当前位置:首页 > 报告详情

LLMDYara:基于LLM的自动化YARA规则生成具有可解释文件特征和DNA哈希功能.pdf

上传人: 竿*** 编号:981896 2025-11-29 27页 5.97MB

1、#BHUSA BlackHatEventsLLMDYaraLLMDYara:LLMs:LLMs-Driven Automated YARA Rules Generation Driven Automated YARA Rules Generation with Explainable File Features and with Explainable File Features and DNAHashDNAHashXiaochen Wang,Yiping Liu,Xiaoman Wang,Cong ChengTeamTeamYiping LiuYiping is a security eng

2、ineer with a keen interest in reverse engineering,malware analysis,and related domains.Currently,she is focused on research in reverse engineering and binary malware detection at Alibaba Cloud.Xiaochen WangXiaochen is a security engineer with extensive expertise in reverse engineering and malware de

3、tection.At Alibaba Cloud,she currently focuses on static malware detection and the design and development of antivirus engine.Xiaoman WangXiaoman Wang is a Senior Security Engineer at Alibaba Cloud Security Center.He was a core member of the CTF team Never Stop Exploiting,Currently,he focuses on adv

4、anced malware analysis and building next-generation threat detection systems.Cong ChengCong Cheng is a Senior Security Engineer at Alibaba Cloud,interested in malware analysis,windows internals,and virtualization security.#BHUSA BlackHatEventsRising Malware ThreatsRising Malware ThreatsInefficient M

5、anual OperationsInefficient Manual Operations#BHUSA BlackHatEventsAutomated YARA Rules Generation2013YARAYARAAn industry standard regular expression tool designed for malware analysis.YarGenYarGenUse a Na ve Bayes model to score the potential utility of features that can be extracted from a binary,p

6、redominately strings.20142019VxSigVxSigUses a least-common-subsequence(LCS)algorithm to find byte sequences,extracted from functions,that appear to be common to all files in the given sample.AutoYaraAutoYaraLeverage work in finding frequent larger n-grams,for n(8-1024),to find several candidate byte

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《LLMDYara: LLMs-Driven Automated YARA Rules Generation》文章,主要内容如下: 1. **背景**:面对日益增长的恶意软件威胁和手动操作的效率低下,自动化YARA规则生成成为必要。 2. **方法**:LLMDYara方法通过特征提取、过滤和基于LLM的特征决策来生成规则。 3. **特征提取**:包括字符串特征、函数特征和文件DNAHash特征。 4. **特征过滤**:通过深度过滤自然语言字符串和函数特征来减少误报。 5. **LLM决策**:利用LLM进行字符串和函数特征的选择,提高规则质量。 6. **规则生成**:生成针对近期活跃恶意软件的规则,并在2.3百万良性样本上测试,减少误报。 7. **结果**:与AutoYara相比,LLMDYara在规则生成和误报控制方面表现更优。
如何提升YARA规则生成效率?" LLM如何助力?" "LLM在文件特征提取中的应用揭秘!"
客服
商务合作
小程序
服务号
折叠