Securing Cyberspace: Exploring the Efficacy of SVM (Poly, Sigmoid) and ANN in Malware Analysis

Abstract

This study presents a comprehensive exploration and comparative analysis of three prominent classification algorithms—Support Vector Machine (SVM) with polynomial and sigmoid kernels, and Artificial Neural Network (ANN)—in the context of malware classification. Leveraging a dataset comprising 5184 samples, including both malware and benign instances, the research systematically evaluates the performance of these algorithms using key metrics such as accuracy, precision, recall, F1 score, and AUC-ROC. The SVM classifier with a polynomial kernel emerges as the top performer, achieving remarkable accuracy (98.08%), precision (98.56%), and recall (97.85%). Its capacity to minimize false positives while maintaining a high true positive rate positions it as a robust tool for accurate malware identification. The sigmoid kernel SVM demonstrates a well-balanced performance, suitable for scenarios requiring a nuanced trade-off between false positives and false negatives. The ANN model, while exhibiting a lower overall accuracy (89.00%), excels in recall (92.61%), showcasing its proficiency in capturing instances of malware. The study underscores the significance of selecting an algorithm aligned with specific application requirements, whether prioritizing precision, recall, or a balanced approach. Furthermore, the research acknowledges the dataset's limitations and calls for future exploration with diverse datasets and additional preprocessing techniques. As cybersecurity threats evolve, the insights provided by this study contribute to the ongoing discourse on developing robust tools for effective malware detection. The findings empower cybersecurity professionals and researchers with valuable considerations for selecting the most suitable classification algorithm in the dynamic landscape of digital security.