Supervised detection of infected machines using anti-virus induced labels

Tomer Cohen, Danny Hendler, Dennis Potashnik

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Traditional antivirus software relies on signatures to uniquely identify malicious files. Malware writers, on the other hand, have responded by developing obfuscation techniques with the goal of evading content-based detection. A consequence of this arms race is that numerous new malware instances are generated every day, thus limiting the effectiveness of static detection approaches. For effective and timely malware detection, signature-based mechanisms must be augmented with detection approaches that are harder to evade. We introduce a novel detector that uses the information gathered by IBM’s QRadar SIEM (Security Information and Event Management) system and leverages anti-virus reports for automatically generating a labelled training set for identifying malware. Using this training set, our detector is able to automatically detect complex and dynamic patterns of suspicious machine behavior and issue high-quality security alerts. We believe that our approach can be used for providing a detection scheme that complements signature-based detection and is harder to circumvent.

Original languageAmerican English
Title of host publicationCyber Security Cryptography and Machine Learning - 1st International Conference, CSCML 2017, Proceedings
EditorsShlomi Dolev, Sachin Lodha
PublisherSpringer Verlag
Pages34-49
Number of pages16
ISBN (Print)9783319600796
DOIs
StatePublished - 1 Jan 2017
Event1st International Conference on Cyber Security Cryptography and Machine Learning, CSCML 2017 - Beer-Sheva, Israel
Duration: 29 Jun 201730 Jun 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10332 LNCS

Conference

Conference1st International Conference on Cyber Security Cryptography and Machine Learning, CSCML 2017
Country/TerritoryIsrael
CityBeer-Sheva
Period29/06/1730/06/17

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Supervised detection of infected machines using anti-virus induced labels'. Together they form a unique fingerprint.

Cite this