Research Article
Real-Time Malware Process Detection and Automated Process Killing
Table 2
26 process-level features: 22 features + 4 port status values.
| Category | |
| CPU use (%) | System level | User level | | Memory use (bytes) | Total | Physical (nonswapped) | Swap | Child processes | Count | Maximum process ID | Number of threads | I/O operation bytes on disk (bytes) | Read | Write | Nonread-write I/O operations | I/O operation count on disk | Read | Write | Nonread-write I/O operations | Priority | Process priority | I/O process priority | | Network # packets | TCP packet count | UDP packet count | | Network # bytes | # Bytes sent | # Bytes received | | Network other | Number of connections currently open | Statuses of the ports opened by the process (4 statuses) | | Miscellaneous | Number of command line arguments passed to process | Number of handles being used by process | |
|
|