Evaluation of Random Projection for Malware Classification

Abstract

Research efforts to develop malicious application detection algorithms have been a priority ever since the discovery of the first "viruses". Various methods are used to search and identify these malicious applications. One such method, n-gram analysis, can be implemented to extract features from binary files. These features are then be used by machine learning algorithms to classify them as malicious or benign. However, the resulting high dimensionality of the features makes accurate detection in some cases impossible. This is known as "the curse of dimensionality". To counteract this effect, a feature reduction technique known as randomized projection was implemented. Through this reduction, not only are classification times decreased but also an increase in true positive and decreases false positive rates are observed. By varying the n-gram size and target feature size it is possible to fine-tune the accuracy of machine learning algorithms to reach an average accuracy of 99%.