Valkyrie: Behavioral malware detection using global kernel-level telemetry data

The growth in malware remains a major challenge to Internet security. In this paper, we present Valkyrie, a classification system that is able to identify malicious binaries purely based on behavioral traits gathered from large-scale telemetry submitted by endhosts using a lightweight sensor component. Valkyrie utilizes the Apache Spark data processing framework and is therefore able to process a large volume of real-world data in a short amount of time. In addition, since Valkyrie conducts all its heavy computation in the cloud, it therefore imposes minimal load on endpoints. Valkyrie achieves high confidence predictions at a very low false positive rate, making it a suitable solution for use with production systems.