Cyanomix Fireside Chat Demo

Presented at BSidesDC 2014, Oct. 18, 2014, 12:30 p.m. (60 minutes)

The stream of malicious software artifacts (malware) discovered daily by computer security professionals is a vital signal for threat intelligence, as malware bears telling clues about who active adversaries are, what their goals are, and how we can stop them. Unfortunately, while security operations centers collect huge volumes of malware daily, this “malware signal” goes underutilized as a source of defensive intelligence, because organizations lack the right tools to make sense of malware at scale. Cynomix will include three key, novel capabilities that we hope will broadly impact the way malware analysis is performed: • A subsystem for revealing “social network” style relationships between malware samples based on their shared characteristics. This subsystem allows analysts to see a group of malware samples in relation to a population-scale database of millions of malware samples. • A subsystem for revealing malware sample capabilities based on correlations between samples’ extracted technical symbols and a machine-learning model trained on web question-and-answer documents. • A subsystem for automatically generating statistically principled Yara signatures for malware samples and malware sample groups based on Bayesian reasoning at scale. This subsystem will allow users of Cynomix to quickly defend against new malware families before anti-virus companies generate signatures for them. As part of our demonstration we will give detailed explanations of our platform's visualizations and algorithms while also helping people to sign up to use the system in their own security operations work.

Presenters:

• Giacomo Bergamo - Zachary Piper
  Giacomo Bergamo is a Zachary Piper consultant at Invincea Labs, where he leads the Cynomix project and also supports the Cyber Genome DARPA program focused on automatically discovering and visualizing characteristics of and relationships between malicious software artifacts. Previously, Giacomo worked as a lead engineer and concept designer at various startups, founded a social entrepreneurship nonprofit, and performed research at RAND and other think tanks on topics ranging from optimization of battlefield intelligence gathering to creating unmanned vehicles capable of learning behaviors in simulated environments.

Links:

• https://bsidesdc14.busyconf.com/schedule#activity_54412ad8403cb7bf77000011
• https://www.youtube.com/watch?v=D7K6wnDKfoY

Similar Presentations:

• DerbyCon 3.0 All in the Family (2013) / The Malware Management Framework, a process you can use to find advanced malware. We found WinNTI with it!
• Black Hat USA 2014 / Prevalent Characteristics in Modern Malware
• 44CON 2016 / The Malware CAPE: Automated Extraction of Configuration and Payloads from Sophisticated Malware