UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

JABBIC Lookups: A Backend Telemetry-Based System for Malware Triage

Bordeanu, OC; Stringhini, G; Shen, Y; Davies, T; (2021) JABBIC Lookups: A Backend Telemetry-Based System for Malware Triage. In: Security and Privacy in Communication Networks. (pp. pp. 164-184). Springer: Cham, Switzerland. Green open access

[thumbnail of JABBIC - Accepted.pdf]
Preview
Text
JABBIC - Accepted.pdf - Accepted Version

Download (1MB) | Preview

Abstract

In this paper, we propose JABBIC lookups, a telemetry-based system for malware triage at the interface between proprietary reputation score systems and malware analysts. JABBIC uses file download telemetry collected from client protection solutions installed on end-hosts to determine the threat level of an unknown file based on telemetry data associated with files already known to be malign. We apply word embeddings, and semantic and relational similarities to triage potentially malign files following the intuition that, while single elements in a malware download might change over time, their context, defined as the semantic and relational properties between the different elements in a malware delivery system (e.g., servers, autonomous systems, files) does not change as fast. To this end, we show that JABBIC can leverage file download telemetry to allow security vendors to manage the collection and analysis of unknown files from remote end-hosts for timely processing by more sophisticated malware analysis systems. We test and evaluate JABBIC lookups with 33M download events collected during October 2015. We show that 85.83% of the files triaged with JABBIC lookups are part of the same malware family as their past counterpart files. We also show that, if used with proprietary reputation score systems, JABBIC can triage as malicious 55.1% of files before they are detected by VirusTotal, preceding this detection by over 20 days.

Type: Proceedings paper
Title: JABBIC Lookups: A Backend Telemetry-Based System for Malware Triage
Event: International Conference on Security and Privacy in Communication Systems
ISBN-13: 9783030900212
Open access status: An open access version is available from UCL Discovery
DOI: 10.1007/978-3-030-90022-9_9
Publisher version: https://doi.org/10.1007/978-3-030-90022-9_9
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher's terms and conditions.
UCL classification: UCL
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science
URI: https://discovery.ucl.ac.uk/id/eprint/10139729
Downloads since deposit
95Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item