BigSnarf blog

Infosec FTW

J48, J48 Graft, PART, and Ridor for classification of 100,000 malicious vs 16,000 clean programs

clustering

Perform quick, easy classification of binaries for malware analysis.

Malware Classifier is a command-line tool that lets antivirus analysts, IT administrators, and security researchers quickly and easily determine if a binary file contains malware: so they can develop malware detection signatures faster, reducing the time during which users’ systems are vulnerable.

The tool uses machine-learning algorithms to classify Win32 binaries – EXEs and DLLs – into three classes: 0 for “clean,” 1 for “malicious,” or “UNKNOWN.”

The tool extracts seven key features from an unknown binary, feeds them to one of the four classifiers or all of them, and presents its classification of the unknown binary as “clean,” “malicious,” or “unknown.”

The tool was developed using models resultant from running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a dataset of approximately 100,000 malicious programs and 16,000 clean programs.

http://sourceforge.net/adobe/malclassifier/wiki/Home/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: