Handle URI:
http://hdl.handle.net/10754/626759
Title:
Marmite
Authors:
Stringhini, Gianluca; Shen, Yun; Han, Yufei; Zhang, Xiangliang ( 0000-0002-3574-5665 )
Abstract:
Effective malware detection approaches need not only high accuracy, but also need to be robust to changes in the modus operandi of criminals. In this paper, we propose Marmite, a feature-Agnostic system that aims at propagating known malicious reputation of certain files to unknown ones with the goal of detecting malware. Marmite does this by looking at a graph that encapsulates a comprehensive view of how files are downloaded (by which hosts and from which servers) on a global scale. The reputation of files is then propagated across the graph using semi-supervised label propagation with Bayesian confidence. We show that Marmite is able to reach high accuracy (0.94 G-mean on average) over a 10-day dataset of 200 million download events. We also demonstrate that Marmite's detection capabilities do not significantly degrade over time, by testing our system on a 30-day dataset of 660 million download events collected six months after the system was tuned and validated. Marmite still maintains a similar accuracy after this period of time.
KAUST Department:
Computer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division; Computer Science Program
Citation:
Stringhini G, Shen Y, Han Y, Zhang X (2017) Marmite. Proceedings of the 33rd Annual Computer Security Applications Conference on - ACSAC 2017. Available: http://dx.doi.org/10.1145/3134600.3134604.
Publisher:
ACM Press
Journal:
Proceedings of the 33rd Annual Computer Security Applications Conference on - ACSAC 2017
Conference/Event name:
33rd Annual Computer Security Applications Conference, ACSAC 2017
Issue Date:
4-Dec-2017
DOI:
10.1145/3134600.3134604
Type:
Conference Paper
Sponsors:
We would like to thank the anonymous reviewers for their feedback, and our shepherd Christian Rossow for his help in improving the final version of this paper. This work was supported by UCL through a BEAMS Future Leaders in Engineering and Physical Sciences Award and by the EPSRC under grant EP/N008448/1.
Additional Links:
https://dl.acm.org/citation.cfm?doid=3134600.3134604
Appears in Collections:
Conference Papers; Computer Science Program; Computer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division

Full metadata record

DC FieldValue Language
dc.contributor.authorStringhini, Gianlucaen
dc.contributor.authorShen, Yunen
dc.contributor.authorHan, Yufeien
dc.contributor.authorZhang, Xiangliangen
dc.date.accessioned2018-01-15T06:10:40Z-
dc.date.available2018-01-15T06:10:40Z-
dc.date.issued2017-12-04en
dc.identifier.citationStringhini G, Shen Y, Han Y, Zhang X (2017) Marmite. Proceedings of the 33rd Annual Computer Security Applications Conference on - ACSAC 2017. Available: http://dx.doi.org/10.1145/3134600.3134604.en
dc.identifier.doi10.1145/3134600.3134604en
dc.identifier.urihttp://hdl.handle.net/10754/626759-
dc.description.abstractEffective malware detection approaches need not only high accuracy, but also need to be robust to changes in the modus operandi of criminals. In this paper, we propose Marmite, a feature-Agnostic system that aims at propagating known malicious reputation of certain files to unknown ones with the goal of detecting malware. Marmite does this by looking at a graph that encapsulates a comprehensive view of how files are downloaded (by which hosts and from which servers) on a global scale. The reputation of files is then propagated across the graph using semi-supervised label propagation with Bayesian confidence. We show that Marmite is able to reach high accuracy (0.94 G-mean on average) over a 10-day dataset of 200 million download events. We also demonstrate that Marmite's detection capabilities do not significantly degrade over time, by testing our system on a 30-day dataset of 660 million download events collected six months after the system was tuned and validated. Marmite still maintains a similar accuracy after this period of time.en
dc.description.sponsorshipWe would like to thank the anonymous reviewers for their feedback, and our shepherd Christian Rossow for his help in improving the final version of this paper. This work was supported by UCL through a BEAMS Future Leaders in Engineering and Physical Sciences Award and by the EPSRC under grant EP/N008448/1.en
dc.publisherACM Pressen
dc.relation.urlhttps://dl.acm.org/citation.cfm?doid=3134600.3134604en
dc.rightsArchived with thanks to Proceedings of the 33rd Annual Computer Security Applications Conference on - ACSAC 2017en
dc.titleMarmiteen
dc.typeConference Paperen
dc.contributor.departmentComputer, Electrical and Mathematical Sciences and Engineering (CEMSE) Divisionen
dc.contributor.departmentComputer Science Programen
dc.identifier.journalProceedings of the 33rd Annual Computer Security Applications Conference on - ACSAC 2017en
dc.conference.date2017-12-04 to 2017-12-08en
dc.conference.name33rd Annual Computer Security Applications Conference, ACSAC 2017en
dc.conference.locationOrlando, FL, USAen
dc.eprint.versionPublisher's Version/PDFen
dc.contributor.institutionUniversity College Londonen
dc.contributor.institutionSymantec Research Labsen
kaust.authorZhang, Xiangliangen
All Items in KAUST are protected by copyright, with all rights reserved, unless otherwise indicated.