A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Exploit Kits/ Machine Learning - Patrick Perry (BSides Augusta 2016) (Hacking Illustrated Series InfoSec Tutorial Videos)

Exploit Kits/ Machine Learning
Patrick Perry

I hypothesized that Exploit Kits change so frequently to avoid detection that in observing artifacts generated by each iteration of a kit over its life time that predictable trends will emerge. This is the sort of thing that has become possible to examine with modern machine learning techniques. Additionally, observing long running EK campaigns may give indications to how newer EK's may evolve over time. If this hypothesis is true it could provide rule writers the ability to make educated guesses to how the malware will change, before it changes. This might result in immediate detection of malware that is not currently known. The high usage of exploit kits and the rate of system infections before a new variation is known means that the ability to have some degree of predictive rules could go a long way in helping to protect networks. In this talk I will discuss the goals and results of my study as well as machine learning techniques used.

Patrick is a Systems Engineer at FireEye. He has a strong background in digital forensics and incident response as well as a keen interest in the legal aspects surrounding computer security and privacy. He was a special agent at DHS, a member of the GE-CIRT and currently focuses on detection for the Threat Analytics Platform at FireEye. He received an MS in Computer Science from James Madison University in 2013 where his thesis work involved exploiting a popular biometric fuzzy vault (cryptosystem) used for fingerprint authentication.

@pjbperry

Back to BSides Augusta 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast