Improving Classification Performance for Malware Detection Using Genetic Programming Feature Selection Techniques

Abstract

Abstract Malware is the term used to describe any malicious software or code that is harmful to systems. From day to day, new malicious programs appear. To classify malware according to its characteristics, machine learning is now being used; this is because most new malware contains patterns that are similar to old ones. This paper proposes two feature selection methods based on Genetic Programming (GP) for predicting malware; the first is called Genetic Programming-Mean (GPM), and the second is called Genetic Programming-Mean Plus (GPMP). The results of these two methods were compared with three state-of-the-art popular feature selection techniques: filter-based, wrapper-based, and Chi-square. In this work, we compare the two proposed methods (GPM and GPMP) with these three widely used feature selection techniques. The results demonstrate that the proposed techniques beat these state-of-the-art ones in terms of accuracy and F-score. The results also revealed that the proposed methods employed less computation time and hence an enhanced performance when compared with filter-based, and wrapper-based feature selection. The proposed methods were evaluated using four datasets. Two classifiers were used to evaluate the proposed feature selection methods: Random Forest and Decision Tree. When a Random Forest classifier is used, our results showed that it outperformed the Decision Tree classifier in indicators, such as F1-score, recall, and precision. The analysis of results using Random Forest and Decision Tree proves that the proposed method is highly efficient.