SignatureMiner : Anti-Virus Signature Intelligence Tool
SignatureMiner, a semisupervised
security framework for Anti-Virus signatures featuring normalization,
customization, clustering and knowledge discovery. SignatureMiner is based on
MinHash and regular expressions and can be used both for malware label classification
and signature-based analytics. (SignatureMiner: A Fast Anti-Virus
Signature Intelligence Tool - IEEE Conference Publication, 2020)
SignatureMiner is a python
tool to mine information from cryptic Antivirus software signatures. It was designed
to extract consensus about malware types from the outputs of Multi-scanner
tools, but can be leveraged to extract (or mine) useful insights from the
signatures themselves.
SignatureMiner leverages the well-known
minhashing approach to cluster together tokens extracted from clean AV
signatures. Those clusters have to be supervised by the user to write some
regular expression rules (in python) that SignatureMiner can convert into
classification directives. To do this, SignatureMiner has two components: A
Miner component and an Assigner component (ignmarti/SignatureMiner, 2020)
REFERENCES
Ieeexplore.ieee.org.
2020. Signatureminer: A Fast Anti-Virus Signature Intelligence Tool - IEEE
Conference Publication. [online] Available at:
<https://ieeexplore.ieee.org/document/8433141> [Accessed 15 May 2020].
GitHub. 2020. Ignmarti/Signatureminer. [online]
Available at: <https://github.com/ignmarti/SignatureMiner> [Accessed 15
May 2020].