Loading...
Paper Type
ERF
Description
In the field of cybersecurity, antivirus vendors produce malware labels, known as AV labels, to categorize malware samples based on their behavior. Such labels are used by researchers for future analysis. Unfortunately, their inconsistent format and naming cause clutter and reduce trustworthiness because the naming was based on each antivirus vendor's viewpoints. Previous approaches to solving this problem have relied on majority voting, but this method is prone to bias. To address this issue, we introduce a novel scoring system, the Pairwise Consensus Score (PCS), which scores the result by labeling logic instead of the cacophonous labels. Our consensus reaching method then uses PCS and a Genetic Algorithm to find the best label to represent the malware. The entire process clusters and rename malware samples based on the agreement among different antivirus vendors providing more consistent and trustworthy AV labels for malware samples.
Paper Number
1916
Recommended Citation
Hsiao, Shun-Wen and Wang, Shih-Yu, "A Genetic Algorithm Based Consensus Reaching Method on Malware Labels" (2023). AMCIS 2023 Proceedings. 16.
https://aisel.aisnet.org/amcis2023/sig_aiaa/sig_aiaa/16
A Genetic Algorithm Based Consensus Reaching Method on Malware Labels
In the field of cybersecurity, antivirus vendors produce malware labels, known as AV labels, to categorize malware samples based on their behavior. Such labels are used by researchers for future analysis. Unfortunately, their inconsistent format and naming cause clutter and reduce trustworthiness because the naming was based on each antivirus vendor's viewpoints. Previous approaches to solving this problem have relied on majority voting, but this method is prone to bias. To address this issue, we introduce a novel scoring system, the Pairwise Consensus Score (PCS), which scores the result by labeling logic instead of the cacophonous labels. Our consensus reaching method then uses PCS and a Genetic Algorithm to find the best label to represent the malware. The entire process clusters and rename malware samples based on the agreement among different antivirus vendors providing more consistent and trustworthy AV labels for malware samples.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIG AIAA