Optimal Weighted Voting-Based Collaborated Malware Detection for Zero-Day Malware: A Case Study on VirusTotal and MalwareBazaar

IF 4.6 Q2 MATERIALS SCIENCE, BIOMATERIALS

ACS Applied Bio Materials Pub Date : 2024-07-23 DOI:10.3390/fi16080259

N. Okazaki, Shotaro Usuzaki, Tsubasa Waki, Hyoga Kawagoe, Mirang Park, H. Yamaba, Kentaro Aburada

{"title":"Optimal Weighted Voting-Based Collaborated Malware Detection for Zero-Day Malware: A Case Study on VirusTotal and MalwareBazaar","authors":"N. Okazaki, Shotaro Usuzaki, Tsubasa Waki, Hyoga Kawagoe, Mirang Park, H. Yamaba, Kentaro Aburada","doi":"10.3390/fi16080259","DOIUrl":null,"url":null,"abstract":"We propose a detection system incorporating a weighted voting mechanism that reflects the vote’s reliability based on the accuracy of each detector’s examination, which overcomes the problem of cooperative detection. Collaborative malware detection is an effective strategy against zero-day attacks compared to one using only a single detector because the strategy might pick up attacks that a single detector overlooked. However, cooperative detection is still ineffective if most anti-virus engines lack sufficient intelligence to detect zero-day malware. Most collaborative methods rely on majority voting, which prioritizes the quantity of votes rather than the quality of those votes. Therefore, our study investigated the zero-day malware detection accuracy of the collaborative system that optimally rates their weight of votes based on their malware categories of expertise of each anti-virus engine. We implemented the prototype system with the VirusTotal API and evaluated the system using real malware registered in MalwareBazaar. To evaluate the effectiveness of zero-day malware detection, we measured recall using the inspection results on the same day the malware was registered in the MalwareBazaar repository. Through experiments, we confirmed that the proposed system can suppress the false negatives of uniformly weighted voting and improve detection accuracy against new types of malware.","PeriodicalId":2,"journal":{"name":"ACS Applied Bio Materials","volume":"52 3","pages":""},"PeriodicalIF":4.6000,"publicationDate":"2024-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACS Applied Bio Materials","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3390/fi16080259","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"MATERIALS SCIENCE, BIOMATERIALS","Score":null,"Total":0}

引用次数: 0

Abstract

We propose a detection system incorporating a weighted voting mechanism that reflects the vote’s reliability based on the accuracy of each detector’s examination, which overcomes the problem of cooperative detection. Collaborative malware detection is an effective strategy against zero-day attacks compared to one using only a single detector because the strategy might pick up attacks that a single detector overlooked. However, cooperative detection is still ineffective if most anti-virus engines lack sufficient intelligence to detect zero-day malware. Most collaborative methods rely on majority voting, which prioritizes the quantity of votes rather than the quality of those votes. Therefore, our study investigated the zero-day malware detection accuracy of the collaborative system that optimally rates their weight of votes based on their malware categories of expertise of each anti-virus engine. We implemented the prototype system with the VirusTotal API and evaluated the system using real malware registered in MalwareBazaar. To evaluate the effectiveness of zero-day malware detection, we measured recall using the inspection results on the same day the malware was registered in the MalwareBazaar repository. Through experiments, we confirmed that the proposed system can suppress the false negatives of uniformly weighted voting and improve detection accuracy against new types of malware.

查看原文本刊更多论文

基于加权投票的零日恶意软件协作检测：VirusTotal 和 MalwareBazaar 案例研究

我们提出了一种包含加权投票机制的检测系统，该机制根据每个检测器检查的准确性来反映投票的可靠性，从而克服了合作检测的问题。与只使用单个检测器相比，协同恶意软件检测是一种有效的零日攻击应对策略，因为该策略可能会发现单个检测器忽略的攻击。但是，如果大多数反病毒引擎缺乏足够的智能来检测零日恶意软件，那么合作检测仍然是无效的。大多数合作方法依赖于多数投票，这种方法优先考虑的是投票的数量，而不是投票的质量。因此，我们的研究调查了协作系统的零日恶意软件检测准确性，该系统根据各反病毒引擎的恶意软件类别专长，对投票的权重进行了优化评级。我们利用 VirusTotal API 实现了原型系统，并使用 MalwareBazaar 中注册的真实恶意软件对系统进行了评估。为了评估零日恶意软件检测的有效性，我们使用恶意软件在 MalwareBazaar 存储库中注册当天的检测结果来测量召回率。通过实验，我们证实所提出的系统可以抑制统一加权投票的假阴性，并提高对新型恶意软件的检测准确率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACS Applied Bio Materials Chemistry-Chemistry (all)

CiteScore

9.40

自引率

2.10%

发文量

464

期刊介绍： ACS Applied Bio Materials is an interdisciplinary journal publishing original research covering all aspects of biomaterials and biointerfaces including and beyond the traditional biosensing, biomedical and therapeutic applications. The journal is devoted to reports of new and original experimental and theoretical research of an applied nature that integrates knowledge in the areas of materials, engineering, physics, bioscience, and chemistry into important bio applications. The journal is specifically interested in work that addresses the relationship between structure and function and assesses the stability and degradation of materials under relevant environmental and biological conditions.