RevMatch: An efficient and robust decision model for collaborative malware detection

This work falls in the area of collaborative malware detection systems which rely on expertise and knowledge from multiple different antivirus software for malware detection. A critical component of such systems is the collaborative malware detection decision process. In this paper, we propose a novel decision model, RevMatch, where collaborative malware decisions are made based on labeled malware detection history from participating antiviruses. We evaluate our proposal using real-world malware data sets and demonstrate that collaborative malware detection techniques can improve the malware detection accuracy compared to using a single albeit the best antivirus. Moreover, we demonstrate how RevMatch outperforms all other existing collaborative decision models in terms of detection accuracy while being computationally efficient and robust against various malicious insider attacks.