Adobe uses artificial intelligence for 'first response' anti-malware combat

Adobe has recently unveiled a malware classification tool intended to give security research professionals and “incident first responders” a more powerful means of identifying malicious binary files.

Download this free guide

UK IT Priorities 2018 survey results

Download this e-guide to discover the results of our 2018 UK IT Priorities survey, where IT leaders shared with us what they are going to be investing in over the coming 12 months.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

• • I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

  Please check the box if you want to proceed.

• • I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

  Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

… and it’s open source, publicly available under the BSD license.

Falling under the remit and purview of Adobe’s Product Security Incident Response Team (PSIRT) team, the Adobe Malware Classifier tool uses “machine learning algorithms” to classify and identify Win32 binaries — i.e. EXEs and DLLs — into three classes:

• 0 for “clean,”

• 1 for “malicious,”

• or “UNKNOWN.

NOTE: “machine learning algorithms” are defined in computer science as a branch of artificial intelligence (AI) whereupon a computer uses algorithmic logic to analyse raw (generally empirical) data to generate rules, laws and patterns based upon it. In a sense, the system creates its own greater version of itself over the course of its life.

Adobe security engineer Karthik Raman has explained that part of what the PSIRT team does is is respond to security incidents and sometimes this involves analysing malware.

“To make life easier, I wrote a Python tool for quick malware triage for our team. I’ve since decided to make this tool, called Adobe Malware Classifier, available to other first responders (malware analysts, IT admins and security researchers of any stripe) as an open-source tool, since you might find it equally helpful.”

The tool is available for download here from SourceForge.