Itect: Scalable information theoretic similarity for malware detection
S Bhattacharya, HD Menéndez, E Barr… - arXiv preprint arXiv …, 2016 - arxiv.org
arXiv preprint arXiv:1609.02404, 2016•arxiv.org
Malware creators have been getting their way for too long now. String-based similarity
measures can leverage ground truth in a scalable way and can operate at a level of
abstraction that is difficult to combat from the code level. We introduce ITect, a scalable
approach to malware similarity detection based on information theory. ITect targets file
entropy patterns in different ways to achieve 100% precision with 90% accuracy but it could
target 100% recall instead. It outperforms VirusTotal for precision and accuracy on combined …
measures can leverage ground truth in a scalable way and can operate at a level of
abstraction that is difficult to combat from the code level. We introduce ITect, a scalable
approach to malware similarity detection based on information theory. ITect targets file
entropy patterns in different ways to achieve 100% precision with 90% accuracy but it could
target 100% recall instead. It outperforms VirusTotal for precision and accuracy on combined …
Malware creators have been getting their way for too long now. String-based similarity measures can leverage ground truth in a scalable way and can operate at a level of abstraction that is difficult to combat from the code level. We introduce ITect, a scalable approach to malware similarity detection based on information theory. ITect targets file entropy patterns in different ways to achieve 100% precision with 90% accuracy but it could target 100% recall instead. It outperforms VirusTotal for precision and accuracy on combined Kaggle and VirusShare malware.
arxiv.org