| Presentation | 2021-03-02 Evaluation of Uncertain Reports by Multiple Anti-virus Engines Kazuya Nomura, Mistuaki Akiyama, Masaki Kamizono, Takahiro Kasama, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | VirusTotal is an online service that provides detection results from multiple anti-virus engines. It is used in a wide range of applications such as corporate security operations and labeling of malware data for research. However, the detection results of anti-virus engines do not always provide correct information, especially for malware that has not yet been sufficiently analyzed, and the detection results may change over time. Also, since each anti-virus engine may miss malware or detect legitimate files incorrectly, it is necessary to understand and consider the uncertainty of detection results when using VirusTotal. In this study, we collected the detection results of 2,037 malware that registered in VirusTotal over a period of four months (301,685 reports in total) and analyzed these long-term detection results to understand the change in the number of detections over time. Through this analysis, we evaluate the uncertainty of detection results. Furthermore, based on the results, we propose a method to obtain threat information from VirusTotal more accurately and efficiently. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | VirusTotal / Malware / Anti-virus Engines |
| Paper # | ICSS2020-56 |
| Date of Issue | 2021-02-22 (ICSS) |
| Conference Information | |
| Committee | ICSS / IPSJ-SPT |
|---|---|
| Conference Date | 2021/3/1(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Online |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Security, Trust, etc. |
| Chair | Hiroki Takakura(NII) |
| Vice Chair | Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
| Secretary | Katsunari Yoshioka(NICT) / Kazunori Kamiya(KDDI labs.) |
| Assistant | Keisuke Kito(Mitsubishi Electric) / Toshihiro Yamauchi(Okayama Univ.) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Evaluation of Uncertain Reports by Multiple Anti-virus Engines |
| Sub Title (in English) | |
| Keyword(1) | VirusTotal |
| Keyword(2) | Malware |
| Keyword(3) | Anti-virus Engines |
| 1st Author's Name | Kazuya Nomura |
| 1st Author's Affiliation | Waseda University(Waseda Univ.) |
| 2nd Author's Name | Mistuaki Akiyama |
| 2nd Author's Affiliation | NTT Secure Platform Laboratories(NTT) |
| 3rd Author's Name | Masaki Kamizono |
| 3rd Author's Affiliation | Deloitte Tohmatsu Cyber LLC(Deloitte Tohmatsu Cyber LLC) |
| 4th Author's Name | Takahiro Kasama |
| 4th Author's Affiliation | National Institute of Information and Communications Technology(NICT) |
| Date | 2021-03-02 |
| Paper # | ICSS2020-56 |
| Volume (vol) | vol.120 |
| Number (no) | ICSS-384 |
| Page | pp.pp.178-183(ICSS), |
| #Pages | 6 |
| Date of Issue | 2021-02-22 (ICSS) |