Reconciling malware labeling discrepancy via consensus learning

Ting Wang; Xin Hu; Shicong Meng; Reiner Sailer

doi:10.1109/ICDEW.2014.6818308

Reconciling malware labeling discrepancy via consensus learning

Ting Wang, Xin Hu, Shicong Meng, Reiner Sailer

College of Information Sciences and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Anti-virus systems developed by different vendors often demonstrate strong discrepancy in the labels they assign to given malware, which significantly hinders threat intelligence sharing. The key challenge of addressing this discrepancy stems from the difficulty of re-standardizing already-in-use systems. In this paper we explore a non-intrusive alternative. We propose to leverage the correlation between the malware labels of different anti-virus systems to create a 'consensus' classification system, through which different systems can share information without modifying their own labeling conventions. To this end, we present a novel classification integration framework Latin which exploits the correspondence between participating anti-virus systems as reflected in heterogeneous information at instance-instance, instance-class, and class-class levels. We provide results from extensive experimental studies using real datasets and concrete use cases to verify the efficacy of Latin in reconciling the malware labeling discrepancy.

Original language	English (US)
Title of host publication	2014 IEEE 30th International Conference on Data Engineering Workshops, ICDEW 2014
Publisher	IEEE Computer Society
Pages	84-89
Number of pages	6
ISBN (Print)	9781479934805
DOIs	https://doi.org/10.1109/ICDEW.2014.6818308
State	Published - 2014
Event	2014 IEEE 30th International Conference on Data Engineering Workshops, ICDEW 2014 - Chicago, IL, United States Duration: Mar 31 2014 → Apr 4 2014

Publication series

Name	Proceedings - International Conference on Data Engineering
ISSN (Print)	1084-4627

Other

Other	2014 IEEE 30th International Conference on Data Engineering Workshops, ICDEW 2014
Country/Territory	United States
City	Chicago, IL
Period	3/31/14 → 4/4/14

All Science Journal Classification (ASJC) codes

Software
Signal Processing
Information Systems

Access to Document

10.1109/ICDEW.2014.6818308

Cite this

@inproceedings{5118396d7e7a49c593601dd65ae14a7b,

title = "Reconciling malware labeling discrepancy via consensus learning",

abstract = "Anti-virus systems developed by different vendors often demonstrate strong discrepancy in the labels they assign to given malware, which significantly hinders threat intelligence sharing. The key challenge of addressing this discrepancy stems from the difficulty of re-standardizing already-in-use systems. In this paper we explore a non-intrusive alternative. We propose to leverage the correlation between the malware labels of different anti-virus systems to create a 'consensus' classification system, through which different systems can share information without modifying their own labeling conventions. To this end, we present a novel classification integration framework Latin which exploits the correspondence between participating anti-virus systems as reflected in heterogeneous information at instance-instance, instance-class, and class-class levels. We provide results from extensive experimental studies using real datasets and concrete use cases to verify the efficacy of Latin in reconciling the malware labeling discrepancy.",

author = "Ting Wang and Xin Hu and Shicong Meng and Reiner Sailer",

year = "2014",

doi = "10.1109/ICDEW.2014.6818308",

language = "English (US)",

isbn = "9781479934805",

series = "Proceedings - International Conference on Data Engineering",

publisher = "IEEE Computer Society",

pages = "84--89",

booktitle = "2014 IEEE 30th International Conference on Data Engineering Workshops, ICDEW 2014",

address = "United States",

note = "2014 IEEE 30th International Conference on Data Engineering Workshops, ICDEW 2014 ; Conference date: 31-03-2014 Through 04-04-2014",

}

Wang, T, Hu, X, Meng, S & Sailer, R 2014, Reconciling malware labeling discrepancy via consensus learning. in 2014 IEEE 30th International Conference on Data Engineering Workshops, ICDEW 2014., 6818308, Proceedings - International Conference on Data Engineering, IEEE Computer Society, pp. 84-89, 2014 IEEE 30th International Conference on Data Engineering Workshops, ICDEW 2014, Chicago, IL, United States, 3/31/14. https://doi.org/10.1109/ICDEW.2014.6818308

Reconciling malware labeling discrepancy via consensus learning. / Wang, Ting; Hu, Xin; Meng, Shicong et al.
2014 IEEE 30th International Conference on Data Engineering Workshops, ICDEW 2014. IEEE Computer Society, 2014. p. 84-89 6818308 (Proceedings - International Conference on Data Engineering).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Reconciling malware labeling discrepancy via consensus learning

AU - Wang, Ting

AU - Hu, Xin

AU - Meng, Shicong

AU - Sailer, Reiner

PY - 2014

Y1 - 2014

N2 - Anti-virus systems developed by different vendors often demonstrate strong discrepancy in the labels they assign to given malware, which significantly hinders threat intelligence sharing. The key challenge of addressing this discrepancy stems from the difficulty of re-standardizing already-in-use systems. In this paper we explore a non-intrusive alternative. We propose to leverage the correlation between the malware labels of different anti-virus systems to create a 'consensus' classification system, through which different systems can share information without modifying their own labeling conventions. To this end, we present a novel classification integration framework Latin which exploits the correspondence between participating anti-virus systems as reflected in heterogeneous information at instance-instance, instance-class, and class-class levels. We provide results from extensive experimental studies using real datasets and concrete use cases to verify the efficacy of Latin in reconciling the malware labeling discrepancy.

AB - Anti-virus systems developed by different vendors often demonstrate strong discrepancy in the labels they assign to given malware, which significantly hinders threat intelligence sharing. The key challenge of addressing this discrepancy stems from the difficulty of re-standardizing already-in-use systems. In this paper we explore a non-intrusive alternative. We propose to leverage the correlation between the malware labels of different anti-virus systems to create a 'consensus' classification system, through which different systems can share information without modifying their own labeling conventions. To this end, we present a novel classification integration framework Latin which exploits the correspondence between participating anti-virus systems as reflected in heterogeneous information at instance-instance, instance-class, and class-class levels. We provide results from extensive experimental studies using real datasets and concrete use cases to verify the efficacy of Latin in reconciling the malware labeling discrepancy.

UR - https://www.scopus.com/pages/publications/84901772299

UR - https://www.scopus.com/inward/citedby.url?scp=84901772299&partnerID=8YFLogxK

U2 - 10.1109/ICDEW.2014.6818308

DO - 10.1109/ICDEW.2014.6818308

M3 - Conference contribution

AN - SCOPUS:84901772299

SN - 9781479934805

T3 - Proceedings - International Conference on Data Engineering

SP - 84

EP - 89

BT - 2014 IEEE 30th International Conference on Data Engineering Workshops, ICDEW 2014

PB - IEEE Computer Society

T2 - 2014 IEEE 30th International Conference on Data Engineering Workshops, ICDEW 2014

Y2 - 31 March 2014 through 4 April 2014

ER -

Reconciling malware labeling discrepancy via consensus learning

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this