A ML-Driven Pipeline for Automated YARA Rule Extraction and Malware Detection
摘要
In an era of rapidly evolving cyber threats, the ability to accurately detect and classify malicious software has become a critical component of modern cybersecurity operations. YARA, a rule-based pattern matching tool, has established itself as a fundamental asset in malware analysis, threat hunting, and incident response workflows. Notably, YARA rules are authored by experienced security professionals, making them a reliable and valuable source of intelligence for training machine learning models. These rules are continuously updated or newly generated as emerging malware strains are discovered, ensuring they remain aligned with the evolving threat landscape. This work proposes a dynamic integration of established malware datasets, such as EMBER, with information automatically extracted from YARA rules to enhance malware detection strategies using machine learning algorithms. The study further investigates how the conditions embedded within YARA rules can be strategically leveraged to generate enriched datasets, dynamically producing additional entries sourced from public platforms like GitHub repositories. Additionally, when malware family identifiers are explicitly mentioned within YARA rules, these labels are extracted and incorporated into classification models, providing critical context for supervised learning processes. All these processes are orchestrated within a fully automated pipeline, enabling continuous, intelligent data enrichment. By harvesting essential detection features such as unique signatures, string patterns, and logical conditions, this methodology aims to enhance malware detection capabilities and strengthen proactive cybersecurity defences.