With over thousands of new pieces of malware each day, there are a great number of analysis reports respectively including malware features such as strings, opcodes, certificates, etc.
yarGen is an open-source tool which uses naïve-Bayes-classifier, and multiple algorithms in order to classify the string and detect useful words instead of compression/encryption garbage. However, there is no solution yet to automate the generation for YARA rules for Android.
Your assignment is to perform applied research to understand how YARA rules work and how these can be implemented to work for the Android operating system. The end result should be a design and a proof of prototype that we can use for Android malware research.
- Python/NodeJS programming skills.
- Passionate in malware analysis and reverse engineering.
- Machine learning knowledge is a plus.
Keywords: YARA rules, malware analysis, reverse engineering