November 2019
Intermediate to advanced
346 pages
9h 36m
English
In this recipe, we perform something exciting, namely, classification of malware and benign samples based on their runtime behavior. Our first three steps are to define a function to read in and parse the JSON logs that contain information about the samples runtime behavior. As an aside, JSON is a useful file format whenever your data might have a variable number of attributes. We make the strategic choice to extract the API call class, method, and content. Other features are available as well, such as the time at which the API call was made and what arguments were called. The trade-off is that the dataset will be larger and these features might cause a slowdown or overfit. Investigation is recommended as regards selecting additional ...