptitiously operate users’ webcams. We have engaged this issue by researching and developing CrowdSource, an open source automatic malware reverse engineering engine. CrowdSource approaches the problem of malware capability identification in a unique way, by training a machine learning based malware capability detection engine on millions of technical documents from the web. In this talk we will present our latest results from the second phase of our research and development effort, giving a detailed description of our algorithms and describing our system’s accuracy and performance.