Swarm Optimization and Machine Learning Applied to PE Malware Detection towards Cyber Threat Intelligence

Abstract

Cyber threat intelligence includes analysis of applications and their metadata for potential threats. Static malware detection of Windows executable files can be done through the analysis of Portable Executable (PE) application file headers. Benchmark datasets are available with PE file attributes; however, there is scope for updating the data and also to research novel attribute reduction and performance improvement algorithms. The existing benchmark dataset contains non-PE header attributes, and few ignored attributes. In this work, a critical analysis was conducted to develop a new dataset called SOMLAP (Swarm Optimization and Machine Learning Applied to PE Malware Detection) with a value addition to the existing benchmark dataset. The SOMLAP data contains 51,409 samples that include both benign and malware files, with a total of 108 pure PE file header attributes. Further research was carried out to improve the performance of the Malware Detection System (MDS) by feature minimization using swarm optimization tools, viz., Ant Colony Optimization (ACO), Cuckoo Search Optimization (CSO), and Grey Wolf Optimization (GWO) wrapped with machine learning tools. The dataset was evaluated, and an accuracy of 99.37% with an optimized set of 12 features (ACO) proves the efficiency of the dataset, its attributes, and the algorithms used.