XMal: A lightweight memory-based explainable obfuscated-malware detector
Figure: Overview of Proposed System
Summary
An average of 560,000 new malware instances are being detected every day. Malware detection is becoming one of the biggest challenges in the field of computer security. The use of code obfuscation techniques by malicious actors is gaining popularity, further complicating the process of detection. In this paper, we introduce a lightweight obfuscated-malware detector based on machine learning that is also explainable. The proposed method, based on extreme gradient boost, employs only five features extracted from memory dumps, achieving a detection accuracy of over 99%. These five features were selected using recursive feature elimination, based on feature importance. Through testing, we demonstrated that the system was capable of detecting malware instances in just 0.413 μs. The model was explained using Shapley additive explanations.
Keywords
Malware; Obfuscated malware; Malware detection; Machine learning; Explainable machine learning
Links
References
| APA | Alani, M. M., Mashatan, A., & Miri, A. (2023). XMal: A Lightweight Memory-Based Explainable Obfuscated-Malware Detector. Computers & Security, 103409. |
|---|---|
| BibTeX | @article{alani2023xmal, title={XMal: A Lightweight Memory-Based Explainable Obfuscated-Malware Detector}, author={Alani, Mohammed M and Mashatan, Atefeh and Miri, Ali}, journal={Computers \& Security}, pages={103409}, year={2023}, publisher={Elsevier} } |
| DOI | https://doi.org/10.1016/j.cose.2023.103409 (external link) |
| IEEE | M. M. Alani, A. Mashatan, and A. Miri, “XMal: A lightweight memory-based explainable obfuscated-malware detector,” Computers & security, vol. 133, p. 103409, 2023. |
| ISSN | 0167-4048 |
Funding
This research was funded, in part, by the Natural Sciences and Engineering Research Council (NSERC) (external link) .