I hypothesized that Exploit Kits change so frequently to avoid detection that in observing artifacts generated by each iteration of a kit over its life time that predictable trends will emerge. This is the sort of thing that has become possible to examine with modern machine learning techniques. Additionally, observing long running EK campaigns may give indications to how newer EK's may evolve over time. If this hypothesis is true it could provide rule writers the ability to make educated guesses to how the malware will change, before it changes. This might result in immediate detection of malware that is not currently known. The high usage of exploit kits and the rate of system infections before a new variation is known means that the ability to have some degree of predictive rules could go a long way in helping to protect networks. In this talk I will discuss the goals and results of my study as well as machine learning techniques used.
Patrick is a Systems Engineer at FireEye. He has a strong background in digital forensics and incident response as well as a keen interest in the legal aspects surrounding computer security and privacy. He was a special agent at DHS, a member of the GE-CIRT and currently focuses on detection for the Threat Analytics Platform at FireEye. He received an MS in Computer Science from James Madison University in 2013 where his thesis work involved exploiting a popular biometric fuzzy vault (cryptosystem) used for fingerprint authentication.
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek