MalPro: Learning on Process-Aware Behaviors for Malware Detection

Malware continuously evolve and become more and more sophisticated. Learning on execution behavior is proven to be effective for malware detection. In this paper, we present MalPro, a DNN based malware detection approach that performs learning on process-aware behaviors for Windows programs. It first employs logistic regression-based weighting method to assess the sensitivity of an API to malicious behavior, and weights the API following run-time arguments with varying degrees of sensitivities. Then, it constructs the process graph of inter-process interactions from which a set of attributes are extracted, for characterizing the relationship of various processes in term of invoke actions. Finally, it feeds the weighted API sequences and the process graph attributes into the DNN for training a binary classifier to detect malware. Moreover, we have implemented and evaluated MalPro on two datasets. The results demonstrate that our method outperforms naive models, verifying the effectiveness of MalPro.