SignatureMiner : Anti-Virus Signature Intelligence Tool


SignatureMiner, a semisupervised security framework for Anti-Virus signatures featuring normalization, customization, clustering and knowledge discovery. SignatureMiner is based on MinHash and regular expressions and can be used both for malware label classification and signature-based analytics. (SignatureMiner: A Fast Anti-Virus Signature Intelligence Tool - IEEE Conference Publication, 2020)

SignatureMiner is a python tool to mine information from cryptic Antivirus software signatures. It was designed to extract consensus about malware types from the outputs of Multi-scanner tools, but can be leveraged to extract (or mine) useful insights from the signatures themselves.
SignatureMiner leverages the well-known minhashing approach to cluster together tokens extracted from clean AV signatures. Those clusters have to be supervised by the user to write some regular expression rules (in python) that SignatureMiner can convert into classification directives. To do this, SignatureMiner has two components: A Miner component and an Assigner component (ignmarti/SignatureMiner, 2020)

REFERENCES
Ieeexplore.ieee.org. 2020. Signatureminer: A Fast Anti-Virus Signature Intelligence Tool - IEEE Conference Publication. [online] Available at: <https://ieeexplore.ieee.org/document/8433141> [Accessed 15 May 2020].
GitHub. 2020. Ignmarti/Signatureminer. [online] Available at: <https://github.com/ignmarti/SignatureMiner> [Accessed 15 May 2020].

Comments