Sumav: Fully automated malware labeling

Sangwon Kim; Wookhyun Jung; KyungMin Lee; HyungGeun Oh; Eui Tak Kim

ICT Express (Dec 2022)

Sumav: Fully automated malware labeling

Sangwon Kim,
Wookhyun Jung,
KyungMin Lee,
HyungGeun Oh,
Eui Tak Kim

Affiliations

Sangwon Kim: Data Intelligence Lab, ESTsecurity, Seoul, Republic of Korea
Wookhyun Jung: Data Intelligence Lab, ESTsecurity, Seoul, Republic of Korea
KyungMin Lee: Data Intelligence Lab, ESTsecurity, Seoul, Republic of Korea
HyungGeun Oh: National Security Research Institute, Daejeon, Republic of Korea
Eui Tak Kim: Data Intelligence Lab, ESTsecurity, Seoul, Republic of Korea; Corresponding author.

Journal volume & issue: Vol. 8, no. 4
pp. 530 – 538

Abstract

Read online

Multiple AV engines are used to ensure more effective system protection against malicious files. These AV engines are capable of distinguishing between benign and malicious files, but even if a file of interest is proven to be malicious, it is still necessary to refer to a list of AV labels provided by each AV engine to determine what family name the malicious file belongs to. However, oftentimes, such AV labels lack a consistent naming scheme, and even family names differ from one AV engine to another.The present study presents Sumav, a fully automated labeling tool that assigns each file a family name based on AV labels. According to previous studies, such a task required prior knowledge or malicious file datasets that had already been labeled. In contrast, Sumav can assign family names with only the AV labels. This system also requires no maintenance and can provide high-quality labeling performance even if sudden changes have been made to the AV label system.

Published in ICT Express

ISSN: 2405-9595 (Online)
Publisher: Elsevier
Country of publisher: Netherlands
LCC subjects: Technology: Technology (General): Industrial engineering. Management engineering: Information technology
Website: http://www.journals.elsevier.com/ict-express/

About the journal

Abstract

Keywords