Learning how to Machine Learn - Classifying MachO Malware

Presented at Objective by the Sea version 5.0 (2022), Oct. 6, 2022, 3:25 p.m. (25 minutes)

When we're investigating a large quantity of potentially malicious samples every day, it can be helpful to automatically triage them to know what to put in front of an analyst. Sometimes we can check external sources like Virus Total, but other times we have sensitive samples we can't submit or hashes are not found. Machine learning is one way to bucket Mach-O files as malicious or benign, or packed or not. \n\n In this talk, we'll walk through the steps to collect data and build a malware classification model for Mach-O using static analysis techniques.

Presenters:

• Kimo Bumanglag - Senior Security Engineer at Amazon
  Kimo is a senior security engineer at Amazon. As part of the Consumer Security Threat Intelligence team, he helps protect Amazon's customers by proactively identifying threats and malicious actors. \n\n He is also a cyber warfare officer with the Maryland Air National Guard and a lecturer at the Johns Hopkins University.

Links:

• https://objectivebythesea.org/v5/talks.html#Speaker_17

Similar Presentations:

• Objective by the Sea version 3.0 (2020) / Binary Emulation Environment for Mach-O Malware
• VB2016 / Automatic Classifying of Mac OS X Samples
• ToorCon: Seattle 2008 / Malware Classification using Machine Learning