Sunday, November 3, 2013

In this post I am going to talk about a new tool: "Adobe Malware Classifier", this is a command-line tool that lets antivirus analysts, IT administrators, and security researchers quickly and easily determine if a binary file contains malware, so they can develop malware detection signatures faster, reducing the time in which users' systems are vulnerable.

Malware Classifier uses machine learning algorithms to classify Win32 binaries – EXEs and DLLs – into three classes: 0 for “clean,” 1 for “malicious,” or “UNKNOWN.”

The tool was developed using models resultant from running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a dataset of approximately 100,000 malicious programs and 16,000 clean programs. 

The tool extracts seven key features from an unknown binary, feeds them to one of the four classifiers or all of them, and presents its classification of the unknown binary.

usage: [-h] [-f filename] [-n model] [-v [verbose]]

Classify an unknown binary as MALWARE or CLEAN.

optional arguments:
  -h, --help    show this help message and exit
  -f filename   The name of the input file
  -n model      The ordinal for model classifier: 0=all (default) | 1=J48 |
                2=J48Graft | 3=PART | 4=Ridor
  -v [verbose]  Dump the PE data being processed

You can download this tool from its official site in Sourceforge:

0 comentarios:

Post a Comment