Automatic Yara Rule Generation Using Biclustering

Raff, Edward; Zak, Richard; Munoz, Gary Lopez; Fleming, William; Anderson, Hyrum S.; Filar, Bobby; Nicholas, Charles; Holt, James

doi:10.1145/3411508.3421372

Cited by 16 publications

(7 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Its primary objective is to be able to identify groups of genes that act equally under a subset of samples (conditions). But the pioneering literature algorithms have shown certain limitations on the quality of biclusters that were unveiled [ 2 ].…”

Section: Introductionmentioning

confidence: 99%

Healthcare Biclustering-Based Prediction on Gene Expression Dataset

Ramkumar¹,

Basker²,

Duraisamy³

et al. 2022

BioMed Research International

View full text Add to dashboard Cite

In this paper, we develop a healthcare biclustering model in the field of healthcare to reduce the inconveniences linked to the data clustering on gene expression. The present study uses two separate healthcare biclustering approaches to identify specific gene activity in certain environments and remove the duplication of broad gene information components. Moreover, because of its adequacy in the problem where populations of potential solutions allow exploration of a greater portion of the research area, machine learning or heuristic algorithm has become extensively used for healthcare biclustering in the field of healthcare. The study is evaluated in terms of average match score for nonoverlapping modules, overlapping modules through the influence of noise for constant bicluster and additive bicluster, and the run time. The results show that proposed FCM blustering method has higher average match score, and reduced run time proposed FCM than the existing PSO-SA and fuzzy logic healthcare biclustering methods.

show abstract

Section: Introductionmentioning

confidence: 99%

Healthcare Biclustering-Based Prediction on Gene Expression Dataset

Ramkumar¹,

Basker²,

Duraisamy³

et al. 2022

BioMed Research International

View full text Add to dashboard Cite

show abstract

“…However, the same research also shows YARA rules rely on unpacked samples to trigger the identified traits within the YARA rules and this is similar to current MAA systems. More recently, Raff et al [96] tackle the labor-intensive problem and develop the state-of-the-art to automatically generate YARA rules using malware. Similar to the research by Bassat and Cohen [15], Kaspersky developed a Threat Attribution tool based on APT malware binary similarity [60].…”

Section: Binary Similarity and Yara Rulesmentioning

confidence: 99%

Identifying Authorship Style in Malicious Binaries: Techniques, Challenges & Datasets

Gray,

Sgandurra,

Cavallaro

2021

Preprint

View full text Add to dashboard Cite

Attributing a piece of malware to its creator typically requires threat intelligence. Binary attribution increases the level of difficulty as it mostly relies upon the ability to disassemble binaries to identify authorship style. Our survey explores malicious author style and the adversarial techniques used by them to remain anonymous. We examine the adversarial impact on the state-of-the-art methods. We identify key findings and explore the open research challenges. To mitigate the lack of ground truth datasets in this domain, we publish alongside this survey the largest and most diverse metainformation dataset of 15,660 malware labeled to 164 threat actor groups.

show abstract

“…ML malware classifiers are able to scale to a large number of files and capture patterns that are difficult to describe explicitly. Together with rule-based approaches (e.g., Yara rules [55]), malware classifiers often serve as the first line of defense before sending difficult cases to more time-consuming analyses (e.g., manual inspection).…”

Section: Introductionmentioning

confidence: 99%

Jigsaw Puzzle: Selective Backdoor Attack to Subvert Malware Classifiers

Yang¹,

Chen²,

Cortellazzi³

et al. 2022

Preprint

View full text Add to dashboard Cite

Malware classifiers are subject to training-time exploitation due to the need to regularly retrain using samples collected from the wild. Recent work has demonstrated the feasibility of backdoor attacks against malware classifiers, and yet the stealthiness of such attacks is not well understood. In this paper, we investigate this phenomenon under the clean-label setting (i.e., attackers do not have complete control over the training or labeling process). Empirically, we show that existing backdoor attacks in malware classifiers are still detectable by recent defenses such as MNTD. To improve stealthiness, we propose a new attack, Jigsaw Puzzle (JP), based on the key observation that malware authors have little to no incentive to protect any other authors' malware but their own. As such, Jigsaw Puzzle learns a trigger to complement the latent patterns of the malware author's samples, and activates the backdoor only when the trigger and the latent pattern are pieced together in a sample. We further focus on realizable triggers in the problem space (e.g., software code) using bytecode gadgets broadly harvested from benign software. Our evaluation confirms that Jigsaw Puzzle is effective as a backdoor, remains stealthy against state-of-the-art defenses, and is a threat in realistic settings that depart from reasoning about feature-space only attacks. We conclude by exploring promising approaches to improve backdoor defenses.

show abstract

Automatic Yara Rule Generation Using Biclustering

Cited by 16 publications

References 21 publications

Healthcare Biclustering-Based Prediction on Gene Expression Dataset

Healthcare Biclustering-Based Prediction on Gene Expression Dataset

Identifying Authorship Style in Malicious Binaries: Techniques, Challenges & Datasets

Jigsaw Puzzle: Selective Backdoor Attack to Subvert Malware Classifiers

Contact Info

Product

Resources

About