EXECUTION BEHAVIOR ANALYSIS TEXT-BASED ENSEMBLE MALWARE DETECTOR

EXECUTION BEHAVIOR ANALYSIS TEXT-BASED ENSEMBLE MALWARE DETECTOR

A malware detector has been designed that uses a combination of NLP techniques on dynamic malware analysis reports for malware classification of files. The malware detector aggregates text-based features identified in different pre-processing pipelines that correspond to different types of propertie...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Hewlett II, William Redington, Rokka Chhetri, Sujit
Format: Patent
Sprache:eng ; fre ; ger
Schlagworte:
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A malware detector has been designed that uses a combination of NLP techniques on dynamic malware analysis reports for malware classification of files. The malware detector aggregates text-based features identified in different pre-processing pipelines that correspond to different types of properties of a dynamic malware analysis report. From a dynamic malware analysis report, the pre-processing pipelines of the malware detector generate a first feature set based on individual text tokens and a second feature set based on n-grams. The malware detector inputs the first feature set into a trained neural network having an embedding layer. The malware detector then extracts a dense layer from the trained neural network and aggregates the extracted layer with the second feature set to form an input for a trained boosting model. The malware detector inputs the cross-pipeline feature values into the trained boosting model to generate a malware detection output.