Marmite: Spreading malicious file reputation through download graphs

Gianluca Stringhini, Yun Shen, Yufei Han, Xiangliang Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

23 Scopus citations

Abstract

Effective malware detection approaches need not only high accuracy, but also need to be robust to changes in the modus operandi of criminals. In this paper, we propose Marmite, a feature-Agnostic system that aims at propagating known malicious reputation of certain files to unknown ones with the goal of detecting malware. Marmite does this by looking at a graph that encapsulates a comprehensive view of how files are downloaded (by which hosts and from which servers) on a global scale. The reputation of files is then propagated across the graph using semi-supervised label propagation with Bayesian confidence. We show that Marmite is able to reach high accuracy (0.94 G-mean on average) over a 10-day dataset of 200 million download events. We also demonstrate that Marmite's detection capabilities do not significantly degrade over time, by testing our system on a 30-day dataset of 660 million download events collected six months after the system was tuned and validated. Marmite still maintains a similar accuracy after this period of time.

Original languageEnglish (US)
Title of host publicationProceedings - 33rd Annual Computer Security Applications Conference, ACSAC 2017
PublisherAssociation for Computing Machinery (ACM)
Pages91-102
Number of pages12
ISBN (Electronic)9781450353458
DOIs
StatePublished - Dec 4 2017
Event33rd Annual Computer Security Applications Conference, ACSAC 2017 - Orlando, United States
Duration: Dec 4 2017Dec 8 2017

Publication series

NameACM International Conference Proceeding Series
VolumePart F132521

Conference

Conference33rd Annual Computer Security Applications Conference, ACSAC 2017
Country/TerritoryUnited States
CityOrlando
Period12/4/1712/8/17

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Marmite: Spreading malicious file reputation through download graphs'. Together they form a unique fingerprint.

Cite this