Sandbox Sample Classification Using Behavioral Indicators of Compromise. (arXiv:2201.07359v1 [cs.CR])

Behavioral Indicators of Compromise are associated with various automated
methods used to extract the sample behavior by observing the system function
calls performed in a virtual execution environment. Thus, every sample is
described by a set of BICs triggered by the sample behavior in the sandbox
environment. Here we discuss a Machine Learning approach to the classification
of the sandbox samples as MALICIOUS or BENIGN, based on the list of triggered
BICs. Besides the more traditional methods like Logistic Regression …

arxiv classification