Industry practitioners care about small improvements in malware detection accuracy
because their models are deployed to hundreds of millions of machines, meaning a 0.1 …

Threats towards the cyberspace have becoming more aggressive, intelligent and some
attack at real-time. These urged both researchers and practitioner to secure the cyberspace …

Similarity digests have gained popularity for many security applications like blacklisting/
whitelisting, and finding similar variants of malware. TLSH has been shown to be particularly …

Similarity hashing is an important tool for searching and analyzing malware samples which
are similar to known malware samples. Several similarity hashing schemes exist in the …

In this thesis we advance state-of-the-art of the non-metric k-NN search by carrying out an
extensive empirical evaluation (both and intrinsic) of generic methods for k-NN search. This …

Determining the family to which a malicious file belongs is an essential component of
cyberattack investigation, attribution, and remediation. Performing this task manually is time …

" Alert fatigue" is one of the biggest challenges faced by the Security Operations Center
(SOC) today, with analysts spending more than half of their time reviewing false alerts …

(57) ABSTRACT A system for evaluating files for cyber threats includes a machine learning
model and a locality sensitive hash (LSH) repository. When the machine learning model …

(57) ABSTRACT A cybersecurity server receives an executable file. The executable file is
disassembled to generate assembly code of the executable file. High-entropy blocks and …

(57) ABSTRACT A global locality sensitive hash (LSH) database stores global locality
sensitive hashes of files of different private com puter networks. Each of the private computer …