Abstract
Cybercriminals motivated by malign purpose and financial gain are rapidly developing new variants of sophisticated malware using automated tools, and most of these malware target Windows operating systems. This serious threat demands efficient techniques to analyze and detect zero-day, polymorphic and metamorphic malware. This paper introduces two frameworks for Windows malware detection using random forest algorithms. The first scheme uses features obtained from static and dynamic analysis for training, and the second scheme uses features obtained from static, dynamic, malware image analysis, location-sensitive hashing and file format inspections. We carried out an extensive experiment on two feature sets, and the proposed schemes are evaluated using seven standard evaluation metrics. The experiment results demonstrate that the second scheme recognizes unseen malware better than the first scheme and three state-of-the-art works. The findings show that the second scheme’s multi-view feature set contributes to its 99.58% accuracy and lowers false positive rate of 0.54%.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
