Adobe releases open source malware classification tool
Programmers question the quality of Adobe Malware Classifier tool's code
IDG News Service - Adobe Systems has released a malware classification tool in order to help security incident first responders, malware analysts and security researchers more easily identify malicious binary files.
The Adobe Malware Classifier tool uses machine learning algorithms to classify Windows executable and dynamic link library (DLL) files as clean, malicious or unknown, Adobe security engineer Karthik Raman said in a recent blog post.
Raman originally developed Malware Classifier for in-house use by Adobe's Product Security Incident Response (PSIRT) Team.
"Part of what we do at PSIRT is respond to security incidents," Raman said. "Sometimes this involves analyzing malware. To make life easier, I wrote a Python tool for quick malware triage for our team."
When run, the tool extracts seven key attributes from every analyzed binary file and compares them to data obtained by running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a set of 100,000 malicious programs and 16,000 clean ones, Raman said.
Adobe has decided to release the Python script publicly under an open source BSD license. It is available for download from SourceForge.
However, various programmers have questioned the quality of the tool's code on Twitter and other social media websites, because of its heavy use of conditional statements.
The tool's source code is being discussed on Reddit, under the headline "How not to write python, Part 1 - Thanks Adobe," but some of the participants have pointed out that the complex conditionals are the result of the direct inclusion of an J48 decision tree classifier.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!