BigSnarf blog

Infosec FTW

Monthly Archives: November 2015

Malware Detection with Algebird LSH

http://arxiv.org/abs/1606.04662

Detection of polymorphic malware variants by identifying features based on static/dynamic analysis and usingĀ Locality-sensitive hashing (LSH) data structure for comparisons. Enrich? Geo? Host?

Couple papers?

http://link.springer.com/chapter/10.1007/978-3-319-23461-8_6

http://link.springer.com/chapter/10.1007/978-3-319-23461-8_8

Brute force comparison. Return distinct matches above threshold.

.flatMap { case (_, malwareIdSet) =>
      for {
        (malwareId1, sig1) <- malwareIdSet
        (malwareId2, sig2) <- malwareIdSet
        sim = minHasher.similarity(sig1, sig2)
         if (malwareId1 != malwareId2 && sim >= targetThreshold)
      } yield (malwareId1, malwareId2)
    }
    .distinct
Advertisements

T-Digest Algebird

Redis Analytics