Name: BT-3082 Learning to Rank Strings Output for Speedier Malware Analysis
Start: 2019-10-12T11:15:00-0500
End: 2019-10-12T12:00:00-0500

WELCOME TO THE TEXAS CYBER SUMMIT

Back To Schedule

BT-3082 Learning to Rank Strings Output for Speedier Malware Analysis

Feedback form is now closed.

StringSifter: Learning to Rank Strings Output for Speedier Malware Analysis
In static analysis, one of the most useful initial steps is to inspect a binary's printable characters via the Strings program. However, running Strings on a piece of malware inevitably produces noisy strings mixed in with important ones, which can only be uncovered after sifting through the entirety of its messy output. To address this, we are releasing StringSifter: a machine learning-based tool that automatically ranks strings based on their relevance for malware analysis. In our presentation, we'll show how StringSifter allows analysts to conveniently focus on strings located towards the top of its predicted output, and that it performs well based on criteria used to evaluate web search and recommendation engines. We’ll also demonstrate StringSifter live in action on sample binaries.

Speakers

Philip Tully

Staff Data Scientist, FireEye

As a Staff Data Scientist at FireEye, Philip Tully builds predictive models for detecting and categorizing malware. He earned his joint doctorate degree in computer science from the Royal Institute of Technology (KTH) and the University of Edinburgh. His research concerning the intersection... Read More →

Saturday October 12, 2019 11:15am - 12:00pm CDT
BONHAM 3-E | Expert 3 600 E Market St, San Antonio, TX Floor 3

Hands-On, Malware Analysis

Company FireEye
Audience midlevel, Advanced
Subject Malware
Area Deep Walk-Through

Texas Cyber Summit II

Philip Tully

Attendees (40)

Waitlist (5)

Texas Cyber Summit II

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Philip Tully

Attendees (40)

Waitlist (5)