马胜豪与林宜安与马斯·程_注意力是语义检测所需的一切一种神经符号方法的变压器.pdf

1、#BHUSA BlackHatEventsAttention Is All You Need for Semantics DetectionA Novel Transformer on Neural-Symbolic ApproachSheng-Hao MaYi-An LinMars Chengaaaddress1marscheng_TXOne Networks|Keep the Operation RunningTXOne Threat Researcher From Sheng-Hao MaMars ChengThreat Research ManagerPSIRT and Threat

2、ResearchTeam LeadPSIRT and Threat ResearchYi-An LinThreat ResearcherPSIRT and Threat ResearchTXOne Networks|Keep the Operation RunningBackground and Pain PointsCuIDA(Cuda-trained Inference Decompiler Agent)API Use-define Walker of CFGSymbolic-sensitive Represent TokenizerMS Predefined Integer-Scale

3、SemanticsDeep Dive into Our Practical Neural-Symbolic TransformernnYarannShellcodennSymUnpackerUse One Transformer to Conquer All You Need for DetectionConclusion and TakeawaysOutline01|02|03|04|TXOne Networks|Keep the Operation RunningTXOne Networks|Keep the Operation RunningBackground and Pain Poi

4、ntsTXOne Networks|Keep the Operation RunningLets get straight to the point:the Dilemma of the Blue Team!In their daily duties,SOC personnel,digital forensics experts,malware analysts,and threat intelligence analysts frequently face challenging scenarios without dynamic execution as shown belowHighly

5、 Obfuscated Malware Windows ShellcodeCommercial Packerse.g.VMProtect,Themida,etc.TXOne Networks|Keep the Operation RunningPractice makes Perfect as a Malware Analyst?Through years of analyzing malware,such as in-the-wild obfuscated ransomware,malware analystsdeveloper professional intuition.It leads

6、 us to wonder Can we predict the function of the malware without actually executing it?Expert opinion:predicting the format of call sequences is possible with surprising accuracy(1.)Looks like FILE_FLAG Macroof CreateFile()at#2 argument(2.)So it should be File Handle?(3.)INVALID_HANDLE_VALUE?(4.)May