Upgrade to Pro — share decks privately, control downloads, hide ads and more …

マルウェアを機械学習する前に

Yuma Kurogome
February 13, 2016
Programming
3
1.6k

 マルウェアを機械学習する前に

Kaggle - Malware Classification Challenge勉強会 connpass.com/event/25007/ 発表資料

Yuma Kurogome

February 13, 2016
Tweet

More Decks by Yuma Kurogome

See All by Yuma Kurogome
The Art of De-obfuscation
ntddk
16
27k
死にゆくアンチウイルスへの祈り
ntddk
55
39k
Windows Subsystem for Linux Internals
ntddk
10
3k
なぜマルウェア解析は自動化できないのか
ntddk
6
4.2k
Linear Obfuscation to Drive angr Angry
ntddk
4
830
CAPTCHAとボットの共進化
ntddk
2
1.1k
Peeling Onions
ntddk
7
3.6k
仮想化技術を用いたマルウェア解析
ntddk
8
27k
An Introduction to Drawbridge(ja)
ntddk
11
3.3k

Other Decks in Programming

See All in Programming
AIプログラミング雑キャッチアップ
yuheinakasaka
14
3.3k
Grafana Loki によるサーバログのコスト削減
mot_techtalk
1
140
負債になりにくいCSSをデザイナとつくるには?
fsubal
10
2.5k
color-scheme: light dark; を完全に理解する
uhyo
7
480
Code smarter, not harder - How AI Coding Tools Boost Your Productivity | Angular Meetup Berlin
danielsogl
0
100
Go 1.24でジェネリックになった型エイリアスの紹介
syumai
2
260
Open source software: how to live long and go far
gaelvaroquaux
0
650
苦しいTiDBへの移行を乗り越えて快適な運用を目指す
leveragestech
0
920
GitHub Actions × RAGでコードレビューの検証の結果
sho_000
0
290
DRFを少しずつ オニオンアーキテクチャに寄せていく DjangoCongress JP 2025
nealle
2
220
Kubernetes History Inspector(KHI)を触ってみた
bells17
0
250
sappoRo.R #12 初心者セッション
kosugitti
0
270

Featured

See All Featured
Making Projects Easy
brettharned
116
6k
Code Reviewing Like a Champion
maltzj
521
39k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
49k
Thoughts on Productivity
jonyablonski
69
4.5k
Building an army of robots
kneath
303
45k
Side Projects
sachag
452
42k
Docker and Python
trallard
44
3.3k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
4
430
Gamification - CAS2011
davidbonilla
80
5.1k
Fontdeck: Realign not Redesign
paulrobertlloyd
83
5.4k
Optimising Largest Contentful Paint
csswizardry
34
3.1k
How to Think Like a Performance Engineer
csswizardry
22
1.4k

Transcript

  1. @ntddk Kaggle - Malware Classification Challenge 2016.02.13 1

  2. • http://ntddk.github.io/ • 2

  3. 3

  4. 4

  5. Kaggle 5 https://www.kaggle.com/

  6. 6 • • • ※ David H. Wolpert, The Supervised

    Learning No-Free-Lunch Theorems, In Proc. 6th Online World Conference on Soft Computing in Industrial Applications, pp.25-42, 2001.

  7. 7 • • • ※ David H. Wolpert, The Supervised

    Learning No-Free-Lunch Theorems, In Proc. 6th Online World Conference on Soft Computing in Industrial Applications, pp.25-42, 2001.

  8. 8 There ain't no such thing as a free lunch

    http://www.amazon.co.jp/dp/4150117489 http://www.amazon.co.jp/dp/B00GJMUKMG/ http://www.amazon.co.jp/dp/4150312133/

  9. 9 There ain't no such thing as a free lunch

    http://www.amazon.co.jp/dp/4150117489 http://www.amazon.co.jp/dp/B00GJMUKMG/ http://www.amazon.co.jp/dp/4150312133/

  10. 10 http://blog.kaggle.com/

  11. 11 x η g a b c x …

  12. 12 x η g a b c x …

  13. 13 • • A B Satoshi Watanabe, Knowing and Guessing

    ― Quantitative Study of Inference and Information John Wiley & Sons, 1969.

  14. 14 • • A B Satoshi Watanabe, Knowing and Guessing

    ― Quantitative Study of Inference and Information John Wiley & Sons, 1969.

  15. 15 • • • •

  16. 16 https://www.av-test.org/en/statistics/malware/

  17. 17 http://www.mcafee.com/jp/resources/reports/rp-quarterly-threat-q2-2015.pdf

  18. 18 http://www.mcafee.com/jp/resources/reports/rp-quarterly-threat-q2-2015.pdf http://www.mcafee.com/jp/resources/reports/rp-threats-predictions-2016.pdf

  19. 19 • KERNEL32!VirtualAllocStub • KERNEL32!VirtualProtectStub • KERNEL32!OpenProcessStub • KERNEL32!OpenThreadStub •

  20. 20 CSEC: MWS: http://www.iwsec.org/mws/2015/about.html

  21. 21 https://www.kaggle.com/c/malware-classification/data 16

  22. 22 • https://virusshare.com/ • http://malware-traffic-analysis.net/

  23. 23 • • • •

  24. 24 • • • • API PE

  25. 25 https://github.com/corkami/

  26. 26 • • • • • •

  27. 27 #include <windows.h> typedef int (WINAPI *LPFNMESSAGEBOXW)(HWND, LPCWSTR, LPCWSTR, UINT);

    int main() { HMODULE hmod = LoadLibrary(TEXT("user32.dll")); LPFNMESSAGEBOXW lpfnMessageBoxW = (LPFNMESSAGEBOXW)GetProcAddress(hmod, "MessageBoxW"); lpfnMessageBoxW(NULL, L"Hello, world!", L"Test", MB_OK); FreeLibrary(hmod); return 0; } •

  28. 28 { "category": "registry", "status": true, "return": "0x00000000", "timestamp": "2015-05-24

    02:46:50,773", "thread_id": "3220", "repeated": 0, "api": "NtOpenKey", "arguments": [ { "name": "DesiredAccess", "value": "33554432" }, { "name": "KeyHandle", "value": "0x00000154" }, { "name": "ObjectAttributes", "value": "¥¥REGISTRY¥¥USER¥¥S-1-5-21-916742657-1382504153-4155998892-1001" } ], "id": 83 },

  29. 29 • • • ※ David H. Wolpert, The Supervised

    Learning No-Free-Lunch Theorems, In Proc. 6th Online World Conference on Soft Computing in Industrial Applications, pp.25-42, 2001.

  30. 30 • AdaBoost, Gradient Boosting • Kaggle

  31. DAF 31 Mohammad M. Masud, Latifur Khan, Bhavani Thuraisingham, A

    scalable multi-level feature extraction technique to detect malicious executables, Information Systems Frontiers, Vol.10, Issue.1, pp.33-45, 2008. 16 DAF: Derived Assembly Features BFS: Binary N-gram Features