Showing posts from May, 2020

SignatureMiner : Anti-Virus Signature Intelligence Tool

SignatureMiner, a semisupervised security framework for Anti-Virus signatures featuring normalization, customization, clustering and knowledge discovery. SignatureMiner is based on MinHash and regular expressions and can be used both for malware label classification and signature-based analytics. (SignatureMiner: A Fast Anti-Virus Signature Intelligence Tool - IEEE Conference Publication, 2020) SignatureMiner is a python tool to mine information from cryptic Antivirus software signatures. It was designed to extract consensus about malware types from the outputs of Multi-scanner tools, but can be leveraged to extract (or mine) useful insights from the signatures themselves. SignatureMiner leverages the well-known minhashing approach to cluster together tokens extracted from clean AV signatures. Those clusters have to be supervised by the user to write some regular expression rules (in python) that SignatureMiner can convert into classification directives. To do this, SignatureM