Visible to the public Malware Defense via Download Provenance Classification


Modern malware developers make extensive use of sophisticated obfuscation tools, causing a steady decline in the detection capabilities of anti-virus (AV) file scanners. This motivates the need for new ways to detect malware without relying on the inspection of a file's content. As most modern malware are distributed through network downloads, we should aim to complement AV scanners with systems that detect malware files based on where they come from, rather than only considering how they look like.