The proverb “Give a man a fish and you feed him for a day; teach a man to fish and you feed him for a lifetime,” is known by almost everyone. In Malware Data Science: Attack Detection and Attribution (No Starch Press 978-1-59327-859-5), authors Joshua Saxe and Hillary Sanders artfully show the reader how not only to avoid being a victim of malicious code, but how to actively defend against it, and even build your own systems to do that.
Malware is such a huge issue, that many anti-virus vendors update their signatures hourly to deal with the never-ending set of threats. The authors work at Sophos (Chief Data Scientist and Infrastructure Data Science Team Lead, respectively) and have written a highly technical and effective guide that readers can use to implement their own defensive systems.
At the start, the authors define data science as, “A growing set of algorithmic tools that allow users to understand and make predictions about data using statistics, mathematics, and artful statistical data visualizations.” The book focuses on data science as it applies to malware, which they define as, “executable programs written with malicious intent.”
The book is meant as an introduction to the use of data science to malware analysis and detection. The authors take a broad approach to the topic and discuss static malware analysis, x86 disassembly, dynamic analysis and identifying attack campaigns using malware networks. Later chapters detail how the reader can build machine learning detectors, neural network malware detector, and more.
The book is insightful for all information security professionals in general, but more specifically those who code and can read code, specifically in Python. The authors provide many code and data samples and have included all of them on the book’s web site. There the reader can also find instructions for downloading and running a VirtualBox Ubuntu virtual machine which contains the book's code, data, and all of the requisite dependencies.
The book closes with a chapter on becoming a data scientist, where the authors discuss the paths to becoming a security data scientist and a day in the life of a security data scientist. More importantly, they detail the traits of an effective security data scientist. For those looking to become a security data scientist, or just want to get a comprehensive understanding of how to use data science to deal with malicious software, Malware Data Science: Attack Detection and Attribution is a superb reference to help you get there.