2022
DOI: 10.48550/arxiv.2205.13155
|View full text |Cite
Preprint
|
Sign up to set email alerts
|

A Large Scale Study and Classification of VirusTotal Reports on Phishing and Malware URLs

Abstract: VirusTotal (VT) provides aggregated threat intelligence on various entities including URLs, IP addresses, and binaries. It is widely used by researchers and practitioners to collect ground truth and evaluate the maliciousness of entities. In this work, we provide a comprehensive analysis of VT URL scanning reports containing the results of 95 scanners for 1.577 Billion URLs over two years. Individual VT scanners are known to be noisy in terms of their detection and attack type classification. To obtain high qu… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1

Citation Types

0
1
0
1

Year Published

2023
2023
2024
2024

Publication Types

Select...
1
1

Relationship

0
2

Authors

Journals

citations
Cited by 2 publications
(2 citation statements)
references
References 26 publications
(44 reference statements)
0
1
0
1
Order By: Relevance
“…The resulting hash values were retained for reference throughout the study, allowing for the precise identification and evaluation of individual files within the context of malware analysis and geospatial visualization. VirusTotal plays a pivotal role in assessing the potential threat level of the extracted files [10]. VirusTotal, a widely recognized online service, offers a robust platform for malware analysis by subjecting files to scrutiny by multiple antivirus engines.…”
Section: Methodsmentioning
confidence: 99%
“…The resulting hash values were retained for reference throughout the study, allowing for the precise identification and evaluation of individual files within the context of malware analysis and geospatial visualization. VirusTotal plays a pivotal role in assessing the potential threat level of the extracted files [10]. VirusTotal, a widely recognized online service, offers a robust platform for malware analysis by subjecting files to scrutiny by multiple antivirus engines.…”
Section: Methodsmentioning
confidence: 99%
“…O segundo desafio da rotulagem é a interpretação dos resultados da verificação do VirusTotal para determinar se uma amostra é maligna ou benigna. A maioria dos trabalhos (e.g, [Wei et al, 2017, Zhu et al, 2020) simplesmente define um threshold de scanners positivos (e.g., 2, 4, 8, 10) a partir de premissas e hipóteses informais [Choo et al, 2022]. Embora não haja consenso sobre o número ideal do threshold, pequenos limiares como 1 ou 2 têm sido utilizados com alguma frequência [Wang et al, 2018, Zhu et al, 2020.…”
Section: Introductionunclassified