From the course: Machine Learning for Red Team Hackers by Infosec
Join today to access over 24,900 courses taught by industry experts.
Evading a machine learning malware classifier
From the course: Machine Learning for Red Team Hackers by Infosec
Evading a machine learning malware classifier
(gentle music) - [Instructor] My goal in this video is to be able to pass Jigsaw past Ember, to have Ember classify Jigsaw as benign. As we've seen previously, if you simply have Jigsaw as it is, then Ember will classify it as malware and will give it a score of 0.99, and perhaps a few more nines. So I would like to modify Jigsaw so that it retains its functionality, so it's still a ransomware, but reduce its score below 0.83, which is what Ember's set on for thresholding. So what I'm going to do is collect a bunch of benign samples. So I'm going to show you what they are here. And all these files are located here under benign, and these files can be easily found in a Windows VM if you simply enumerate all executables using, for instance, PowerShell or Python. So you can very easily collect these as they come with Windows. Now our plan is going to be to take code from these executables, perhaps sections, perhaps the whole thing, perhaps just the strings, and then add them into our…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.