基于节点嵌入特征的机器学习动态恶意软件检测技术

2022 IEEE Conference on Dependable and Secure Computing (DSC) Pub Date : 2022-06-22 DOI:10.1109/DSC54232.2022.9888836

Sudhir Kumar Rai, Ashish R. Mittal, Sparsh Mittal

{"title":"基于节点嵌入特征的机器学习动态恶意软件检测技术","authors":"Sudhir Kumar Rai, Ashish R. Mittal, Sparsh Mittal","doi":"10.1109/DSC54232.2022.9888836","DOIUrl":null,"url":null,"abstract":"As the malware menace exacerbates, dynamic malware detection (DMD) has become even more critical. In this paper, we present a machine-learning-based DMD technique. We propose generating node embedding features (NEFs) from process execution chains. We use NEFs and other features based on the command line, file path, and action taken by a process and feed them to our machine learning (ML) classification algorithms. We evaluated two ML classifiers, viz., light gradient boosting machine (LGBM) and XGBoost. We perform experiments on a real-world dataset provided by a leading anti-virus company. Our technique achieves high accuracy, and the use of NEFs improves the predictive performance of ML classification algorithms. Also, NEFs are found to be highly important in both these algorithms.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A Node-Embedding Features Based Machine Learning Technique for Dynamic Malware Detection\",\"authors\":\"Sudhir Kumar Rai, Ashish R. Mittal, Sparsh Mittal\",\"doi\":\"10.1109/DSC54232.2022.9888836\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As the malware menace exacerbates, dynamic malware detection (DMD) has become even more critical. In this paper, we present a machine-learning-based DMD technique. We propose generating node embedding features (NEFs) from process execution chains. We use NEFs and other features based on the command line, file path, and action taken by a process and feed them to our machine learning (ML) classification algorithms. We evaluated two ML classifiers, viz., light gradient boosting machine (LGBM) and XGBoost. We perform experiments on a real-world dataset provided by a leading anti-virus company. Our technique achieves high accuracy, and the use of NEFs improves the predictive performance of ML classification algorithms. Also, NEFs are found to be highly important in both these algorithms.\",\"PeriodicalId\":368903,\"journal\":{\"name\":\"2022 IEEE Conference on Dependable and Secure Computing (DSC)\",\"volume\":\"52 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-06-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE Conference on Dependable and Secure Computing (DSC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DSC54232.2022.9888836\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSC54232.2022.9888836","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

随着恶意软件威胁的加剧，动态恶意软件检测(DMD)变得更加关键。在本文中，我们提出了一种基于机器学习的DMD技术。我们提出从过程执行链中生成节点嵌入特征(nef)。我们基于命令行、文件路径和进程所采取的动作使用nef和其他特征，并将它们提供给我们的机器学习(ML)分类算法。我们评估了两个ML分类器，即光梯度增强机(LGBM)和XGBoost。我们在一家领先的反病毒公司提供的真实数据集上进行实验。我们的技术达到了很高的准确率，并且nef的使用提高了ML分类算法的预测性能。此外，nef在这两种算法中都非常重要。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Node-Embedding Features Based Machine Learning Technique for Dynamic Malware Detection

As the malware menace exacerbates, dynamic malware detection (DMD) has become even more critical. In this paper, we present a machine-learning-based DMD technique. We propose generating node embedding features (NEFs) from process execution chains. We use NEFs and other features based on the command line, file path, and action taken by a process and feed them to our machine learning (ML) classification algorithms. We evaluated two ML classifiers, viz., light gradient boosting machine (LGBM) and XGBoost. We perform experiments on a real-world dataset provided by a leading anti-virus company. Our technique achieves high accuracy, and the use of NEFs improves the predictive performance of ML classification algorithms. Also, NEFs are found to be highly important in both these algorithms.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2022 IEEE Conference on Dependable and Secure Computing (DSC)

自引率

0.00%

发文量