Attention Is All You Need for Semantics Detection:A Novel Transformer on Neural-Symbolic Approach
DAY 1
13:40-
14:20
To identify a few unique binaries even worth the effort for human experts to analyze from large-scale samples, filter techniques for excluding those highly duplicated program files are essential to reduce the human cost within a restricted period of incident response, such as auto-sandbox emulation or AI detection engine. As VirusTotal reported in 2021 ~90% of 1.5 billion samples are duplicated but still require malware experts to verify due to obfuscation.
In this work, we proposed a novel neural-network-based symbolic execution LLM, CuIDA, to simulate the analysis strategies of human experts, such as taint analysis of the Use-define chain among unknown API calls. Our method can automatically capture the contextual comprehension of API and successfully uncover those obfuscated behaviors in the most challenging detection dilemma including (a.) dynamic API solver, (b.) shellcode behavior inference, and (c.) commercial packers detection WITHOUT unpacking.
-
Location :
-
Track 1(HALL B)
-
-
Category :
-
Technical
-
-
Share :
Speakers
-
Mars Cheng
マーズ・チェン
Mars Cheng (@marscheng_) leads TXOne Networks' PSIRT and Threat Research Team as Threat Research Manager, coordinating product security initiatives and threat research efforts. He is also the Executive Director for the Association of Hackers in Taiwan (HIT/HITCON) and General Coordinator of HITCON CISO Summit 2024, facilitating collaboration between enterprises and the government to bolster the cybersecurity landscape. Mars is a frequent speaker and trainer at numerous prestigious international cybersecurity conferences and has presented over 50 times, including Black Hat USA/Europe/MEA, RSA Conference, DEF CON, CODE BLUE, FIRST, HITB, HITCON, Troopers, NOHAT, SecTor, SINCON, ROOTCON, ICS Cyber Security Conference Asia and USA, CYBERSEC, CLOUDSEC, VXCON, and many others. His expertise spans ICS/SCADA systems, malware analysis, threat intelligence and hunting, and enterprise security. Mars has made significant contributions to the cybersecurity community, including authoring more than ten CVE-IDs and publishing in three SCI journals on applied cryptography. Mars has successfully organized several past HITCON events, including HITCON CISO Summit 2023, HITCON PEACE 2022, HITCON 2021, and HITCON 2020.
-
Yi-An Lin
イーアン・リン
Yi-An Lin is currently a threat researcher at TXOne Networks Inc. Her primary responsibilities are research on attack techniques and new threats, interpreting the intentions of attacking organizations, analyzing threat intelligence and threat hunting. Yi-An graduated from the Department of Computer Science at National Yang Ming Chiao Tung University, specializing in multiple areas of artificial intelligence, such as convolutional neural networks for crowd visual semantic interpretation. She has also researched the root causes behind the AES-CFB8 cryptographic weaknesses related to CVE-2020-1472. In 2018, she studied in the Department of Electrical Engineering at The Hong Kong Polytechnic University and ventured into the field of cybersecurity by taking elective courses in the Department of Computing.
-
Sheng-Hao Ma
シェンハオ・マー
Sheng-Hao Ma (@aaaddress1) is a team lead of TXOne Networks PSIRT and threat research team, responsible for coordinating product security and threat research. With over 15 years of expertise in reverse engineering, symbolic execution, malware analysis, and machine-learning, he is also part of CHROOT, a cybersecurity community in Taiwan.
As a frequent speaker, trainer, and instructor, Sheng-Hao has contributed to numerous international conferences and organizations, including Black Hat USA, DEFCON, CODE BLUE, S4, SECTOR, HITB, VXCON, HITCON, and ROOTCON, as well as the Ministry of National Defense and the Ministry of Education. He is the author of "Windows APT Warfare:The Definitive Guide for Malware Researchers," a well-regarded cybersecurity book about reverse engineering of Windows.