This is an early access version, the complete PDF, HTML, and XML versions will be available soon.
Open AccessArticle
Optimal Weighted Voting-Based Collaborated Malware Detection for Zero-Day Malware: A Case Study on VirusTotal and MalwareBazaar
by
Naonobu Okazaki
Naonobu Okazaki 1,†,
Shotaro Usuzaki
Shotaro Usuzaki 1,*,†
,
Tsubasa Waki
Tsubasa Waki 1,
Hyoga Kawagoe
Hyoga Kawagoe 1,
Mirang Park
Mirang Park 2,
Hisaaki Yamaba
Hisaaki Yamaba 1 and
Kentaro Aburada
Kentaro Aburada 1
1
Faculty of Engineering, University of Miyazaki, 1-1 Gakuen-Kibanadai-Nishi, Miyazaki-shi 889-2192, Miyazaki, Japan
2
Faculty of Information Technology, Kanagawa Institute of Technology, 1030 Shimo-Ogino, Atsugi-shi 243-0292, Kanagawa, Japan
*
Author to whom correspondence should be addressed.
†
These authors contributed equally to this work.
Future Internet 2024, 16(8), 259; https://doi.org/10.3390/fi16080259 (registering DOI)
Submission received: 4 July 2024
/
Revised: 19 July 2024
/
Accepted: 20 July 2024
/
Published: 23 July 2024
Abstract
We propose a detection system incorporating a weighted voting mechanism that reflects the vote’s reliability based on the accuracy of each detector’s examination, which overcomes the problem of cooperative detection. Collaborative malware detection is an effective strategy against zero-day attacks compared to one using only a single detector because the strategy might pick up attacks that a single detector overlooked. However, cooperative detection is still ineffective if most anti-virus engines lack sufficient intelligence to detect zero-day malware. Most collaborative methods rely on majority voting, which prioritizes the quantity of votes rather than the quality of those votes. Therefore, our study investigated the zero-day malware detection accuracy of the collaborative system that optimally rates their weight of votes based on their malware categories of expertise of each anti-virus engine. We implemented the prototype system with the VirusTotal API and evaluated the system using real malware registered in MalwareBazaar. To evaluate the effectiveness of zero-day malware detection, we measured recall using the inspection results on the same day the malware was registered in the MalwareBazaar repository. Through experiments, we confirmed that the proposed system can suppress the false negatives of uniformly weighted voting and improve detection accuracy against new types of malware.
Share and Cite
MDPI and ACS Style
Okazaki, N.; Usuzaki, S.; Waki, T.; Kawagoe, H.; Park, M.; Yamaba, H.; Aburada, K.
Optimal Weighted Voting-Based Collaborated Malware Detection for Zero-Day Malware: A Case Study on VirusTotal and MalwareBazaar. Future Internet 2024, 16, 259.
https://doi.org/10.3390/fi16080259
AMA Style
Okazaki N, Usuzaki S, Waki T, Kawagoe H, Park M, Yamaba H, Aburada K.
Optimal Weighted Voting-Based Collaborated Malware Detection for Zero-Day Malware: A Case Study on VirusTotal and MalwareBazaar. Future Internet. 2024; 16(8):259.
https://doi.org/10.3390/fi16080259
Chicago/Turabian Style
Okazaki, Naonobu, Shotaro Usuzaki, Tsubasa Waki, Hyoga Kawagoe, Mirang Park, Hisaaki Yamaba, and Kentaro Aburada.
2024. "Optimal Weighted Voting-Based Collaborated Malware Detection for Zero-Day Malware: A Case Study on VirusTotal and MalwareBazaar" Future Internet 16, no. 8: 259.
https://doi.org/10.3390/fi16080259
Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details
here.
Article Metrics
Article metric data becomes available approximately 24 hours after publication online.