Cargando…
Malware data science : attack detection and attribution /
Malware Data Science explains how to identify, analyze, and classify large-scale malware using machine learning and data visualization. Security has become a "big data" problem. The growth rate of malware has accelerated to tens of millions of new files per year while our networks generate...
| Clasificación: | Libro Electrónico |
|---|---|
| Autores principales: | , |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
San Francisco, CA :
No Starch Press,
[2018]
|
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Intro
- Title Page
- Copyright Page
- Dedication
- About the Authors
- About the Technical Reviewer
- BRIEF CONTENTS
- CONTENTS IN DETAIL
- FOREWORD by Anup Ghosh
- ACKNOWLEDGMENTS
- INTRODUCTION
- What Is Data Science?
- Why Data Science Matters for Security
- Applying Data Science to Malware
- Who Should Read This Book?
- About This Book
- How to Use the Sample Code and Data
- 1 BASIC STATIC MALWARE ANALYSIS
- The Microsoft Windows Portable Executable Format
- Dissecting the PE Format Using pefile
- Examining Malware Images
- Examining Malware Strings
- Summary
- 2 BEYOND BASIC STATIC ANALYSIS: X86 DISASSEMBLY
- Disassembly Methods
- Basics of x86 Assembly Language
- Disassembling ircbot.exe Using pefile and capstone
- Factors That Limit Static Analysis
- Summary
- 3 A BRIEF INTRODUCTION TO DYNAMIC ANALYSIS
- Why Use Dynamic Analysis?
- Dynamic Analysis for Malware Data Science
- Basic Tools for Dynamic Analysis
- Limitations of Basic Dynamic Analysis
- Summary
- 4 IDENTIFYING ATTACK CAMPAIGNS USING MALWARE NETWORKS
- Nodes and Edges
- Bipartite Networks
- Visualizing Malware Networks
- Building Networks with NetworkX
- Adding Nodes and Edges
- Network Visualization with GraphViz
- Building Malware Networks
- Building a Shared Image Relationship Network
- Summary
- 5 SHARED CODE ANALYSIS
- Preparing Samples for Comparison by Extracting Features
- Using the Jaccard Index to Quantify Similarity
- Using Similarity Matrices to Evaluate Malware Shared Code Estimation Methods
- Building a Similarity Graph
- Scaling Similarity Comparisons
- Building a Persistent Malware Similarity Search System
- Running the Similarity Search System
- Summary
- 6 UNDERSTANDING MACHINE LEARNING-BASED MALWARE DETECTORS
- Steps for Building a Machine Learning-Based Detector.
- Understanding Feature Spaces and Decision Boundaries
- What Makes Models Good or Bad: Overfitting and Underfitting
- Major Types of Machine Learning Algorithms
- Summary
- 7 EVALUATING MALWARE DETECTION SYSTEMS
- Four Possible Detection Outcomes
- Considering Base Rates in Your Evaluation
- Summary
- 8 BUILDING MACHINE LEARNING DETECTORS
- Terminology and Concepts
- Building a Toy Decision Tree-Based Detector
- Building Real-World Machine Learning Detectors with sklearn
- Building an Industrial-Strength Detector
- Evaluating Your Detector's Performance
- Next Steps
- Summary
- 9 VISUALIZING MALWARE TRENDS
- Why Visualizing Malware Data Is Important
- Understanding Our Malware Dataset
- Using matplotlib to Visualize Data
- Using seaborn to Visualize Data
- Summary
- 10 DEEP LEARNING BASICS
- What Is Deep Learning?
- How Neural Networks Work
- Training Neural Networks
- Types of Neural Networks
- Summary
- 11 BUILDING A NEURAL NETWORK MALWARE DETECTOR WITH KERAS
- Defining a Model's Architecture
- Compiling the Model
- Training the Model
- Evaluating the Model
- Enhancing the Model Training Process with Callbacks
- Summary
- 12 BECOMING A DATA SCIENTIST
- Paths to Becoming a Security Data Scientist
- A Day in the Life of a Security Data Scientist
- Traits of an Effective Security Data Scientist
- Where to Go from Here
- APPENDIX AN OVERVIEW OF DATASETS AND TOOLS
- Overview of Datasets
- Tool Implementation Guide
- Index.