LLMDYara：基于LLM的自动化YARA规则生成具有可解释文件特征和DNA哈希功能.pdf

《LLMDYara：基于LLM的自动化YARA规则生成具有可解释文件特征和DNA哈希功能.pdf》由会员分享，可在线阅读，更多相关《LLMDYara：基于LLM的自动化YARA规则生成具有可解释文件特征和DNA哈希功能.pdf（27页珍藏版）》请在三个皮匠报告上搜索。

1、#BHUSA BlackHatEventsLLMDYaraLLMDYara:LLMs:LLMs-Driven Automated YARA Rules Generation Driven Automated YARA Rules Generation with Explainable File Features and with Explainable File Features and DNAHashDNAHashXiaochen Wang,Yiping Liu,Xiaoman Wang,Cong ChengTeamTeamYiping LiuYiping is a security eng

2、ineer with a keen interest in reverse engineering,malware analysis,and related domains.Currently,she is focused on research in reverse engineering and binary malware detection at Alibaba Cloud.Xiaochen WangXiaochen is a security engineer with extensive expertise in reverse engineering and malware de

3、tection.At Alibaba Cloud,she currently focuses on static malware detection and the design and development of antivirus engine.Xiaoman WangXiaoman Wang is a Senior Security Engineer at Alibaba Cloud Security Center.He was a core member of the CTF team Never Stop Exploiting,Currently,he focuses on adv

4、anced malware analysis and building next-generation threat detection systems.Cong ChengCong Cheng is a Senior Security Engineer at Alibaba Cloud,interested in malware analysis,windows internals,and virtualization security.#BHUSA BlackHatEventsRising Malware ThreatsRising Malware ThreatsInefficient M

5、anual OperationsInefficient Manual Operations#BHUSA BlackHatEventsAutomated YARA Rules Generation2013YARAYARAAn industry standard regular expression tool designed for malware analysis.YarGenYarGenUse a Na ve Bayes model to score the potential utility of features that can be extracted from a binary,p

6、redominately strings.20142019VxSigVxSigUses a least-common-subsequence(LCS)algorithm to find byte sequences,extracted from functions,that appear to be common to all files in the given sample.AutoYaraAutoYaraLeverage work in finding frequent larger n-grams,for n(8-1024),to find several candidate byte