Improvement of malware classification models using hybrid feature engineering

Abstract

Malware is a growing global public threat that has greatly inconvenienced computer users over the years. It has denied authorised users access to systems and also enhanced unauthorised access to information. Although detection techniques like signature-based have tried hard to detect them, they have failed to detect new and unknown malware, Behavior based methods have tried to detect the unknown malware but their results yield a lot of false positives. Feature Engineering has therefore been embraced for better detection of malware based on a hybrid of structural and behavioural features.The New Feature Engineering (NFE) approach has reduced the false positives but with performance limits. Emergency of polymorphism and metamorphism as a concealment strategy for malware makes the problem even more complicated .In this study, we investigated the relative appropriateness of features for detecting malware, we developed an approach using robustly engineered features that help to classify malicious programs depending on their types. We tested the performance of the approach on unknown malware and compared the performance of the improved NFE approach for malware classification with other approaches. These approaches were trained and evaluated on data from Marco Ramilli and was named, "A Malware Training Sets:Machine-learning data set for everyone" and this improves the detection model by 14.8%