Annual Computer Security Applications Conference (ACSAC) 2017

Full Program »

Marmite: Spreading Malicious File Reputation Through Download Graphs

Effective malware detection approaches need not only high accuracy, but also need to be robust to changes in the modus operandi of criminals. In this paper, we propose Marmite, a feature-agnostic system that aims at propagating known malicious reputation of certain les to unknown ones with the goal of detecting malware. Marmite does this by looking at a graph that encapsulates a comprehensive view of how les are downloaded (by which hosts and from which servers) on a global scale. e reputation of les is then propagated across the graph using semi-supervised label prop- agation with Bayesian con dence. We show that Marmite is able to reach high accuracy (0.94 G-mean on average) over a 10-day dataset of 200 million download events. We also demonstrate that Marmite’s detection capabilities do not signi cantly degrade over time, by testing our system on a 30-day dataset of 660 million download events collected six months a er the system was tuned and validated. Marmite still maintains a similar accuracy a er this period of time.

Gianluca Stringhini
UCL
United Kingdom

Yun Shen
SRL
United Kingdom

yufei han
SRL
France

xiangliang zhang
KAUST
Saudi Arabia

 

Powered by OpenConf®
Copyright©2002-2017 Zakon Group LLC