Upgrade to Pro — share decks privately, control downloads, hide ads and more …

マルウェアを機械学習する前に

5c6358240ec94522f70cf7b0e657f58f?s=47 Yuma Kurogome
February 13, 2016
Programming
3
1.2k

 マルウェアを機械学習する前に

Kaggle - Malware Classification Challenge勉強会 connpass.com/event/25007/ 発表資料

5c6358240ec94522f70cf7b0e657f58f?s=128

Yuma Kurogome

February 13, 2016
Tweet

More Decks by Yuma Kurogome

See All by Yuma Kurogome
5c6358240ec94522f70cf7b0e657f58f?s=48 ntddk
16
22k
5c6358240ec94522f70cf7b0e657f58f?s=48 ntddk
55
37k
5c6358240ec94522f70cf7b0e657f58f?s=48 ntddk
10
2.3k
5c6358240ec94522f70cf7b0e657f58f?s=48 ntddk
6
3.5k
5c6358240ec94522f70cf7b0e657f58f?s=48 ntddk
4
720
5c6358240ec94522f70cf7b0e657f58f?s=48 ntddk
2
900
5c6358240ec94522f70cf7b0e657f58f?s=48 ntddk
7
2.9k
5c6358240ec94522f70cf7b0e657f58f?s=48 ntddk
8
26k
5c6358240ec94522f70cf7b0e657f58f?s=48 ntddk
11
2.5k

Other Decks in Programming

See All in Programming
6dd0483f1353a4a359e92633cfd65c64?s=48 wasabeef
1
570
2102a6b8760bd6f57f672805723dd83a?s=48 line_developers_tw
0
550
F0946f92e3b4567014f5b804f7eace7f?s=48 yokaze
0
220
A7a5efde86e0137d32a93d8609b7a022?s=48 yumcyawiz
5
660
9eca6d3a5658ef22998083a3d8e7ec44?s=48 shigeruoda
0
480
F04982ad61107b5408ad139966596316?s=48 hanhan1978
0
300
1623dd1adf096ba35ba33727d933e14c?s=48 nbkouhou
9
4.8k
832ece085bfe2c7c5b0ed6be62d7e675?s=48 steipete
PRO
2
160
3f309c992e2b1a5c3c014e63810a2f68?s=48 viteinfinite
0
210
1081586739576c17a6c64dfd7e8049a1?s=48 ogidow
0
150
15bd11f2c2c5e3dd854153d03a102b0d?s=48 standfm
0
250
D2f212ce418f3daa29c23914c9b6892b?s=48 kenmaz
1
100

Featured

See All Featured
5ce91fa49a613cbc3e20d5f96856473f?s=48 edds
56
9.3k
7edec06b5435e0dac07a353b2cc26253?s=48 geeforr
332
29k
D36d2c1821af9249b69ff7f5ed60529b?s=48 tammielis
237
23k
E195ae45320d9202eaa01c9f1d31a416?s=48 marktimemedia
6
340
5f50f94346fbcb23706f0707169317a4?s=48 aarron
258
36k
91cefdf141106fa10674aae74ce05890?s=48 yeseniaperezcruz
302
31k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
190
17k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
321
53k
1b8ad785acdd1ce1c99914b1c2a4e10e?s=48 sugarenia
233
840k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
310
21k
170b760e0147792d0140e59ec78e9893?s=48 eitanlees
111
9.9k
0fe2973fa8d27d96547e43322341183a?s=48 swwweet
206
6.8k

Transcript

  1. @ntddk Kaggle - Malware Classification Challenge 2016.02.13 1

  2. • http://ntddk.github.io/ • 2

  3. 3

  4. 4

  5. Kaggle 5 https://www.kaggle.com/

  6. 6 • • • ※ David H. Wolpert, The Supervised

    Learning No-Free-Lunch Theorems, In Proc. 6th Online World Conference on Soft Computing in Industrial Applications, pp.25-42, 2001.

