LLMs-Driven Automated YARA Rules Generation with Explainable File Features & DNAHash
Black Hat USA 2025 · Day 1 · Briefings
Researchers from Alibaba Cloud Security introduced LMD-YARA, a four-stage framework that uses large language models (LLMs) and a novel binary hashing feature called DNAHash to automatically generate high-quality YARA rules from malware samples. Benchmarked against YARAgen and AutoYARA, LMD-YARA achieves higher detection rates and significantly lower false positive rates, while producing interpretable rules that explain why a sample was flagged. ---
AI review
Competent applied ML work on a real operational problem — automated YARA rule generation that actually outperforms the existing tools and adds behavioral explainability. The DNAHash feature is a genuine new idea. The talk is well-scoped but won't rewrite anyone's threat model.