book

Malware Data Science

by Joshua Saxe, Hillary Sanders

September 2018

Beginner to intermediate

272 pages

7h 34m

English

No Starch Press

Read now

Unlock full access

Cover Page
Title Page
Copyright Page
Dedication
About the Authors
About the Technical Reviewer
BRIEF CONTENTS
CONTENTS IN DETAIL
FOREWORD by Anup Ghosh
ACKNOWLEDGMENTS

INTRODUCTION
What Is Data Science?Why Data Science Matters for SecurityApplying Data Science to MalwareWho Should Read This Book?About This BookHow to Use the Sample Code and Data
1 BASIC STATIC MALWARE ANALYSIS
The Microsoft Windows Portable Executable FormatDissecting the PE Format Using pefileExamining Malware ImagesExamining Malware StringsSummary
2 BEYOND BASIC STATIC ANALYSIS: X86 DISASSEMBLY
Disassembly MethodsBasics of x86 Assembly LanguageDisassembling ircbot.exe Using pefile and capstoneFactors That Limit Static AnalysisSummary
3 A BRIEF INTRODUCTION TO DYNAMIC ANALYSIS
Why Use Dynamic Analysis?Dynamic Analysis for Malware Data ScienceBasic Tools for Dynamic AnalysisLimitations of Basic Dynamic AnalysisSummary
4 IDENTIFYING ATTACK CAMPAIGNS USING MALWARE NETWORKS
Nodes and EdgesBipartite NetworksVisualizing Malware NetworksBuilding Networks with NetworkXAdding Nodes and EdgesNetwork Visualization with GraphVizBuilding Malware NetworksBuilding a Shared Image Relationship NetworkSummary
5 SHARED CODE ANALYSIS
Preparing Samples for Comparison by Extracting FeaturesUsing the Jaccard Index to Quantify SimilarityUsing Similarity Matrices to Evaluate Malware Shared Code Estimation MethodsBuilding a Similarity GraphScaling Similarity ComparisonsBuilding a Persistent Malware Similarity Search SystemRunning the Similarity Search SystemSummary
6 UNDERSTANDING MACHINE LEARNING–BASED MALWARE DETECTORS
Steps for Building a Machine Learning–Based DetectorUnderstanding Feature Spaces and Decision BoundariesWhat Makes Models Good or Bad: Overfitting and UnderfittingMajor Types of Machine Learning AlgorithmsSummary
7 EVALUATING MALWARE DETECTION SYSTEMS
Four Possible Detection OutcomesConsidering Base Rates in Your EvaluationSummary
8 BUILDING MACHINE LEARNING DETECTORS
Terminology and ConceptsBuilding a Toy Decision Tree–Based DetectorBuilding Real-World Machine Learning Detectors with sklearnBuilding an Industrial-Strength DetectorEvaluating Your Detector’s PerformanceNext StepsSummary
9 VISUALIZING MALWARE TRENDS
Why Visualizing Malware Data Is ImportantUnderstanding Our Malware DatasetUsing matplotlib to Visualize DataUsing seaborn to Visualize DataSummary
10 DEEP LEARNING BASICS
What Is Deep Learning?How Neural Networks WorkTraining Neural NetworksTypes of Neural NetworksSummary
11 BUILDING A NEURAL NETWORK MALWARE DETECTOR WITH KERAS
Defining a Model’s ArchitectureCompiling the ModelTraining the ModelEvaluating the ModelEnhancing the Model Training Process with CallbacksSummary
12 BECOMING A DATA SCIENTIST
Paths to Becoming a Security Data ScientistA Day in the Life of a Security Data ScientistTraits of an Effective Security Data ScientistWhere to Go from Here
APPENDIX AN OVERVIEW OF DATASETS AND TOOLS
Overview of DatasetsTool Implementation Guide
Index

Overview

"Security has become a ""big data"" problem. The growth rate of malware has accelerated to tens of millions of new files per year while our networks generate an ever-larger flood of security-relevant data each day. In order to defend against these advanced attacks, you'll need to know how to think like a data scientist.

In Malware Data Science, security data scientist Joshua Saxe introduces machine learning, statistics, social network analysis, and data visualization, and shows you how to apply these methods to malware detection and analysis.

You'll learn how to:

• Analyze malware using static analysis• Observe malware behavior using dynamic analysis• Identify adversary groups through shared code analysis• Catch 0-day vulnerabilities by building your own machine learning detector• Measure malware detector accuracy• Identify malware campaigns, trends, and relationships through data visualization

Whether you're a malware analyst looking to add skills to your existing arsenal, or a data scientist interested in attack detection and threat intelligence, Malware Data Science will help you stay ahead of the curve."

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781492067672

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills