MCES: Multi-classifier Ensemble System for Malware Detection and Identification

Abstract

With the development and advances of information and networking technologies in Cyber-physical Power systems (CPPS), the frequency of information exchange between CPPS and the external networks is significantly increasing, leading to an ever-growing risk of cyberspace threats and attacks, e.g., malware injection to the CPPS. The existing detectors against malware are mainly based on static analysis, which deals well with known malware, but cannot cope with unknown or obfuscated malware. To this end, this paper proposed a novel multi-classifier ensemble system (MCES) for malware detection based on behavioral analysis. The developed detection model of MCES is a hierarchical learning model with kernel components consisting of base classifiers and one meta classifier. The proposed solution is assessed through experiments based on in total 14800 malware and 14800 benign samples. The numerical results demonstrated that MCES outperformed existing machine learning-based classifiers in identifying malware through application program interface (API) call sequences. The proposed model achieved the highest accuracy of 97.54%, and the highest recall of 97.85% in comparison with the state-of-the-art deep learning based malware detectors.