/tech/ - Technology

Brought to you by archive.org

Posting mode: Reply

Check to confirm you're not a robot
Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Manage Board | Moderate Thread

Return | Catalog | Bottom

Expand All Images


Learning the PE Header, Malware Detection with Minimal Domain Knowledge Anonymous 09/06/2017 (Wed) 09:26:44 [Preview] No. 11029
Many efforts have been made to use various forms of domain knowledge in malware detection. Currently there exist two common approaches to malware detection without domain knowledge, namely byte n-grams and strings. In this work we explore the feasibility of applying neural networks to malware detection and feature learning. We do this by restricting ourselves to a minimal amount of domain knowledge in order to extract a portion of the Portable Executable (PE) header. By doing this we show that neural networks can learn from raw bytes without explicit feature construction, and perform even better than a domain knowledge approach that parses the PE header into explicit features.

An interesting approach to malware detection. For the next McAfee. Hey, when you're down in Guatemala in your jungle mansion, banging supple Latina teenagers, remember me, ok?


Anonymous 09/06/2017 (Wed) 09:35:35 [Preview] No. 11030 del
Ah, what the fuck? The pdf didn't attach.

nvm, I figured it out, there was a download error and it was a 0 byte file. It should work this time.


Anonymous 09/06/2017 (Wed) 11:26:06 [Preview] No. 11031 del
>malware detection
sponsored by Windows NT


Anonymous 09/06/2017 (Wed) 20:07:16 [Preview] No. 11034 del
>>11031
What a thoughtful contribution to the board. Thank you.


Anonymous 09/07/2017 (Thu) 00:11:39 [Preview] No. 11035 del
>>11034
There's no contribution when your thread is shit. This board is much focused on secure unix-like systems, that don't need "malware detection" bullshit, because the code is secure and protected by default, simple and correct.
This doesn't mean you can't bring something new about other systems, but the paradigm of systems that need "malware detection" is fundamentally wrong. If your system has known exploits, fix it. Don't put a bloatware to cover it for you.

If you want thoughtful contribution, post something interesting enough. Just getting the first paper you can find crossing tags like "compsec + ANN" isn't interesting enough.
Also, try not to post PDF, it's a bad format and most people here will not download it, so it's useless.


Anonymous 09/07/2017 (Thu) 01:46:07 [Preview] No. 11037 del
>>11035

I'm not sure whether you're more ignorant or arrogant, but you're plenty of both.

A lot of malware doesn't utilize any exploit at all, but relies on user error to run or to gain elevated privileges. The reason there's comparatively little malware in the wild for Unix-like systems is that they have so little marketshare outside of servers and embedded systems that it's not worth the time for most malware writers. Besides, there are plenty of insecure Unix-like systems connected to the internet that nobody bothers to exploit.

Whether you care about Windows or not, it's a relevant /tech/ topic, because most of the world is still using Windows on the desktop and laptops. Health care and financial systems are being threatened by malware. Your attitude is essentially "I'm going to whine and make my displeasure known when someone posts about something I don't like!" It's childish.

You're also a fucking idiot, since you apparently can't see that although this particular article deals with PE binaries on Windows platforms, the machine learning techniques they discuss could be extrapolated to create automated detection methods for malicious software on other platforms, as well.

PDF is an open format. There's no need for you to download the article, because you're not bright enough to understand it anyway, so don't worry about it. I don't really give a fuck what your preferences are, just like I don't care about your laughable, idiosyncratic little opinions.

In summary, fuck you.


Anonymous 09/07/2017 (Thu) 03:31:50 [Preview] No. 11038 del
>>11035 (me)
>>11037
>It's childish.
Did any of you reading ever thought that some people antagonise your thoughts because we want to generate more discussion? All you see is a childish behavior. I see more than you, it seems.

