LightGBM Algorithm for Malware Detection

Abstract

In Zero-Day malware challenges, attackers take advantage of every second that the anti-malware vendor delays identifying the attacking malware signature and provide the updates. Furthermore, the longer the detection phase delayed, the greater the damage to the host device. In other words, the inability to early detection of attacks complicates the problem and increases damage. Therefore, this study aims to develop an intelligent anti-malware system capable to instantly detect and terminate malware activities instead of waiting for anti-malware updates. In its scope, the study focuses on the Internet of Things (IoT) malware detection based on Machine Learning (ML) techniques. A recent open-source ML algorithm called Light Gradient Boosting Algorithm (LightGBM) is used to develop our instant anti-malware approach at both host and network layers without the need for any human intervention. The results show a promising approach for detecting and classifying malware with high accuracy reaches almost (100%) at both the network and host levels based on the cross-validation Holdout method. Furthermore, the results show the ability of the proposed approach to early detect IoT botnet attacks, which is an essential feature for terminating the botnet activity before propagating to a new network device.