Co-similar malware infection patterns as a predictor of future risk

Amir Yavneh, Roy Lothan, Dan Yamin*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

2 Scopus citations


The internet is flooded with malicious content that can come in various forms and lead to information theft and monetary losses. From the ISP to the browser itself, many security systems act to defend the user from such content. However, most systems have at least one of three major limitations: 1) they are not personalized and do not account for the differences between users, 2) their defense mechanism is reactive and unable to predict upcoming attacks, and 3) they extensively track and use the user's activity, thereby invading her privacy in the process. We developed a methodological framework to predict future exposure to malicious content. Our framework accounts for three factors-the user's previous exposure history, her co-similarity to other users based on their previous exposures in a conceptual network, and how the network evolves. Utilizing over 20,000 users' browsing data, our approach succeeds in achieving accurate results on the infection-prone portion of the population, surpassing common methods, and doing so with as little as 1/1000 of the personal information it requires.

Original languageEnglish
Article numbere0249273
JournalPLoS ONE
Issue number3 March
StatePublished - Mar 2021


FundersFunder number
Check Point Institute for Information Security
Koret Foundation


    Dive into the research topics of 'Co-similar malware infection patterns as a predictor of future risk'. Together they form a unique fingerprint.

    Cite this