Examples of techniques for discriminant power based threat detection are described herein. An aspect includes identifying a plurality of detector names associated with an indicator of compromise, wherein each of the plurality of detector names has a respective associated discriminant power. Another aspect includes determining a plurality of malware families, wherein each malware family of the plurality of malware families is linked to at least one detector name of the plurality of detector names. Another aspect includes, for each malware family of the plurality of malware families, determining a sum of the associated discriminant power of any detector names that are linked to the malware family. Another aspect includes determining that the indicator of compromise belongs to a malware family of the plurality of malware families that has a highest sum.