Millions of new malware samples are identified each week, but most are simply variants of well-known families. Finding a means to automatically group these families enables researchers to focus their time on the truly interesting samples. Machine learning clustering algorithms are perfect for this task. WINTER CLUSTER is a four hour, hands-on workshop that introduces machine learning and malware analysis. Students will build a foundation on these topics and create an interactive malware clustering tool from scratch. After the conference, attendees can immediately integrate “the Agglomerator” into their real-world or R&D environments.
The first hour of the workshop provides the students with a taste of machine learning. WINTER CLUSTER covers both classification and clustering algorithms, but focuses on the intuition behind each approach. In the first lab session, students work with an industrial-grade machine learning toolkit to rapidly triage a large dataset and identify threats.
The second hour of the workshop has students dive into malware analysis. WINTER CLUSTER presents common techniques for static and dynamic analysis. Throughout this session, the authors place an emphasis on identifying features appropriate for machine learning algorithms. In this session, students dissect real malware and manually identify similarities among the samples.
After a break, the third and fourth hour of the workshop takes the newly formed expertise and applies it towards the problem: "How can we handle a firehose of malware?". Students build an automated malware clustering tool that discovers relationships among samples. As they identify and extract robust features, the tool agglomerates binaries into families. WINTER CLUSTER concludes by exploring how attendees can implement a similar system in their research or professional environment.
Attendees of the workshop are encouraged to bring a laptop with VMware in order to participate in the labs. The speakers will provide a virtual machine with all required software and frameworks.