Article ID | Journal | Published Year | Pages | File Type |
---|---|---|---|---|
6861316 | Knowledge-Based Systems | 2018 | 34 Pages |
Abstract
We cluster the files population based on their locality-sensitive hash (LSH) values and analyze the resulting LSH clusters. Using ground truth labels, we identify benign and malicious clusters and analyse the differences between them in terms of the distributions of cluster-size, file download numbers and activity period, and in terms of their web domain utilization patterns. The results of this analysis are then leveraged for devising SPADE - a scalable Server-side Polymorphic mAlware DEtector that provides high-quality detection of both malicious files and malicious web domains.
Related Topics
Physical Sciences and Engineering
Computer Science
Artificial Intelligence
Authors
Yehonatan Cohen, Danny Hendler,