Anyway, in this case, you're wrong about some things:
>relies on user error to run or to gain elevated privileges.
People should be running on unprivileged user. If you can elevate privileges it's a software issue that should be fixed.
>Unix-like systems is that they have so little marketshare outside of servers and embedded systems
What? Android is the most used system in the world. Guess what? It's linux kernel. IOS and Mac OSX was also based on some modules from FreeBSD (before Darwin conception), and is unix-like.
>it's a relevant /tech/ topic
Windows is a lost case. We solve nothing discussing about it.
>create automated detection methods for malicious software on other platforms, as well.
Again, your system should not have holes. It maybe interesting for so protocol weakness that can't be solved, like TCP distributed DOS. Besides that, I can't see how it's useful, since your system (Windows) is already fucked by default.
>PDF is an open format.
It's compiled and can run javascript. Not safe.
>because you're not bright enough to understand it anyway
Indeed, I'm not.
>I don't really give a fuck what your preferences are
Neather myself. I don't care if "I" am right or wrong. I care about good discussions when using this thing we call internet.


Anonymous 09/07/2017 (Thu) 07:14:38 [Preview] No. 11039 del
>>11038
>because you're not bright enough to understand it anyway
>Indeed, I'm not.

I'm glad I saw this admission before bothering to respond to the rest of the garbage in your post. This is all that needs to be said, really. You're just shitting in a thread intended for your betters.


Anonymous 09/07/2017 (Thu) 19:09:48 [Preview] No. 11040 del
Properly designed systems need nothing but mandatory access control, a firewall and virtualized environments for proprietary bloatware. When chink snaps an outdated kernel with apache server and calls it (((IoT))), it doesn't mean that all currently running unices have the same user-friendly features like open telnet port and "admin" as root password. Antivirus bullshit is snake oil for boomers who can't stop clicking those flash banners.


Anonymous 09/07/2017 (Thu) 19:12:05 [Preview] No. 11041 del
>>11040
>When jew snaps a minix kernel with web server and calls it (((AMT))), it doesn't mean that all currently running firmwares have the same user-friendly features like open http port and "admin" as root password.
ishiggyddt


Anonymous 09/08/2017 (Fri) 01:27:41 [Preview] No. 11048 del
>>11038
>Breaking apart post by sentence
<neopets.com/forum
Perhaps you don't understand the forums' purpose. If you want to discuss wikipedia articles, there are better places that permit you to pretend to be doing something. HN is one such place that might suit you better.

PDF is interesting and adds more evidence to coming age of ML. Fortunately (or unfortunately if you refuse to learn) ML you'll be left behind as a metasploit monkey and etc., if you work in another field. No doubt some of the more wealthy AVs are already testing basic ML instead of regular hashes to check for warez. It seems like a much more efficient process than sandboxing a suspected snippet and running a sim.


Anonymous 09/08/2017 (Fri) 04:09:24 [Preview] No. 11050 del
>>11048
<Not breaking apart post by sentence
Where exactly I've cited wikipedia? I think you're confused anon.


Anonymous 09/08/2017 (Fri) 06:08:19 [Preview] No. 11051 del
malware detection = enumerating badness


Anonymous 09/08/2017 (Fri) 14:21:11 [Preview] No. 11052 del
>>11029
>In this work we explore the feasibility of applying neural networks to malware detection and feature learning.
buzz buzz buzzword. why do we care about some minor innovations to goy tech? the single one justification for antivirus to exist is that it purges outbreaks on machines owned by the goy who run outdated software and open untrusted executables (these people will have already have had their info stolen by the time the antivirus is updated to have a signature for such malware). it does not offer any security or any useful attribute to anyone who knows what they're doing. in particular, using NN to "detect malware" is just another heuristic full of false positives and will be once again, trivial to bypass.
>>11035
this
>>11037
PDF is worse than HTML in every way
inb4 >muh typography!11
>>11048
>Fortunately (or unfortunately if you refuse to learn) ML you'll be left behind as a metasploit monkey and etc
is this what people conclude when they reason on the level of memes?
>AVs check for warez
what did he mean by this
>It seems like a much more efficient process than sandboxing a suspected snippet and running a sim.
confirmed for not having a clue what you're talking about


Anonymous 09/08/2017 (Fri) 18:56:08 [Preview] No. 11059 del
>>11050
I see you have missed my wordplay. What you're doing is parroting information that brings nothing new to this discussion, but only regurgitations of ideas that can be found directly on the wikipedia articles of these topics.
>>11052
I would like all peoples from lainchan to please go back and learn from the beginning how to properly form sentences. Thank you. If you would like a serious discussion on my lack of understanding or the paper at hand, please initiate, otherwise you are worse than the boy who still visits and exudes neopets etiquette.



Top | Return | Catalog | Post a reply