Classifying Portable Executable Malware Using Deep Neural Decision Tree

2022 IEEE International Conference on Cybernetics and Computational Intelligence (CyberneticsCom) Pub Date : 2022-06-16 DOI:10.1109/CyberneticsCom55287.2022.9865320

Rico S. Santos, E. Festijo

{"title":"Classifying Portable Executable Malware Using Deep Neural Decision Tree","authors":"Rico S. Santos, E. Festijo","doi":"10.1109/CyberneticsCom55287.2022.9865320","DOIUrl":null,"url":null,"abstract":"Despite the extensive use of malware technologies, malware detection is still a challenge today, especially with the daily cyber-attack barrage. Data analysis coupled with machine learning techniques is gaining popularity as one of the approaches deployed to address this issue. This paper proposed a new technique for classifying malware from a large Portable Executable file (PEFile) using a deep neural decision tree. Every node in a hybrid approach represents a neural network trained to identify a single output category using binary classification as a decision tree. The dataset used in this study includes both benign (7,196) and malicious (16,698) PE files with 14 features extracted from the PEFile headers. Precision is 0.88, Recall is 0.32, Matthew Coefficient Correlation (MCC) is 0.302, Area Under the Curve (AUC) Receiving Operating Characteristic (ROC) with an AUC value of 0.63, and Average Precision score of 0.69 was used to evaluate the classifier. The result shows that binary classifier can distinguish between two classes: (1) malware and (2) benign.","PeriodicalId":178279,"journal":{"name":"2022 IEEE International Conference on Cybernetics and Computational Intelligence (CyberneticsCom)","volume":"107 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE International Conference on Cybernetics and Computational Intelligence (CyberneticsCom)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberneticsCom55287.2022.9865320","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Despite the extensive use of malware technologies, malware detection is still a challenge today, especially with the daily cyber-attack barrage. Data analysis coupled with machine learning techniques is gaining popularity as one of the approaches deployed to address this issue. This paper proposed a new technique for classifying malware from a large Portable Executable file (PEFile) using a deep neural decision tree. Every node in a hybrid approach represents a neural network trained to identify a single output category using binary classification as a decision tree. The dataset used in this study includes both benign (7,196) and malicious (16,698) PE files with 14 features extracted from the PEFile headers. Precision is 0.88, Recall is 0.32, Matthew Coefficient Correlation (MCC) is 0.302, Area Under the Curve (AUC) Receiving Operating Characteristic (ROC) with an AUC value of 0.63, and Average Precision score of 0.69 was used to evaluate the classifier. The result shows that binary classifier can distinguish between two classes: (1) malware and (2) benign.

查看原文本刊更多论文

基于深度神经决策树的可移植可执行恶意软件分类

尽管恶意软件技术被广泛使用，但恶意软件检测仍然是一个挑战，特别是随着每天的网络攻击弹幕。数据分析与机器学习技术相结合，作为解决这一问题的方法之一，越来越受欢迎。提出了一种基于深度神经决策树的大型可移植可执行文件(PEFile)恶意软件分类方法。混合方法中的每个节点都代表一个神经网络，该神经网络使用二元分类作为决策树来训练识别单个输出类别。本研究中使用的数据集包括良性(7,196)和恶意(16,698)PE文件，从PEFile头中提取了14个特征。精密度为0.88，召回率为0.32，马修相关系数(MCC)为0.302，曲线下面积(AUC)接收工作特征(ROC)的AUC值为0.63，平均精密度评分为0.69。结果表明，二元分类器可以区分(1)恶意和(2)良性两类。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE International Conference on Cybernetics and Computational Intelligence (CyberneticsCom)

自引率

0.00%

发文量