  7. 7 • • • ※ David H. Wolpert, The Supervised

    Learning No-Free-Lunch Theorems, In Proc. 6th Online World Conference on Soft Computing in Industrial Applications, pp.25-42, 2001.

  8. 8 There ain't no such thing as a free lunch

    http://www.amazon.co.jp/dp/4150117489 http://www.amazon.co.jp/dp/B00GJMUKMG/ http://www.amazon.co.jp/dp/4150312133/

  9. 9 There ain't no such thing as a free lunch

    http://www.amazon.co.jp/dp/4150117489 http://www.amazon.co.jp/dp/B00GJMUKMG/ http://www.amazon.co.jp/dp/4150312133/

  10. 10 http://blog.kaggle.com/

  11. 11 x η g a b c x …

  12. 12 x η g a b c x …

  13. 13 • • A B Satoshi Watanabe, Knowing and Guessing

    ― Quantitative Study of Inference and Information John Wiley & Sons, 1969.

  14. 14 • • A B Satoshi Watanabe, Knowing and Guessing

    ― Quantitative Study of Inference and Information John Wiley & Sons, 1969.

  15. 15 • • • •

  16. 16 https://www.av-test.org/en/statistics/malware/

  17. 17 http://www.mcafee.com/jp/resources/reports/rp-quarterly-threat-q2-2015.pdf

  18. 18 http://www.mcafee.com/jp/resources/reports/rp-quarterly-threat-q2-2015.pdf http://www.mcafee.com/jp/resources/reports/rp-threats-predictions-2016.pdf

  19. 19 • KERNEL32!VirtualAllocStub • KERNEL32!VirtualProtectStub • KERNEL32!OpenProcessStub • KERNEL32!OpenThreadStub •

  20. 20 CSEC: MWS: http://www.iwsec.org/mws/2015/about.html

  21. 21 https://www.kaggle.com/c/malware-classification/data 16

  22. 22 • https://virusshare.com/ • http://malware-traffic-analysis.net/

  23. 23 • • • •

  24. 24 • • • • API PE

  25. 25 https://github.com/corkami/

  26. 26 • • • • • •

  27. 27 #include <windows.h> typedef int (WINAPI *LPFNMESSAGEBOXW)(HWND, LPCWSTR, LPCWSTR, UINT);

    int main() { HMODULE hmod = LoadLibrary(TEXT("user32.dll")); LPFNMESSAGEBOXW lpfnMessageBoxW = (LPFNMESSAGEBOXW)GetProcAddress(hmod, "MessageBoxW"); lpfnMessageBoxW(NULL, L"Hello, world!", L"Test", MB_OK); FreeLibrary(hmod); return 0; } •

  28. 28 { "category": "registry", "status": true, "return": "0x00000000", "timestamp": "2015-05-24

    02:46:50,773", "thread_id": "3220", "repeated": 0, "api": "NtOpenKey", "arguments": [ { "name": "DesiredAccess", "value": "33554432" }, { "name": "KeyHandle", "value": "0x00000154" }, { "name": "ObjectAttributes", "value": "¥¥REGISTRY¥¥USER¥¥S-1-5-21-916742657-1382504153-4155998892-1001" } ], "id": 83 },

  29. 29 • • • ※ David H. Wolpert, The Supervised

    Learning No-Free-Lunch Theorems, In Proc. 6th Online World Conference on Soft Computing in Industrial Applications, pp.25-42, 2001.

  30. 30 • AdaBoost, Gradient Boosting • Kaggle

  31. DAF 31 Mohammad M. Masud, Latifur Khan, Bhavani Thuraisingham, A

    scalable multi-level feature extraction technique to detect malicious executables, Information Systems Frontiers, Vol.10, Issue.1, pp.33-45, 2008. 16 DAF: Derived Assembly Features BFS: Binary N-gram Features