Multi-Criteria Clustering of Files

Master's Thesis Student: Jasnický Matúš Academic Year: 2020/2021 Supervisor: Zobal Lukáš, Ing.
Czech title
Multikriteriální shlukování souborů

This work aims to create the clustering part of a new version of the clustering tool named Clusty, which is developed by Avast Software. Clusty is a tool for automatic analysis and online clustering of all incoming samples. The most notable shortcomings are using a single criterion for clustering, vertical scalability, and lack of support for achieving high availability. Among the good features belong a good performance, interpretability of clusters' origin, and an ability to use other techniques like YARA rules.The designed tool overcome the shortcomings while keeping the features. None of the existing clustering methods is being used because none of them had satisfied the requirements. Instead, three new methods are proposed. They are based on the method in the current version of Clusty and the standard methods. The tool uses so-called rules to allow using multiple clustering methods concurrently.The clustering results can be considered better compared to the results from the current version. This work proposes a solution for the shortcomings and shows the usable clustering methods.


clustering, malware, file clustering, malware clustering, online clustering, multi-criteria clustering

Degree Programme
Reason for publication postponement

The publication of the diploma thesis is in accordance with the provision of § 47b par. 4 of the Act no. 111/1998, about universities and about the change and supplementing other laws (Higher Education Act), as amended, delayed by 3 years. The reason for the delay of the publication is the protection of intellectual property and the fact that the thesis contains business secret in the sense of the relevant provisions of the Act no. 89/2012 Coll., Civil Code.

defended, grade B
22 June 2021
