This event has ended. Visit the official site or create your own event on Sched.
Back To Schedule
Saturday, October 12 • 11:15am - 12:00pm
BT-3082 Learning to Rank Strings Output for Speedier Malware Analysis

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

StringSifter: Learning to Rank Strings Output for Speedier Malware Analysis
In static analysis, one of the most useful initial steps is to inspect a binary's printable characters via the Strings program. However, running Strings on a piece of malware inevitably produces noisy strings mixed in with important ones, which can only be uncovered after sifting through the entirety of its messy output. To address this, we are releasing StringSifter: a machine learning-based tool that automatically ranks strings based on their relevance for malware analysis. In our presentation, we'll show how StringSifter allows analysts to conveniently focus on strings located towards the top of its predicted output, and that it performs well based on criteria used to evaluate web search and recommendation engines. We’ll also demonstrate StringSifter live in action on sample binaries.

avatar for Philip Tully

Philip Tully

Staff Data Scientist, FireEye
As a Staff Data Scientist at FireEye, Philip Tully builds predictive models for detecting and categorizing malware. He earned his joint doctorate degree in computer science from the Royal Institute of Technology (KTH) and the University of Edinburgh. His research concerning the intersection... Read More →

Saturday October 12, 2019 11:15am - 12:00pm CDT
BONHAM 3-E | Expert 3 600 E Market St, San Antonio, TX Floor 3