Re-measuring the label dynamics of online anti-malware engines from millions of samples
VirusTotal is the most widely used online scanning service in both academia and industry.
However, it is known that the results returned by antivirus engines are often inconsistent and …
However, it is known that the results returned by antivirus engines are often inconsistent and …
Measuring and modeling the label dynamics of online {Anti-Malware} engines
VirusTotal provides malware labels from a large set of anti-malware engines, and is heavily
used by researchers for malware annotation and system evaluation. Since different engines …
used by researchers for malware annotation and system evaluation. Since different engines …
Benchmarking label dynamics of virustotal engines
VirusTotal is the largest online anti-malware scanning service. It is widely used by security
researchers for labeling malware data or serving as a comparison baseline. However …
researchers for labeling malware data or serving as a comparison baseline. However …
View from above: exploring the malware ecosystem from the upper DNS hierarchy
This work explores authoritative DNS (AuthDNS) as a new measurement perspective for
studying the large-scale epidemiology of the malware ecosystem—when and where …
studying the large-scale epidemiology of the malware ecosystem—when and where …
A lustrum of malware network communication: Evolution and insights
Both the operational and academic security communities have used dynamic analysis
sandboxes to execute malware samples for roughly a decade. Network information derived …
sandboxes to execute malware samples for roughly a decade. Network information derived …
Towards identifying early indicators of a malware infection
A malware goes through multiple stages in its life-cycle at the target machine before
mounting its expected attack. The entire life-cycle can span anywhere from a few weeks to …
mounting its expected attack. The entire life-cycle can span anywhere from a few weeks to …
Improving zero-day malware testing methodology using statistically significant time-lagged test samples
Enterprise networks are in constant danger of being breached by cyber-attackers, but
making the decision about what security tools to deploy to mitigate this risk requires carefully …
making the decision about what security tools to deploy to mitigate this risk requires carefully …
Investigating labelless drift adaptation for malware detection
The evolution of malware has long plagued machine learning-based detection systems, as
malware authors develop innovative strategies to evade detection and chase profits. This …
malware authors develop innovative strategies to evade detection and chase profits. This …
Waves of malice: A longitudinal measurement of the malicious file delivery ecosystem on the web
We present a longitudinal measurement of malicious file distribution on the Web. Following
a data-driven approach, we identify network infrastructures and the files that they download …
a data-driven approach, we identify network infrastructures and the files that they download …
The dropper effect: Insights into malware distribution with downloader graph analytics
Malware remains an important security threat, as miscreants continue to deliver a variety of
malicious programs to hosts around the world. At the heart of all the malware delivery …
malicious programs to hosts around the world. At the heart of all the malware delivery …