Presented at
Texas Cyber Summit 2019,
Oct. 12, 2019, 11:15 a.m.
(45 minutes).
**StringSifter: Learning to Rank Strings Output for Speedier Malware Analysis**
In static analysis, one of the most useful initial steps is to inspect a binary's printable characters via the Strings program. However, running Strings on a piece of malware inevitably produces noisy strings mixed in with important ones, which can only be uncovered after sifting through the entirety of its messy output. To address this, we are releasing StringSifter: a machine learning-based tool that automatically ranks strings based on their relevance for malware analysis. In our presentation, we'll show how StringSifter allows analysts to conveniently focus on strings located towards the top of its predicted output, and that it performs well based on criteria used to evaluate web search and recommendation engines. We’ll also demonstrate StringSifter live in action on sample binaries.
Presenters:
-
Philip Tully / KingPhish3r
- FireEye
as Philip Tully
As a Staff Data Scientist at FireEye, Philip Tully builds predictive models for detecting and categorizing malware. He earned his joint doctorate degree in computer science from the Royal Institute of Technology (KTH) and the University of Edinburgh. His research concerning the intersection of artificial intelligence and cybersecurity has been presented at Black Hat, DEF CON, RSA, and NIPS Workshops, and it's been covered by The New York Times, BBC, TechCrunch, KrebsOnSecurity, and more. He’s a hackademic that’s interested in applying brain-inspired algorithms to both blue and red team operations.
Links:
Similar Presentations: