Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Use Machines To Analyze Malware

Posted by ryuzaki0 on from the bugs-under-glass dept.

Krishna Dagli writes to mention a Register article about a mechanical process for analyzing malware. Using an automated system, researchers are able to more accurately classify the often randomly-named bots and viruses that plague us. From the article: "The researchers modeled a piece of malicious software as the series of actions that the software takes at the operating system level. Referred to as 'events' in a paper written by Lee and anti-malware program team manager Jigar Mody, the actions can include data copying, changing registry keys and opening network connections. The researchers then trained a recognition engine using an adaptive clustering algorithm - similar to self-organising maps - and classified a previously unseen subset of malware using the trained system. Using more clusters typically resulted in better classification. When the software samples were classified based on 100 events, accuracy fell below 80 per cent, while classification based on 500 and 1,000 events typically has accuracy rates above 90 per cent."

7 of 55 comments (clear)

  1. Better classification means better naming by mrogers · · Score: 5, Funny

    Now instead of obscure names like W32/worm.169/06A they can give them meaningful names like W32/fucks.your.harddrive.and.emails.itself.to.all. your.friends.169/06A.

  2. Bugged? by Anonymous Coward · · Score: 2, Funny

    I think the program is bugged, it keeps telling me that something called Windows is malware.

  3. Re:The future is now by ciroknight · · Score: 2, Funny

    New classification system eh? Sounds good to me...

    "Pandavirus/2006Tokyo is in Domain Malware, Kingdom Microsoft, Phylum Spyus Maximus, Class Claria, Order Adicus Wearicus, Family Panda."

    --
    "Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
  4. Hmm... by Ichigo+Kurosaki · · Score: 3, Funny

    Researchers Use Machines To Analyze Malware

    as opposed to punch cards?

  5. what is that new malware subset? by gbjbaanb · · Score: 2, Funny

    and classified a previously unseen subset of malware using the trained system

    automated systems determined that the new worm, W32.setup/install.exe is the most prevalent ever, due to the success of its social-engineering attack vector.

  6. "us" ???? by Wingsy · · Score: 4, Funny

    "...bots and viruses that plague us" What's this "us" shit Kemosabe? I've never experienced any bots and/or viruses in the past 5 years or more. What kinda system are you running that has this affliction?

    --
    If I didn't have absolutely NOTHING to do, I wouldn't be here.
  7. Steampunk Anti-Virus by Anonymous Coward · · Score: 1, Funny

    >a mechanical process for analyzing malware.

    Do you mean it is steam or internal combustion powered? Based on a huge Babbage differential engine, programmed with cards in Lady Ada language? It must be since it is mechanical! The MODUS, a stack of most advanced cards for automated malware analysis is the subject of an international conspiracy. And the London smog gets denser every day.