Journal of King Saud University: Computer and Information Sciences (Apr 2019)
A learning model to detect maliciousness of portable executable using integrated feature set
Abstract
Malware is one of the top most obstructions for expansion and growth of digital acceptance among the users. Both enterprises and common users are struggling to get protected from the malware in the cyberspace, which emphasizes the importance of developing efficient methods of malware detection. In this work, we propose a machine learning based solution to classify a sample as benign or malware with high accuracy and low computation overhead. An integrated feature set has been amalgamated as a combination of portable executable header fields raw value and derived values. Various machine-learning algorithms such as Decision Tree, Random Forest, kNN, Logistic Regression, Linear Discriminant Analysis and Naive Bayes were adopted in the classification of malware. Using existing raw feature set and the proposed integrated feature set we compared performance of each classifier. The empirical evidence indicates 98.4% classification accuracy in the 10-fold cross validation for the proposed integrated feature set. In the experiments conducted on the novel test data set the accuracy was observed as 89.23% for the integrated feature set which is 15% improvement on accuracy achieved with raw-feature set alone. Classification accuracy with only top N features (N = 5, 10, 15, 20, 25) are also experimented and it was observed that with only top 15 features 98% and 97% accuracy can be achieved on integrated and raw feature respectively. Keywords: Malware, Portable executable, Machine learning, Integrated features