Malware Detection With Subspace Learning-Based One-Class Classification

Hasan H. Al-Khshali; Muhammad Ilyas; Fahad Sohrab; Moncef Gabbouj

doi:10.1109/ACCESS.2024.3409937

IEEE Access (Jan 2024)

Malware Detection With Subspace Learning-Based One-Class Classification

Hasan H. Al-Khshali,
Muhammad Ilyas,
Fahad Sohrab,
Moncef Gabbouj

Affiliations

Hasan H. Al-Khshali: ORCiD; Department of Electrical and Computer Engineering, Altinbas University, İstanbul, Turkey
Muhammad Ilyas: ORCiD; Department of Cybersecurity, College of Engineering, Al Ain University, Abu Dhabi, United Arab Emirates
Fahad Sohrab: ORCiD; Faculty of Information Technology and Communication Sciences, Tampere University, Tampere, Finland
Moncef Gabbouj: ORCiD; Faculty of Information Technology and Communication Sciences, Tampere University, Tampere, Finland

DOI: https://doi.org/10.1109/ACCESS.2024.3409937
Journal volume & issue: Vol. 12
pp. 81017 – 81029

Abstract

Read online

Detecting malware is crucial for ensuring the security of computer systems. Traditional machine learning models face challenges in effectively detecting malware, mainly due to the class imbalance problem, where the number of malware samples is significantly smaller than that of non-malware samples. Additionally, malware’s dynamic and evolving nature, continuously altering its structure and tactics, presents a substantial challenge for conventional artificial intelligence algorithms, further complicating the detection task. In pursuing an optimized malware detection technique, researchers initially explored traditional machine learning algorithms, focusing on the features of Portable Executable (PE) file headers. However, the inherent issues, such as imbalanced datasets and the deceptive nature of malware, have raised concerns about the credibility of the attained results. This can result in misclassifying malware as non-malware, leading to security vulnerabilities. One-Class Classification (OCC) methods have emerged as a promising approach to improve the detection of unknown malware. However, traditional OCC approaches face the challenge of the curse of dimensionality. This research proposes adapting subspace learning-based OCC methods to overcome the curse of dimensionality and effectively handle the class imbalance problem. We propose a pipeline for detecting malware using methods that jointly optimize a subspace and data description for OCC. We evaluate the performance of various one-class classifiers on three different datasets. We observed that the subspace-learning-based OCC is a promising approach. Evaluating various classifiers on three datasets reveals promising results, with a True Positive Rate (TPR) of 100 % for subspace-learning-based OCC. The proposed pipeline can serve as a valuable tool for improving the security of computer systems by accurately detecting malware and protecting against potential attacks.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords