New @elastic blog post "Discovering anomalous patterns based on parent-child process relationships" covers a lot of material from my ProblemChild @CamlisOrg talk.
Excited to see @elastic open up its detection rules repo. Blog post by @rw_access does a great job detailing how to get rules into your detection engine and how best to contribute to the community.
Finally releasing MalwareRL, an OpenAI gym for Ember and MalConv malware classifiers. This builds on the RL research @drhyrum@mrphilroth and I did on malware evasions. There are new binary modifications and a baseline (random) agent to get you started.
You're right these can definitely can be used as an alternative, but they are still not ventilators.
Saying that you sent ventilators when you actually sent CPAP machines is why articles like this get written.
About to give my talk at #VB2019 on using ML and graph theory to identify malicious process chains in event data. Slides here:
docs.google.com/presentation/d…
I am beyond excited about the SecML team's work here @elastic. This post shows how our team uses transforms to identify beaconing malware.
We hope this post encourages security researchers to prototype new statistical models to detect bad in their data!
elastic.co/blog/identifyi…
- Where do they get training data?
- How do they generate labels?
- What are the performance metric?
- How often are models retrained? (Do they degrade over time?)
- How well does it generalize to previously unobserved samples/events?
"Machine Learning in Cyber-Security - Problems, Challenges and Data Sets" by researchers @shodanhq and @PaloAltoNtwks Really nice set of topics/datasets
Updated slides from my @CamlisOrg talk on using ML/Graph analysis to discover malicious parent-child process communities aka ProblemChild.
docs.google.com/presentation/d…
Just came across @struppigel's "Malware Analysis For Hedgehogs" channel. His breakdown of the Basic Structure of PE Files is super helpful for Data Scientists who may be working on malware classification. Very simple, intuitive explanations.