Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
マルウェアを機械学習する前に
Search
Yuma Kurogome
February 13, 2016
Programming
3
1.6k
マルウェアを機械学習する前に
Kaggle - Malware Classification Challenge勉強会 connpass.com/event/25007/ 発表資料
Yuma Kurogome
February 13, 2016
Tweet
Share
More Decks by Yuma Kurogome
See All by Yuma Kurogome
The Art of De-obfuscation
ntddk
16
27k
死にゆくアンチウイルスへの祈り
ntddk
55
39k
Windows Subsystem for Linux Internals
ntddk
10
2.9k
なぜマルウェア解析は自動化できないのか
ntddk
6
4.1k
Linear Obfuscation to Drive angr Angry
ntddk
4
830
CAPTCHAとボットの共進化
ntddk
2
1.1k
Peeling Onions
ntddk
7
3.6k
仮想化技術を用いたマルウェア解析
ntddk
8
27k
An Introduction to Drawbridge(ja)
ntddk
11
3.3k
Other Decks in Programming
See All in Programming
Compose でデザインと実装の差異を減らすための取り組み
oidy
1
290
Software Architecture
hschwentner
6
2.1k
個人アプリを2年ぶりにアプデしたから褒めて / I just updated my personal app, praise me!
lovee
0
330
XStateを用いた堅牢なReact Components設計~複雑なClient Stateをシンプルに~ @React Tokyo ミートアップ #2
kfurusho
1
190
How mixi2 Uses TiDB for SNS Scalability and Performance
kanmo
6
2.3k
iOSエンジニアから始める visionOS アプリ開発
nao_randd
3
110
TokyoR116_BeginnersSession1_環境構築
kotatyamtema
0
110
[Fin-JAWS 第38回 ~re:Invent 2024 金融re:Cap~]FaultInjectionServiceアップデート@pre:Invent2024
shintaro_fukatsu
0
400
自分ひとりから始められる生産性向上の取り組み #でぃーぷらすオオサカ
irof
8
2.3k
自動で //nolint を挿入する取り組み / Gopher's Gathering
utgwkk
1
240
バックエンドのためのアプリ内課金入門 (サブスク編)
qnighy
8
1.7k
Amazon ECS とマイクロサービスから考えるシステム構成
hiyanger
2
480
Featured
See All Featured
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
29
4.6k
Raft: Consensus for Rubyists
vanstee
137
6.8k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
33
2.8k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
9
1.3k
Learning to Love Humans: Emotional Interface Design
aarron
274
40k
How to Think Like a Performance Engineer
csswizardry
22
1.3k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
2k
Git: the NoSQL Database
bkeepers
PRO
427
64k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Mobile First: as difficult as doing things right
swwweet
223
9.3k
GraphQLとの向き合い方2022年版
quramy
44
13k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.1k
Transcript
@ntddk Kaggle - Malware Classification Challenge 2016.02.13 1
• http://ntddk.github.io/ • 2
3
4
Kaggle 5 https://www.kaggle.com/
6 • • • ※ David H. Wolpert, The Supervised
Learning No-Free-Lunch Theorems, In Proc. 6th Online World Conference on Soft Computing in Industrial Applications, pp.25-42, 2001.
7 • • • ※ David H. Wolpert, The Supervised
Learning No-Free-Lunch Theorems, In Proc. 6th Online World Conference on Soft Computing in Industrial Applications, pp.25-42, 2001.
8 There ain't no such thing as a free lunch
http://www.amazon.co.jp/dp/4150117489 http://www.amazon.co.jp/dp/B00GJMUKMG/ http://www.amazon.co.jp/dp/4150312133/
9 There ain't no such thing as a free lunch
http://www.amazon.co.jp/dp/4150117489 http://www.amazon.co.jp/dp/B00GJMUKMG/ http://www.amazon.co.jp/dp/4150312133/
10 http://blog.kaggle.com/
11 x η g a b c x …
12 x η g a b c x …
13 • • A B Satoshi Watanabe, Knowing and Guessing
― Quantitative Study of Inference and Information John Wiley & Sons, 1969.
14 • • A B Satoshi Watanabe, Knowing and Guessing
― Quantitative Study of Inference and Information John Wiley & Sons, 1969.
15 • • • •
16 https://www.av-test.org/en/statistics/malware/
17 http://www.mcafee.com/jp/resources/reports/rp-quarterly-threat-q2-2015.pdf
18 http://www.mcafee.com/jp/resources/reports/rp-quarterly-threat-q2-2015.pdf http://www.mcafee.com/jp/resources/reports/rp-threats-predictions-2016.pdf
19 • KERNEL32!VirtualAllocStub • KERNEL32!VirtualProtectStub • KERNEL32!OpenProcessStub • KERNEL32!OpenThreadStub •
…
20 CSEC: MWS: http://www.iwsec.org/mws/2015/about.html
21 https://www.kaggle.com/c/malware-classification/data 16
22 • https://virusshare.com/ • http://malware-traffic-analysis.net/
23 • • • •
24 • • • • API PE
25 https://github.com/corkami/
26 • • • • • •
27 #include <windows.h> typedef int (WINAPI *LPFNMESSAGEBOXW)(HWND, LPCWSTR, LPCWSTR, UINT);
int main() { HMODULE hmod = LoadLibrary(TEXT("user32.dll")); LPFNMESSAGEBOXW lpfnMessageBoxW = (LPFNMESSAGEBOXW)GetProcAddress(hmod, "MessageBoxW"); lpfnMessageBoxW(NULL, L"Hello, world!", L"Test", MB_OK); FreeLibrary(hmod); return 0; } •
28 { "category": "registry", "status": true, "return": "0x00000000", "timestamp": "2015-05-24
02:46:50,773", "thread_id": "3220", "repeated": 0, "api": "NtOpenKey", "arguments": [ { "name": "DesiredAccess", "value": "33554432" }, { "name": "KeyHandle", "value": "0x00000154" }, { "name": "ObjectAttributes", "value": "¥¥REGISTRY¥¥USER¥¥S-1-5-21-916742657-1382504153-4155998892-1001" } ], "id": 83 },
29 • • • ※ David H. Wolpert, The Supervised
Learning No-Free-Lunch Theorems, In Proc. 6th Online World Conference on Soft Computing in Industrial Applications, pp.25-42, 2001.
30 • AdaBoost, Gradient Boosting • Kaggle
DAF 31 Mohammad M. Masud, Latifur Khan, Bhavani Thuraisingham, A
scalable multi-level feature extraction technique to detect malicious executables, Information Systems Frontiers, Vol.10, Issue.1, pp.33-45, 2008. 16 DAF: Derived Assembly Features BFS: Binary N-gram Features