Comparative analysis of machine learning algorithms used in malware analysis

Abstract

Despite the achievement of the field of cyber security in the modern world of science and the continuous development of its methods, malware is still one of the biggest threats to information security. Malware is evolving every day, and its types and behaviors are increasing day by day. And the importance of using modern, sophisticated technologies in identifying and combating such complex and diverse malicious programs is increasing. In this regard, it is possible to mention the advantages of using intelligent systems in the field of information security. In this article, we will analyze PE (Portable Executable) files on the Windows operating system, that is, the processes running on the computer and analyzing the malicious programs using machine learning algorithms. At the same time, we will focus on the operation of different machine learning algorithms and show which method is most effective to use for our example. In this article, we will have the following tasks: Providing information about malicious software. Definition of PE files, its structure and nature. Preparation of data for practical work (collection of files with clean and malicious code). An overview of methods for separating files into clean and malicious files. Sorting the signs necessary for training according to pre-prepared files, that is, getting only those signs that allow to achieve the most accurate result during training. Implementation of several machine learning algorithms and selection of the most effective among them.