Abstract
As the malware menace exacerbates, dynamic malware detection (DMD) has become even more critical. In this paper, we present a machine-learning-based DMD technique. We propose generating node embedding features (NEFs) from process execution chains. We use NEFs and other features based on the command line, file path, and action taken by a process and feed them to our machine learning (ML) classification algorithms. We evaluated two ML classifiers, viz., light gradient boosting machine (LGBM) and XGBoost. We perform experiments on a real-world dataset provided by a leading anti-virus company. Our technique achieves high accuracy, and the use of NEFs improves the predictive performance of ML classification algorithms. Also, NEFs are found to be highly important in both these algorithms.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
