Abstract

A malware is a computer program which causes harm to software. Cybercriminals use malware to gain access to sensitive information that will be exchanged via software infected by it. The important task of protecting a computer system from a malware attack is to identify whether given software is a malware. Tech giants like Microsoft are engaged in developing anti-malware products. Microsoft's anti-malware products are installed on over 160M computers worldwide and examine over 700M computers monthly. This generates huge amount of data points that can be analyzed as potential malware. Microsoft has launched a challenge on coding competition platform Kaggle.com, to predict the probability of a computer system, installed with windows operating system getting affected by a malware, given features of the windows machine. The dataset provided by Microsoft consists of 10,868 instances with 81 features, classified into nine classes. These features correspond to files of type asm (data with assembly language code) as well as binary format. In this work, we build a multi class classification model to classify which class a malware belongs to. We use K-Nearest Neighbors, Logistic Regression, Random Forest Algorithm and XgBoost in a multi class environment. As some of the features are categorical, we use hot encoding to make them suitable to the classifiers. The prediction performance is evaluated using log loss. We analyze the accuracy using only asm features, binary features and finally both. xGBoost provide a better log-loss value of 0.078 when only asm features are considered, a value of 0.048 when only binary features are used and a final log loss of 0.03 when all features are used, over other classifiers.

Highlights

  • There are several kinds of malware that can infect a computer system

  • We experiment with the features extracted from byte files, asm files individually and by combining them all

  • Random forest classifier achieves low log loss value on cross validation data, whereas XGBoost is the winner on test data as well as misclassified errors

Read more

Summary

Introduction

There are several kinds of malware that can infect a computer system. The number of malwares exceeds 800M in 2019 [1]. Detecting a given file as malware is one of the interesting research problems. Malware detection is challenging because the cybercriminals continuously change the way of attacking the computer systems, resulting in change in the features of malware software. There is a long-lasting confrontation between cyber security experts and malware creators. Machine learning algorithms can be efficiently used to identify whether a given file is malware or not. Malware files exist either in the form of byte files or assembly language files. Features can be successfully extracted from these files

Methods
Results
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.