In this blog post, we will discuss how we developed a human-readable machine learning system that is able to determine whether a downloaded file is benign or malicious in nature. The development of this actionable intelligent system stemmed from the question: How can we make our knowledge about global software download events actionable? More specifically, how can we use such information to do a better job at detecting the threats posed by the large amounts of new malicious software circulating on a daily basis? In this last installment of this blog series, we will answer such questions and give a summary of what we did with the information we've obtained. Our research paper titled Exploring the Long Tail of (Malicious) Software Downloads provides a more comprehensive look into how we've gathered and analyzed our software downloads data.

Aided by machine learning, we analyzed data on 3 million software downloads from hundreds of thousands of internet-connected machines. We looked into the major domains from where different malware categories were downloaded and discussed which client applications were mostly targeted by malware infection. We also looked at code signing abuse and examined certain certification authorities that were found with certificates that were used for signing malicious code. In this blog post, we will discuss how we developed a human-readable machine learning system that is able to determine whether a downloaded file is benign or malicious in nature. The development of this actionable intelligent system stemmed from the question: How can we make our knowledge about global software download events actionable?