Improving Classification Performance for Malware Detection Using Genetic Programming Feature Selection Techniques

IF 16.4 1区化学 Q1 CHEMISTRY, MULTIDISCIPLINARY

Accounts of Chemical Research Pub Date : 2022-05-01 DOI:10.1080/19361610.2022.2067459

Heba Harahsheh, M. Alshraideh, S. Al-Sharaeh, R. Al-Sayyed

{"title":"Improving Classification Performance for Malware Detection Using Genetic Programming Feature Selection Techniques","authors":"Heba Harahsheh, M. Alshraideh, S. Al-Sharaeh, R. Al-Sayyed","doi":"10.1080/19361610.2022.2067459","DOIUrl":null,"url":null,"abstract":"Abstract Malware is the term used to describe any malicious software or code that is harmful to systems. From day to day, new malicious programs appear. To classify malware according to its characteristics, machine learning is now being used; this is because most new malware contains patterns that are similar to old ones. This paper proposes two feature selection methods based on Genetic Programming (GP) for predicting malware; the first is called Genetic Programming-Mean (GPM), and the second is called Genetic Programming-Mean Plus (GPMP). The results of these two methods were compared with three state-of-the-art popular feature selection techniques: filter-based, wrapper-based, and Chi-square. In this work, we compare the two proposed methods (GPM and GPMP) with these three widely used feature selection techniques. The results demonstrate that the proposed techniques beat these state-of-the-art ones in terms of accuracy and F-score. The results also revealed that the proposed methods employed less computation time and hence an enhanced performance when compared with filter-based, and wrapper-based feature selection. The proposed methods were evaluated using four datasets. Two classifiers were used to evaluate the proposed feature selection methods: Random Forest and Decision Tree. When a Random Forest classifier is used, our results showed that it outperformed the Decision Tree classifier in indicators, such as F1-score, recall, and precision. The analysis of results using Random Forest and Decision Tree proves that the proposed method is highly efficient.","PeriodicalId":1,"journal":{"name":"Accounts of Chemical Research","volume":null,"pages":null},"PeriodicalIF":16.4000,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Accounts of Chemical Research","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/19361610.2022.2067459","RegionNum":1,"RegionCategory":"化学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"CHEMISTRY, MULTIDISCIPLINARY","Score":null,"Total":0}

引用次数: 1

Abstract

Abstract Malware is the term used to describe any malicious software or code that is harmful to systems. From day to day, new malicious programs appear. To classify malware according to its characteristics, machine learning is now being used; this is because most new malware contains patterns that are similar to old ones. This paper proposes two feature selection methods based on Genetic Programming (GP) for predicting malware; the first is called Genetic Programming-Mean (GPM), and the second is called Genetic Programming-Mean Plus (GPMP). The results of these two methods were compared with three state-of-the-art popular feature selection techniques: filter-based, wrapper-based, and Chi-square. In this work, we compare the two proposed methods (GPM and GPMP) with these three widely used feature selection techniques. The results demonstrate that the proposed techniques beat these state-of-the-art ones in terms of accuracy and F-score. The results also revealed that the proposed methods employed less computation time and hence an enhanced performance when compared with filter-based, and wrapper-based feature selection. The proposed methods were evaluated using four datasets. Two classifiers were used to evaluate the proposed feature selection methods: Random Forest and Decision Tree. When a Random Forest classifier is used, our results showed that it outperformed the Decision Tree classifier in indicators, such as F1-score, recall, and precision. The analysis of results using Random Forest and Decision Tree proves that the proposed method is highly efficient.

查看原文本刊更多论文

利用遗传规划特征选择技术改进恶意软件检测的分类性能

摘要恶意软件是用来描述对系统有害的任何恶意软件或代码的术语。每天都有新的恶意程序出现。为了根据恶意软件的特征对其进行分类，现在正在使用机器学习；这是因为大多数新的恶意软件都包含与旧的相似的模式。本文提出了两种基于遗传规划的恶意软件特征选择方法；第一种称为遗传规划均值（GPM），第二种称为基因规划均值加（GPMP）。将这两种方法的结果与三种最先进的流行特征选择技术进行了比较：基于过滤器、基于包装器和卡方。在这项工作中，我们将提出的两种方法（GPM和GPMP）与这三种广泛使用的特征选择技术进行了比较。结果表明，所提出的技术在准确性和F分数方面优于这些最先进的技术。结果还表明，与基于滤波器和基于包装器的特征选择相比，所提出的方法使用了更少的计算时间，从而提高了性能。使用四个数据集对所提出的方法进行了评估。使用两个分类器来评估所提出的特征选择方法：随机森林和决策树。当使用随机森林分类器时，我们的结果表明，它在F1分数、召回率和精度等指标上优于决策树分类器。使用随机森林和决策树对结果进行分析，证明了该方法的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Accounts of Chemical Research 化学-化学综合

CiteScore

31.40

自引率

1.10%

发文量

312

审稿时长

2 months

期刊介绍： Accounts of Chemical Research presents short, concise and critical articles offering easy-to-read overviews of basic research and applications in all areas of chemistry and biochemistry. These short reviews focus on research from the author’s own laboratory and are designed to teach the reader about a research project. In addition, Accounts of Chemical Research publishes commentaries that give an informed opinion on a current research problem. Special Issues online are devoted to a single topic of unusual activity and significance. Accounts of Chemical Research replaces the traditional article abstract with an article "Conspectus." These entries synopsize the research affording the reader a closer look at the content and significance of an article. Through this provision of a more detailed description of the article contents, the Conspectus enhances the article's discoverability by search engines and the exposure for the research.