Abstract
An average of 560,000 new malware instances are being detected every day. Malware detection is becoming one of the biggest challenges in the field of computer security. The use of code obfuscation techniques by malicious actors is gaining popularity, further complicating the process of detection. In this paper, we introduce a lightweight obfuscated-malware detector based on machine learning that is also explainable. The proposed method, based on extreme gradient boost, employs only five features extracted from memory dumps, achieving a detection accuracy of over 99%. These five features were selected using recursive feature elimination, based on feature importance. Through testing, we demonstrated that the system was capable of detecting malware instances in just 0.413 μs. The model was explained using Shapley additive explanations.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
