Bridging Legacy and Modern Threat Detection: An Analysis of Machine Learning Models on EMBER2018 and CIC-Evasive-PDFMal2022
摘要
This work examines malware detection techniques in cybersecurity, focusing on traditional machine learning and deep learning methods across two datasets: EMBER2018 (covering malware from 2006 to 2018) and CIC-Evasive-PDFMal2022 (recent evasive PDF malware). Traditional models, particularly XGBoost on EMBER2018 (99.7%) and CatBoost on CIC-Evasive-PDFMal2022 (99.4%), achieved the highest accuracies. Deep learning models, such as CNN and RNN-LSTM, showed effectiveness in identifying complex malware, with accuracies of 98.1% and 96.2%, respectively. Additionally, ensemble methods such as the voting classifier reached 99.1% accuracy on CIC-Evasive-PDFMal2022. The findings highlight that tree-based models, including XGBoost, LightGBM, and CatBoost, consistently outperformed deep learning models, offering efficient solutions for malware detection.