The extensive damage caused by malware requires anti-malware systems to be constantly improved to prevent new threats. The current trend in malware detection is to employ machine learning models to aid in the classification process. We propose a new dataset with the objective of improving current anti-malware systems. The focus of this dataset is to improve host based intrusion detection systems by providing API call sequences for thousands of malware samples executed in Windows 10 virtual machines. A tutorial on how to create and expand this dataset is provided along with a benchmark demonstrating how to use this dataset to classify malware. The data contains long sequences of API calls for each sample, and in order to create models that can be deployed in resource constrained devices, three feature selection methods were tested. The principal innovation, however, lies in the multi-label classification system in which one sequence of APIs can be tagged with multiple labels describing its malicious behaviours.
翻译:恶意软件造成的广泛危害要求反恶意软件系统不断改进以应对新威胁。当前恶意软件检测的趋势是采用机器学习模型辅助分类过程。我们提出一个新的数据集,旨在改进现有反恶意软件系统。该数据集通过提供在Windows 10虚拟机中执行的数千个恶意软件样本的API调用序列,重点提升基于主机的入侵检测系统。我们提供了创建和扩展该数据集的教程,以及展示如何利用该数据集对恶意软件进行分类的基准测试。数据包含每个样本的API长序列调用,为构建可在资源受限设备上部署的模型,我们测试了三种特征选择方法。然而,其主要创新在于多标签分类系统——同一API序列可被标注多个描述其恶意行为的标签。