Carnegie Mellon University
The authors present polonium, a novel Symantec technology that detects malware through large-scale graph inference. Based on the scalable belief propagation algorithm, polonium infers every file's reputation, flagging les with low reputation as malware. They evaluated Polonium with a billion-node graph constructed from the largest le submissions dataset ever published (60 terabytes). Polonium attained a high true positive rate of 87% in detecting malware; in the field, polonium lifted the detection rate of existing methods by 10 absolute percentage points.