Scalable Telemetry Classification for Automated Malware Detection

Stokes, Jack W.; Platt, John; Wang, Helen J.; Faulhaber, Joe; Keller, Jonathan; Marinescu, Mady; Thomas, Anil; Gheorghescu, Marius

doi:10.1007/978-3-642-33167-1_45

Cited by 5 publications

(2 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, with the pervasiveness automated malware development toolkits, code obfuscation and other concealment techniques are adopted to conduct evolutions in malicious codes so as to evade the detection 10 . Therefore, cloud‐based malware detection was presented to keep the effectiveness in performance 11 . With an inspection on signature library at the client side, reliable programs are authorized while unreliable ones are rejected.…”

Section: Related Workmentioning

confidence: 99%

“…10 Therefore, cloud-based malware detection was presented to keep the effectiveness in performance. 11 With an inspection on signature library at the client side, reliable programs are authorized while unreliable ones are rejected. At the same time, the server in cloud side makes a strategic decision on unseen programs and reaches a verdict to the clients.…”

Section: Malicious Code Detection Base On Signature Matchingmentioning

confidence: 99%

See 1 more Smart Citation

An ensemble framework for interpretable malicious code detection

Cheng

Zheng

2020

Int J of Intelligent Sys

View full text Add to dashboard Cite

Malicious code is an ever‐growing security threats to computer systems and networks, while malware detection provides effective defense against malicious codes. In this paper, a brief overview is presented on currently prevalent methods to detect malicious codes, including signature‐based methods, behavioral‐based detection and machine learning (ML) based ones. More specifically, the potentially effective malicious features are summarized and the novel methods using ML are deeply discussed. Furthermore, an ensemble interpretable framework is explored for automatic and efficient malicious code detection. Based on the knowledge graph of malware, the novel framework inclines to achieve robust malware detection even confronted with unseen malicious codes. Finally, both advantages and disadvantages are discussed and experimental results are outlined to verify the effectiveness of the novel methods.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Malicious Code Detection Base On Signature Matchingmentioning

confidence: 99%

An ensemble framework for interpretable malicious code detection

Cheng

Zheng

2020

Int J of Intelligent Sys

View full text Add to dashboard Cite

show abstract

JABBIC Lookups: A Backend Telemetry-Based System for Malware Triage

Bordeanu

Stringhini

Shen

et al. 2021

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

In this paper, we propose JABBIC lookups, a telemetrybased system for malware triage at the interface between proprietary reputation score systems and malware analysts. JABBIC uses file download telemetry collected from client protection solutions installed on endhosts to determine the threat level of an unknown file based on telemetry data associated with files already known to be malign. We apply word embeddings, and semantic and relational similarities to triage potentially malign files following the intuition that, while single elements in a malware download might change over time, their context, defined as the semantic and relational properties between the different elements in a malware delivery system (e.g., servers, autonomous systems, files) does not change as fast. To this end, we show that JABBIC can leverage file download telemetry to allow security vendors to manage the collection and analysis of unknown files from remote end-hosts for timely processing by more sophisticated malware analysis systems. We test and evaluate JABBIC lookups with 33M download events collected during October 2015. We show that 85.83% of the files triaged with JABBIC lookups are part of the same malware family as their past counterpart files. We also show that, if used with proprietary reputation score systems, JAB-BIC can triage as malicious 55.1% of files before they are detected by VirusTotal, preceding this detection by over 20 days.

show abstract

Detection of Malware using Artificial Neural Networks

Olowoyo

Owolawi

2019

2019 International Multidisciplinary Information Technology and Engineering Conference (IMITEC)

View full text Add to dashboard Cite

Scalable Telemetry Classification for Automated Malware Detection

Cited by 5 publications

References 23 publications

An ensemble framework for interpretable malicious code detection

An ensemble framework for interpretable malicious code detection

JABBIC Lookups: A Backend Telemetry-Based System for Malware Triage

Detection of Malware using Artificial Neural Networks

Contact Info

Product

Resources

About