Book Review: Malware Data Science

Neural Network Learning Malware vs Benignware

“Malware Data Science: Attack Detection and Attribution” (MDS) is a book every information security professional should consider reading due to the rapid growth and variation of malware and the increasing reliance upon data science to defend information systems. Known malware executables have expanded from 1 million in 2008 to more than 700 million in 2018. Intrusion Detection Systems (IDS) are changing from signature-based systems as code packing, encryption, dynamic linking and obfuscation point security towards tools applying heuristics methods supported by data science.  This article is a summary and a review, but my primary goal is to encourage the reader to read the book and complete the activities.  If you do, I am sure that your security toolkit will be better equipped.

Overview of Malware Data Science

MDS identifies Data Science as a growing set of algorithmic tools that allow us to understand and make predictions about data using statistics, mathematics, and artful statistical data visualizations. While these terms may imply a difficult read, authors Joshua Saxe (Chief Data Scientist at Sophos) and Hillary Sanders (Infrastructure Data Science Team Lead at Sophos) equip the reader for upcoming concepts well, building upon key concepts with python code examples and walking through the code to reinforce learning. At points they identify additional resources or refer to prior chapters in a way that both supports the reader and encourages further study.

The code is downloadable from a site dedicated to MDS.  Executing the code as you read helps to learn the concepts.  I found working directly with the code itself to be surprisingly encouraging and even fun.  Of course, some of the code is malware obtained from VirusTotal or Kaspersky Labs. That code is de-fanged with some flipped (Read more...)