We present Augur: a large-scale machine learning system that uses malware static and dynamic analyses to predict the maliciousness of new files. Unlike other machine learning-based malware detection systems, Augur utilizes existing knowledge engineering performed by analysts and uses static and dynamic file properties (called Genes and Phenoms, respectively) as prominent predictive features. Augur can be deployed along side existing detection systems (e.g., an expert system) in order to achieve faster reactions to suspicious files at the endpoint, and to automatically generate effective signatures of new, unseen before malware.
↧