Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
マルウェアを機械学習する前に
Search
Yuma Kurogome
February 13, 2016
Programming
3
1.7k
マルウェアを機械学習する前に
Kaggle - Malware Classification Challenge勉強会 connpass.com/event/25007/ 発表資料
Yuma Kurogome
February 13, 2016
Tweet
Share
More Decks by Yuma Kurogome
See All by Yuma Kurogome
The Art of De-obfuscation
ntddk
16
27k
死にゆくアンチウイルスへの祈り
ntddk
55
39k
Windows Subsystem for Linux Internals
ntddk
10
3.1k
なぜマルウェア解析は自動化できないのか
ntddk
6
4.3k
Linear Obfuscation to Drive angr Angry
ntddk
4
860
CAPTCHAとボットの共進化
ntddk
2
1.2k
Peeling Onions
ntddk
7
3.7k
仮想化技術を用いたマルウェア解析
ntddk
8
27k
An Introduction to Drawbridge(ja)
ntddk
11
3.4k
Other Decks in Programming
See All in Programming
AIと人間の共創開発!OSSで試行錯誤した開発スタイル
mae616
2
820
Android16 Migration Stories ~Building a Pattern for Android OS upgrades~
reoandroider
0
140
GC25 Recap: The Code You Reviewed is Not the Code You Built / #newt_gophercon_tour
mazrean
0
110
バッチ処理を「状態の記録」から「事実の記録」へ
panda728
PRO
0
190
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
500
3年ぶりにコードを書いた元CTOが Claude Codeと30分でMVPを作った話
maikokojima
0
650
コードとあなたと私の距離 / The Distance Between Code, You, and I
hiro_y
0
200
Goで実践するドメイン駆動開発 AIと歩み始めた新規プロダクト開発の現在地
imkaoru
4
910
AI Agent 時代的開發者生存指南
eddie
4
2.1k
エンジニアインターン「Treasure」とHonoの2年、そして未来へ / Our Journey with Hono Two Years at Treasure and Beyond
carta_engineering
0
430
登壇は dynamic! な営みである / speech is dynamic
da1chi
0
360
When Dependencies Fail: Building Antifragile Applications in a Fragile World
selcukusta
0
110
Featured
See All Featured
Being A Developer After 40
akosma
91
590k
How to train your dragon (web standard)
notwaldorf
97
6.3k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.1k
The Cost Of JavaScript in 2023
addyosmani
55
9.1k
Context Engineering - Making Every Token Count
addyosmani
8
300
Optimizing for Happiness
mojombo
379
70k
Speed Design
sergeychernyshev
32
1.2k
Side Projects
sachag
455
43k
Build The Right Thing And Hit Your Dates
maggiecrowley
38
2.9k
GraphQLとの向き合い方2022年版
quramy
49
14k
A Tale of Four Properties
chriscoyier
161
23k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
Transcript
@ntddk Kaggle - Malware Classification Challenge 2016.02.13 1
• http://ntddk.github.io/ • 2
3
4
Kaggle 5 https://www.kaggle.com/
6 • • • ※ David H. Wolpert, The Supervised
Learning No-Free-Lunch Theorems, In Proc. 6th Online World Conference on Soft Computing in Industrial Applications, pp.25-42, 2001.
7 • • • ※ David H. Wolpert, The Supervised
Learning No-Free-Lunch Theorems, In Proc. 6th Online World Conference on Soft Computing in Industrial Applications, pp.25-42, 2001.
8 There ain't no such thing as a free lunch
http://www.amazon.co.jp/dp/4150117489 http://www.amazon.co.jp/dp/B00GJMUKMG/ http://www.amazon.co.jp/dp/4150312133/
9 There ain't no such thing as a free lunch
http://www.amazon.co.jp/dp/4150117489 http://www.amazon.co.jp/dp/B00GJMUKMG/ http://www.amazon.co.jp/dp/4150312133/
10 http://blog.kaggle.com/
11 x η g a b c x …
12 x η g a b c x …
13 • • A B Satoshi Watanabe, Knowing and Guessing
― Quantitative Study of Inference and Information John Wiley & Sons, 1969.
14 • • A B Satoshi Watanabe, Knowing and Guessing
― Quantitative Study of Inference and Information John Wiley & Sons, 1969.
15 • • • •
16 https://www.av-test.org/en/statistics/malware/
17 http://www.mcafee.com/jp/resources/reports/rp-quarterly-threat-q2-2015.pdf
18 http://www.mcafee.com/jp/resources/reports/rp-quarterly-threat-q2-2015.pdf http://www.mcafee.com/jp/resources/reports/rp-threats-predictions-2016.pdf
19 • KERNEL32!VirtualAllocStub • KERNEL32!VirtualProtectStub • KERNEL32!OpenProcessStub • KERNEL32!OpenThreadStub •
…
20 CSEC: MWS: http://www.iwsec.org/mws/2015/about.html
21 https://www.kaggle.com/c/malware-classification/data 16
22 • https://virusshare.com/ • http://malware-traffic-analysis.net/
23 • • • •
24 • • • • API PE
25 https://github.com/corkami/
26 • • • • • •
27 #include <windows.h> typedef int (WINAPI *LPFNMESSAGEBOXW)(HWND, LPCWSTR, LPCWSTR, UINT);
int main() { HMODULE hmod = LoadLibrary(TEXT("user32.dll")); LPFNMESSAGEBOXW lpfnMessageBoxW = (LPFNMESSAGEBOXW)GetProcAddress(hmod, "MessageBoxW"); lpfnMessageBoxW(NULL, L"Hello, world!", L"Test", MB_OK); FreeLibrary(hmod); return 0; } •
28 { "category": "registry", "status": true, "return": "0x00000000", "timestamp": "2015-05-24
02:46:50,773", "thread_id": "3220", "repeated": 0, "api": "NtOpenKey", "arguments": [ { "name": "DesiredAccess", "value": "33554432" }, { "name": "KeyHandle", "value": "0x00000154" }, { "name": "ObjectAttributes", "value": "¥¥REGISTRY¥¥USER¥¥S-1-5-21-916742657-1382504153-4155998892-1001" } ], "id": 83 },
29 • • • ※ David H. Wolpert, The Supervised
Learning No-Free-Lunch Theorems, In Proc. 6th Online World Conference on Soft Computing in Industrial Applications, pp.25-42, 2001.
30 • AdaBoost, Gradient Boosting • Kaggle
DAF 31 Mohammad M. Masud, Latifur Khan, Bhavani Thuraisingham, A
scalable multi-level feature extraction technique to detect malicious executables, Information Systems Frontiers, Vol.10, Issue.1, pp.33-45, 2008. 16 DAF: Derived Assembly Features BFS: Binary N-gram Features