Proceedings of the Workshop on Computation: Theory and Practice (WCTP 2024)

<Previous Article In Volume
Next Article In Volume>

Evaluation and Comparison of GBDT ML Models in Behavior-Based Malware Detection

Authors
Tustin Annika Choa1, *, Julianne Amor de Veyra1, Jose Miguel Escalona1, Patrick Ryan Fortiz1, Jocelynn Cu1
1Center for Network and Information Security, College of Computer Studies, De La Salle University, Manila, Philippines
*Corresponding author. Email: tustin_choa@dlsu.edu.ph
Corresponding Author
Tustin Annika Choa
Available Online 30 April 2025.
DOI
10.2991/978-94-6463-684-0_9How to use a DOI?
Keywords
behavior-based malware detection; malware detection; API Calls; GBDT; Gradient Boosted Decision Trees; LightGBM; CatBoost; machine learning
Abstract

This study evaluates the application of Gradient Boosted Decision Tree (GBDT) models—LightGBM and CatBoost—in behavior-based malware detection, addressing challenges such as limited publicly available datasets and inconsistent evaluation metrics. The research involved comprehensive dataset analysis, model development, and performance assessment, focusing on distinguishing between benign and malicious samples using API Call sequences. Results indicate that both GBDT models performed effectively, with LightGBM demonstrating a slight advantage in processing efficiency. However, the analysis revealed that API Calls alone may be insufficient in rare cases, necessitating the inclusion of DLL sequences for more accurate detection. The study underscores the importance of a balanced and high-quality dataset for reliable behavior-based malware detection, suggesting improvements in the verification process for collecting both benign and malicious samples. The findings contribute to enhancing behavior-based detection methods and establish a foundation for future research in this field.

Copyright
© 2025 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Download article (PDF)

<Previous Article In Volume
Next Article In Volume>
Volume Title
Proceedings of the Workshop on Computation: Theory and Practice (WCTP 2024)
Series
Atlantis Highlights in Computer Sciences
Publication Date
30 April 2025
ISBN
978-94-6463-684-0
ISSN
2589-4900
DOI
10.2991/978-94-6463-684-0_9How to use a DOI?
Copyright
© 2025 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Cite this article

risenwbib
TY  - CONF
AU  - Tustin Annika Choa
AU  - Julianne Amor de Veyra
AU  - Jose Miguel Escalona
AU  - Patrick Ryan Fortiz
AU  - Jocelynn Cu
PY  - 2025
DA  - 2025/04/30
TI  - Evaluation and Comparison of GBDT ML Models in Behavior-Based Malware Detection
BT  - Proceedings of the  Workshop on Computation: Theory and Practice (WCTP 2024)
PB  - Atlantis Press
SP  - 132
EP  - 147
SN  - 2589-4900
UR  - https://doi.org/10.2991/978-94-6463-684-0_9
DO  - 10.2991/978-94-6463-684-0_9
ID  - Choa2025
ER  -