@inproceedings{1c9a3196021543c0a9a04326ae7621f5,
title = "Supervised detection of infected machines using anti-virus induced labels",
abstract = "Traditional antivirus software relies on signatures to uniquely identify malicious files. Malware writers, on the other hand, have responded by developing obfuscation techniques with the goal of evading content-based detection. A consequence of this arms race is that numerous new malware instances are generated every day, thus limiting the effectiveness of static detection approaches. For effective and timely malware detection, signature-based mechanisms must be augmented with detection approaches that are harder to evade. We introduce a novel detector that uses the information gathered by IBM{\textquoteright}s QRadar SIEM (Security Information and Event Management) system and leverages anti-virus reports for automatically generating a labelled training set for identifying malware. Using this training set, our detector is able to automatically detect complex and dynamic patterns of suspicious machine behavior and issue high-quality security alerts. We believe that our approach can be used for providing a detection scheme that complements signature-based detection and is harder to circumvent.",
author = "Tomer Cohen and Danny Hendler and Dennis Potashnik",
note = "Publisher Copyright: {\textcopyright} Springer International Publishing AG 2017.; 1st International Conference on Cyber Security Cryptography and Machine Learning, CSCML 2017 ; Conference date: 29-06-2017 Through 30-06-2017",
year = "2017",
month = jan,
day = "1",
doi = "https://doi.org/10.1007/978-3-319-60080-2_3",
language = "American English",
isbn = "9783319600796",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "34--49",
editor = "Shlomi Dolev and Sachin Lodha",
booktitle = "Cyber Security Cryptography and Machine Learning - 1st International Conference, CSCML 2017, Proceedings",
address = "Germany",
}