Netinfo Security ›› 2020, Vol. 20 ›› Issue (12): 54-63.doi: 10.3969/j.issn.1671-1122.2020.12.008

Previous Articles     Next Articles

A Malware Detection Method Based on XGBoost and LightGBM Two-layer Model

XU Guotian(), SHEN Yaotong   

  1. Cyber Crime Investigation Department, Criminal Investigation Police University of China, Shenyang 110854, China
  • Received:2020-10-09 Online:2020-12-10 Published:2021-01-12
  • Contact: XU Guotian E-mail:459536384@qq.com

Abstract:

At present, most of the malware detection methods based on network traffic rely on expert experience to acquire features. This process is time-consuming and laborious, and less traffic features are extracted. At the same time, the complexity of traditional feature engineering will greatly increase when the feature dimension is high. According to the above problem, this paper presents a use of limit gradient tree (XGBoost) and lightweight gradient hoist (LightGBM) malware detection method of double model, in the access network traffic and extract the target software related characteristics, using the characteristics of filtering method and mutual information method, and the data set into the first floor training XGBoost model, combined with the grid search of ways to get the optimal parameter combination, for obtaining the best XGBoost model in each sample of each tree in the leaf node position, to create a new collection, The LightGBM model is used to train the new data set so as to obtain the final detection model. The experimental results show that compared with other detection methods, the accuracy and real-time performance of the malware detection proposed in this paper are significantly improved.

Key words: malware detection, flow characteristics, extreme gradient boosting, LightGBM, grid search

CLC Number: