Yazan Boshmaf ; Matei Ripeanu ; Konstantin Beznosov ; Kyle Zeeuwen ; David Cornell ; Dmitry Samosseiko

05 August 2012

Abstract: We present Augur: a large-scale machine learning system that uses malware static and dynamic analyses to predict the maliciousness of new files. Unlike other machine learning-based malware detection systems, Augur utilizes existing knowledge engineering performed by analysts and uses static and dynamic file properties (called Genes and Phenoms, respectively) as prominent predictive features. Augur can be deployed along side existing detection systems (e.g., an expert system) in order to achieve faster reactions to suspicious files at the endpoint, and to automatically generate effective signatures of new, unseen before malware.

Keyword(s): Malware Detection ; Machine Learning

Published in: Yazan Boshmaf, Matei Ripeanu, Konstantin Beznosov, Kyle Zeeuwen, David Cornell, Dmitry Samosseiko. Augur: Aiding Malware Detection Using Large-Scale Machine Learning. At the Poster Session of the 21st Usenix Security Symposium, Bellevue, WA, 2012: