A SelfLearning AV Scanner

Download Now Free registration required

Executive Summary

The nonzero "Response Time" of AV technologies offers a lacuna for hackers to exploit. By the time an AV company responds with a signature to detect a malicious sample, a hacker may release thousands of new variants. The authors present a self-learning AV scanner that effectively zeroes the response time needed to detect variants. The scanner uses methods from information retrieval research to determine whether a suspected sample is a variant of existing, known variant using an inexact match approach. The system is self-learning in that it is trained initially on known malicious samples in the AV research lab, but in the simplest case the knowledge base is not updated automatically.

  • Format: PDF
  • Size: 365.4 KB