In association with heise online

03 April 2012, 16:23

Adobe open sources Malware Classifier tool

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe logo Adobe has open sourced a tool for analysing and classifying malware to help security first responders, including malware analysts and security researchers. Called "Adobe Malware Classifier", the command-line tool is written in Python and was originally created for internal use by the Adobe Product Security Incident Response Team (PSIRT) "for quick malware triage".

According to its creator, Karthik Raman, an Adobe security researcher and former research scientist at McAfee Labs, the tool classifies Win32 binaries such as Windows executables (EXEs) and dynamic link libraries (DLLs) using machine learning algorithms into one of three categories: "0" for clean, "1" for malicious and "UNKNOWN".

Malware Classifier functions by extracting "seven key features" from an unknown binary and feeds the results into one or all of the classifiers, after which it presents its results. "The tool was developed using models resultant from running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a data set of approximately 100,000 malicious programs and 16,000 clean programs," added Raman.

Adobe Malware Classifier is available to download as a Python script from SourceForge is made available under a 3-clause BSD Licence.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1500289
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit