Ensemble Learning for Robust Malware Detection in the Windows 7 Environment

Abstract

In today's digital era, the exponential growth in the dissemination of malicious software presents a formidable and pervasive threat to individuals and organizations alike. Malware, comprising of computer code or scripts, exhibits a propensity to override computer systems and engage in unauthorized activities, such as the illicit extraction of valuable information. The magnitude of such control is particularly perilous in the contemporary landscape. The rapid and constant evolution of malware compounds this risk, necessitating the development and implementation of sophisticated countermeasures to combat this pressing issue. In response to this challenge, this study has turned to the utilization of ensemble learning techniques as a means of effectively and accurately identifying and detecting malware. Specifically, the investigation focuses on the classification of applications on the MS Windows 7 and 8 operating systems as either malicious or benign, by leveraging static and dynamic features extracted from these applications. The foundational models employed in this study consist of recurrent neural networks (RNNs), trained on the dynamic features of malware, and convolutional neural networks (CNNs), and trained on the static features of malware. This comprehensive approach ensures that no malware goes undetected. Multiple techniques for constructing an ensemble model, such as Boosting, Stacking, and Bagging, are thoroughly examined and analyzed. Ultimately, the Bagging technique is deemed the most suitable and is consequently implemented in this study.