A Comparative Analysis of Machine Learning Techniques for Classification and Detection of Malware

Abstract

Malicious software, commonly known as malware, is one of the most harmful threats developed by cyber attackers to intentionally cause damage or gaining access to computer systems. Malware has evolved over the years and comes in all shapes with different types and functions depending on the goals of the developer. Virus, Spyware, Bots, and Ransomware are just some examples of malware. While those described above found themselves causing issues by accident, however, they all share one thing in common, harming the system. As a response, many infection treatments and detecting methods have been proposed. The signature-based methods are currently utilized to delete malware; however, these methods cannot provide accurate detection of zero-day attacks and polymorphic viruses. Contrarily, the use of machine learning-based detection has been recognized as one of the most modern and notable methods. Specifically, these methods can be categorized based on their analysis technique into static, dynamic, or hybrid. The purpose of this work was to provide a survey that determines the best features extraction and classification methods that result in the best accuracy in detecting malware. Moreover, a review of representable research papers in this topic is represented with a detailed tabular comparison between them based on their accuracy in detecting malware. Among these methods, the J48 algorithm and Hybrid analysis outperformed the others with the accuracy of 100% in detecting malware in the Windows system. On the other hand, the same accuracy has been achieved in the Android system when employing the Decision Tree algorithm through Dynamic analysis. We believe that this study performs a base for further research in the field of malware analysis with machine learning methods.