Optimal Weighted Voting-Based Collaborated Malware Detection for Zero-Day Malware: A Case Study on VirusTotal and MalwareBazaar

Okazaki, Naonobu; Usuzaki, Shotaro; Waki, Tsubasa; Kawagoe, Hyoga; Park, Mirang; Yamaba, Hisaaki; Aburada, Kentaro

Optimal Weighted Voting-Based Collaborated Malware Detection for Zero-Day Malware: A Case Study on VirusTotal and MalwareBazaar

Naonobu Okazaki, Shotaro Usuzaki (), Tsubasa Waki, Hyoga Kawagoe, Mirang Park, Hisaaki Yamaba and Kentaro Aburada
Additional contact information
Naonobu Okazaki: Faculty of Engineering, University of Miyazaki, 1-1 Gakuen-Kibanadai-Nishi, Miyazaki-shi 889-2192, Miyazaki, Japan
Shotaro Usuzaki: Faculty of Engineering, University of Miyazaki, 1-1 Gakuen-Kibanadai-Nishi, Miyazaki-shi 889-2192, Miyazaki, Japan
Tsubasa Waki: Faculty of Engineering, University of Miyazaki, 1-1 Gakuen-Kibanadai-Nishi, Miyazaki-shi 889-2192, Miyazaki, Japan
Hyoga Kawagoe: Faculty of Engineering, University of Miyazaki, 1-1 Gakuen-Kibanadai-Nishi, Miyazaki-shi 889-2192, Miyazaki, Japan
Mirang Park: Faculty of Information Technology, Kanagawa Institute of Technology, 1030 Shimo-Ogino, Atsugi-shi 243-0292, Kanagawa, Japan
Hisaaki Yamaba: Faculty of Engineering, University of Miyazaki, 1-1 Gakuen-Kibanadai-Nishi, Miyazaki-shi 889-2192, Miyazaki, Japan
Kentaro Aburada: Faculty of Engineering, University of Miyazaki, 1-1 Gakuen-Kibanadai-Nishi, Miyazaki-shi 889-2192, Miyazaki, Japan

Future Internet, 2024, vol. 16, issue 8, 1-16

Abstract: We propose a detection system incorporating a weighted voting mechanism that reflects the vote’s reliability based on the accuracy of each detector’s examination, which overcomes the problem of cooperative detection. Collaborative malware detection is an effective strategy against zero-day attacks compared to one using only a single detector because the strategy might pick up attacks that a single detector overlooked. However, cooperative detection is still ineffective if most anti-virus engines lack sufficient intelligence to detect zero-day malware. Most collaborative methods rely on majority voting, which prioritizes the quantity of votes rather than the quality of those votes. Therefore, our study investigated the zero-day malware detection accuracy of the collaborative system that optimally rates their weight of votes based on their malware categories of expertise of each anti-virus engine. We implemented the prototype system with the VirusTotal API and evaluated the system using real malware registered in MalwareBazaar. To evaluate the effectiveness of zero-day malware detection, we measured recall using the inspection results on the same day the malware was registered in the MalwareBazaar repository. Through experiments, we confirmed that the proposed system can suppress the false negatives of uniformly weighted voting and improve detection accuracy against new types of malware.

Keywords: malware detection; collaborative security; VirusTotal; MalwareBazaar (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2024
References: View references in EconPapers View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/16/8/259/pdf (application/pdf)
https://www.mdpi.com/1999-5903/16/8/259/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:16:y:2024:i:8:p:259-:d:1441218

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().