Static Malware and SMTP Mail Analysis using General Purpose Graphical Processing Units (GPGPU)

Presented at ShmooCon XII (2016), Jan. 15, 2016, 5 p.m. (30 minutes).

Explore a base level problem in static malware analysis, that we have too many samples to analyze, by leveraging the parallelization of GPGPUs - an advantage is gained by moving the problem into the visual plane and solving similarity by texture analysis in parallel.

I've clustered a few hundred million PEs by organizing them by how the "look." Debugging is accompanied by making movies of the visualization. The real utility of the art is speed. A malware sample can be analyzed on an average of 33 milliseconds. Leveraging CPUs for scheduling one can accommodate 32 threads scheduling analysis on a GPGPU provide two methods of parallelization in two architectures - win!

I will explore why the algorithms are slower on newer hardware and what changed in silicon over time providing, speedups for both older and newer hardware.


Presenters:

  • Rick Wesson
    Rick Wesson (KK6IOG) is a farmer and reformed coder. Between moving rocks on his seven acre urban farm in the bay area. He prefers to study manufacturing firearms, brewing beer and direct current brain stimulation. Mr Wesson has served on ICANN's Security and Stability committee for 15 years. He serves as a member of the Board for Groundwork Richmond which focuses on teaching at risk youth nutrition, agriculture and technology. Groundwork Richmond is committed to planting trees with wifi antennas to both beautify the community and provide free wifi to low income residents. Mr Wesson is Dyslexic and is a founding member of the Bay Area DEN ­ Network of Dyslexic Entrepreneurs.

Links:

Similar Presentations: