Article ID Journal Published Year Pages File Type
6861316 Knowledge-Based Systems 2018 34 Pages PDF
Abstract
We cluster the files population based on their locality-sensitive hash (LSH) values and analyze the resulting LSH clusters. Using ground truth labels, we identify benign and malicious clusters and analyse the differences between them in terms of the distributions of cluster-size, file download numbers and activity period, and in terms of their web domain utilization patterns. The results of this analysis are then leveraged for devising SPADE - a scalable Server-side Polymorphic mAlware DEtector that provides high-quality detection of both malicious files and malicious web domains.
Related Topics
Physical Sciences and Engineering Computer Science Artificial Intelligence
Authors
, ,