Open Source Insider

Apr 5 2012   7:14AM GMT

Adobe uses artificial intelligence for ‘first response’ anti-malware combat

Adrian Bridgwater Adrian Bridgwater Profile: Adrian Bridgwater


Adobe has recently unveiled a malware classification tool intended to give security research professionals and “incident first responders” a more powerful means of identifying malicious binary files.

… and it’s open source, publicly available under the BSD license.

Falling under the remit and purview of Adobe’s Product Security Incident Response Team (PSIRT) team, the Adobe Malware Classifier tool uses “machine learning algorithms” to classify and identify Win32 binaries — i.e. EXEs and DLLs — into three classes:

• 0 for “clean,”

• 1 for “malicious,”

• or “UNKNOWN.

NOTE: “machine learning algorithms” are defined in computer science as a branch of artificial intelligence (AI) whereupon a computer uses algorithmic logic to analyse raw (generally empirical) data to generate rules, laws and patterns based upon it. In a sense, the system creates its own greater version of itself over the course of its life.

Adobe security engineer Karthik Raman has explained that part of what the PSIRT team does is is respond to security incidents and sometimes this involves analysing malware.

“To make life easier, I wrote a Python tool for quick malware triage for our team. I’ve since decided to make this tool, called Adobe Malware Classifier, available to other first responders (malware analysts, IT admins and security researchers of any stripe) as an open-source tool, since you might find it equally helpful.”

The tool is available for download here from SourceForge.

Adobe dev.png

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: