Detecting Malware Activity Using Public Search Data.

The prevalence of malware on the Internet makes malware detection vital as an early warning system for organizations’ security. This paper presents a novel approach to linking knowledge from heterogeneous and specialized datasets using a sentence embedding approach. This paper also proposes a novel approach to detect malware activity using standardized and specialized datasets and people’s search interest data. We demonstrated the detection capabilities of our approach, assessing our models using four real attack study cases. We found an increase in Google searches and probabilities of our models seven days before and after an attack occurred. In addition, the web search volume and model probabilities time series are characterized by an increase in outliers around 14 days before and after the discovery of the attack. This work should pave the path for integrating domain-specific datasets and user-generated dynamic data for detecting malware activity.