Cross-validation of machine learning algorithms for malware detection using static features of Windows portable executables: A Comparative Study

Abstract

With the expansion in the notoriety of modern technology, cyber-attacks have also increased. Traditional techniques to distinguish between malware and benign files are usually signature-based or behavior-based; the following methods can be less accurate and resource hungry. A robust technique is needed which is more efficient and takes less time as compared to traditional techniques. Machine learning can play an important role in this scenario due to its predictive capabilities based upon training. In this study, we use existing machine learning algorithms for classification and clustering using static features of malware-benign portable executables. Cross-validation is performed using two datasets; a publicly available dataset and a self-collected dataset. The self-collected dataset comprises 21,486 samples, whereas, the publicly available dataset comprises 138,047 samples. In the case of supervised classification, accuracies were observed to be above 80% whereas in the case of unsupervised F1-score above 0.9 was observed.