The Use of Machine Learning Techniques to Advance the Detection and Classification of Unknown Malware

Abstract

Abstract Relying on technology has grown significantly over the last decade. Subsequently, this motivates attacker to develop new malware that can perform their malicious act, which may cause destruction or gather intelligence and critical information. Thus, malware detection is a crucial factor in the security of systems; including smart and portable devices. Often, an automated malware detection system is one of the first steps that aim to recognize abnormal activities and identify malicious programs. This detection is needed to protect devices from hackers and prevent the information from getting compromised. However, currently applied standard methods, such as signature-based and dynamic-based, do not provide reliable detection of unknown or unaddressed attacks; mainly for malware that can change its forms such as the polymorphic viruses. As a result, the demand for a new detection technique emerges. The purpose of this work is to investigate the machine learning techniques that are used in the detection of unknown malware. This work presents a more enhanced feature set using Random Forest to decrease the number of features. Several machine learning algorithms were applied on a benchmark dataset in our experiments. Our results achieved accuracy improvements over all binary and multi-classifiers. The highest accuracy was achieved by Decision Tree is 98.2% for binary classification and 95.8% by Random Forest for multi-class classification. The lowest accuracy was achieved by Bernoulli Naive Bayes with an accuracy of 91% and 81.8% for binary classification and multi-class classification, respectively.