book

Malware Data Science

by Joshua Saxe, Hillary Sanders

September 2018

Beginner to intermediate

272 pages

7h 34m

English

No Starch Press

Read now

Unlock full access

What Is Data Science?Why Data Science Matters for SecurityApplying Data Science to MalwareWho Should Read This Book?About This BookHow to Use the Sample Code and Data
The Microsoft Windows Portable Executable FormatDissecting the PE Format Using pefileExamining Malware ImagesExamining Malware StringsSummary
Disassembly MethodsBasics of x86 Assembly LanguageDisassembling ircbot.exe Using pefile and capstoneFactors That Limit Static AnalysisSummary
Why Use Dynamic Analysis?Dynamic Analysis for Malware Data ScienceBasic Tools for Dynamic AnalysisLimitations of Basic Dynamic AnalysisSummary
Nodes and EdgesBipartite NetworksVisualizing Malware NetworksBuilding Networks with NetworkXAdding Nodes and EdgesNetwork Visualization with GraphVizBuilding Malware NetworksBuilding a Shared Image Relationship NetworkSummary
Preparing Samples for Comparison by Extracting FeaturesUsing the Jaccard Index to Quantify SimilarityUsing Similarity Matrices to Evaluate Malware Shared Code Estimation MethodsBuilding a Similarity GraphScaling Similarity ComparisonsBuilding a Persistent Malware Similarity Search SystemRunning the Similarity Search SystemSummary
Steps for Building a Machine Learning–Based DetectorUnderstanding Feature Spaces and Decision BoundariesWhat Makes Models Good or Bad: Overfitting and UnderfittingMajor Types of Machine Learning AlgorithmsSummary
Four Possible Detection OutcomesConsidering Base Rates in Your EvaluationSummary
Terminology and ConceptsBuilding a Toy Decision Tree–Based DetectorBuilding Real-World Machine Learning Detectors with sklearnBuilding an Industrial-Strength DetectorEvaluating Your Detector’s PerformanceNext StepsSummary
Why Visualizing Malware Data Is ImportantUnderstanding Our Malware DatasetUsing matplotlib to Visualize DataUsing seaborn to Visualize DataSummary
What Is Deep Learning?How Neural Networks WorkTraining Neural NetworksTypes of Neural NetworksSummary
Defining a Model’s ArchitectureCompiling the ModelTraining the ModelEvaluating the ModelEnhancing the Model Training Process with CallbacksSummary
Paths to Becoming a Security Data ScientistA Day in the Life of a Security Data ScientistTraits of an Effective Security Data ScientistWhere to Go from Here
Overview of DatasetsTool Implementation Guide

Content preview from Malware Data Science

4IDENTIFYING ATTACK CAMPAIGNS USING MALWARE NETWORKS

Malware network analysis can turn malware datasets into valuable threat intelligence, revealing adversarial attack campaigns, common malware tactics, and sources of malware samples. This approach consists of analyzing the ways in which groups of malware samples are connected by their shared attributes, whether those are embedded IP addresses, hostnames, strings of printable characters, graphics, or similar.

For example, Figure 4-1 shows an example of the power of malware network analysis in a chart that took only seconds to generate with the techniques you’ll learn in this chapter.

Figure 4-1: ...