Cynomix Automatic Analysis, Clustering, and Indexing of Malware

From the description:

Malware analysts in the public and private sectors need to make sense of an ever-growing stream of malware on an ongoing basis yet the common modus operandi is to analyze each file individually, if at all.

In the current paradigm, it is difficult to quickly understand the attributes of a particular set of malware binaries and how they differ from or are similar to others in a large database, to re-use previous analyses performed on similar samples, and to collaborate with other analysts. Thus, work is carried out inefficiently and a valuable intelligence signal may be squandered.

In this webinar, you will learn about Cynomix, a web-based community malware triage tool that:

  • Creates a paradigm shift in scalable malware analysis by providing capabilities for automatic analysis, clustering, and indexing of malware
  • Uses novel machine learning and scalable search technologies
  • Provides several interactive views for exploring large data sets of malware binaries.

Visualization/analysis tool for malware. Creating a global database of malware data.

No anonymous submission of malware at present but “not keeping a lot of data” on submissions. No one asked what “not keeping a lot of data” meant exactly. There may be a gap in what is meant by and heard by as “a lot.” Currently, 35,000 instances of malware in the system. There have been as many as a million samples in the system.

Very good visualization techniques. Changes to data requests produced changes in the display of “similar” malware.

Take special note that networks/clusters change based on selection of facets. Imagine a topic map that could do the same with merging.

If you are interested in public (as opposed to secret) collecting of malware, this is an effort to support.

You can sign up for a limited beta here: http://www.cynomix.org/

I first saw this in a tweet by Rui SFDA.

PS: You do realize that contemporary governments, like other franchises, are responsible for your cyber-insecurity. Yes?

Comments are closed.