Skip to main content
SpringerLink
Log in

Malware Detection Using Machine Learning Algorithms for Windows Platform

  • Conference paper
  • First Online:
Proceedings of International Conference on Information Technology and Applications

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 350))

Abstract

Windows is a popular Graphical User Interface-based Operating System that provides services like storage, run third-party software, play videos, network connection, etc. The purpose of such services can be demolished by targeting the availability of these services. Malware is one of the major security concerns for the Windows platform. Malware is any type of computer software that disturbs the availability of computer services. The traditional detection systems such as the intrusion detection/prevention system, Anti-Virus software cannot detect unseen malware due to the use of signature-based methods. So, there is a need to accurately detect such kind of malware in the Windows environment. In this work, a Machine Learning (ML)-based malware detection system is introduced which extracts features from the Portable Executable file's header to detect whether the executable is clean or malicious. After preprocessing the data, several ML models including Random Forest, Support Vector Machine (SVM), Decision Tree, AdaBoost, Gaussian Naive Bayes (GNB), and Gradient Boosting are applied to cope up with the malware. Moreover, a comparative analysis is conducted among ML models to select the appropriate one for the targeted problem. The experimental results show that the Random Forest outperformed the others with an accuracy level of 99.44\% for the detection of malware. This can be used to develop a desktop application for scanning the malware for the Windows platform with the added ability to customize the scanning process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 189.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 249.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Statcounter: Global state: Operating System Market Share Worldwide [Online]. Available https://gs.statcounter.com/os-market-share. Accessed 19 June 2021

  2. What is malware? [Online]. Available https://searchsecurity.techtarget.com/definition/malware. Accessed 19 June 2021

  3. Ahmad MB, Fahad M, Khan AW, Asif M (2016) A first step towards reducing insider threats in government organizations. Int J Comput Sci Netw Secur 16(6):81–85

    Google Scholar 

  4. Ahmad MB, Fahad M, Khan AW, Asif M (2016) towards securing medical documents from insider attacks. Int J Adv Comput Sci Appl 7(8):357–360

    Google Scholar 

  5. Ahmad MB, Akram A, Asif M, Rehman SU (2014) Using genetic algorithm to minimize false alarms in insider threats detection of information misuse in windows. Environment 2014:1–12

    Google Scholar 

  6. What are the different types of Malware? [Online]. Available https://comtact.co.uk/blog/what-are-the-different-types-of-malware/. Accessed 19 June 2021

  7. What is a cyber-attack? [Online]. Available https://www.ibm.com/services/businesscontinuity/cyber-attack. Accessed 19 June 2021

  8. Anderson HS, Roth P (2018) Ember: an open dataset for training static PE malware machine learning models. arXiv preprint arXiv:1804.04637

  9. Cabrera A, Calix RA (2016, October) On the anatomy of the dynamic behavior of pol-ymorphic viruses. In 2016 international conference on collaboration technologies and systems (CTS), Orlando, FL, USA, 31 October–4 November. IEEE, New York, USA, pp. 424–429

    Google Scholar 

  10. WWhat is zero-day (0day) exploit [Online] Available https://www.imperva.com/learn/application-security/zero-day-exploit/. Accessed 19 June 2021

  11. Tully S, Mohanraj Y (2017) Mobile security: a practitioner’s perspective. In: Mobile security and privacy, 2nd edn. Elsevier, pp 5–55

    Google Scholar 

  12. Hosseinzadeh S, Hyrynsalmi S, Leppnen V (2016) Obfuscation and diversification for securing the internet of things (IoT). Internet of Thing. ScienceDirect, pp 259–274

    Google Scholar 

  13. Naz S, Singh DK (2019, July) Review of machine learning methods for windows malware detection. In: 10th international conference on computing, communication and networking technologies (ICCCNT), Kanpur, India, 6–8 July. IEEE, New York, USA, pp 01–06

    Google Scholar 

  14. Darshan SLS, Jaidhar CD (2019) Windows malware detection system based on LSVC recommended hybrid features. J Comput Virol Hacking Tech 15(2):127–146 (Springer)

    Google Scholar 

  15. Samantray OP, Tripathy SN (2020) A knowledge-domain analyser for malware classification. In: 2020 international conference on computer science, engineering and applications (ICCSEA), Gunupur, India, 13–14 March. IEEE, New York, USA, pp 1–7

    Google Scholar 

  16. Radwan AM (2019, October) Machine learning techniques to detect maliciousness of portable executable files. In: 2019 international conference on promising electronic technologies (ICPET), Gaza, Palestine, 23–24 October. IEEE, New York, USA, pp 86–90

    Google Scholar 

  17. Shukla H, Patil S, Solanki D, Singh L, Swarnkar M, Thakkar HK (2019, December) On the design of supervised binary classifiers for malware detection using portable executable Files. In: 9th international conference on advanced computing (IACC), Tiruchirappalli, India, 13–14 December. IEEE, New York, USA, pp 141–146

    Google Scholar 

  18. Zhang S-H, Kuo C-C, Yang C-S (2019, August) Static PE malware type classification using machine learning techniques. In: International conference on intelligent computing and its emerging applications (ICEA), Tainan, Taiwan, 30 August–1 September. IEEE, New York, USA, pp 81–86

    Google Scholar 

  19. Sun B, Li Q, Guo Y, Wen Q, Lin X, Liu W (2017, December) Malware family classification method based on static feature extraction. In: 3rd IEEE international conference on computer and communications (ICCC), Chengdu, China, 13–16 Deccember. IEEE, New York, USA, pp 507–513

    Google Scholar 

  20. Gandotra E, Bansal D, Sofat S (2016, December) Zero-day malware detection. In Sixth international symposium on embedded computing and system design (ISED), Patna, India, 15–17 December. IEEE, New York, USA, pp 171–175

    Google Scholar 

  21. Mohammed AR, Viswanath GS, Babu KS, Anuradha T (2019, March) Malware detection in executable files using machine learning. In: International conference on E-Business and telecommunications. Springer, Berlin, pp 277–284

    Google Scholar 

  22. Roseline SA, Geetha S (2018, September) Intelligent malware detection using oblique random forest paradigm. In: International conference on advances in computing, communications, and informatics (ICACCI), Bangalore, India, 19–22 September. IEEE, New York, USA, pp 330–336

    Google Scholar 

  23. Gupta D, Rani R (2018) Big data framework for zeroday malware detection. Cybern Syst 49(2):103–121

    Article  Google Scholar 

  24. Cho K, Kim TG, Shim YJ, Ryu M, Lm EG (2016) Malware analysis and classification using sequence alignments. Intell Autom Soft Comput 22(3):371–377

    Google Scholar 

  25. Burnap P, French R, Turner F, Jones K (2018) Malware classification using self-organizing feature maps and machine activity data. Comput Secur 73:399–410

    Article  Google Scholar 

  26. Wang C, Ding J, Guo T, Cui B (2017, November) A malware detection method based on sandbox, binary instrumentation, and multidimensional feature extraction. In: International conference on broadband and wireless computing, communication and applications. Springer, Cham, pp 427–438

    Google Scholar 

  27. Makandar A, Patrot A (2015, December) Malware analysis and classification using artificial neural network. In: International conference on trends in automation, communications and computing technology (I-TACT-15), Bangalore, India (21–22 December). IEEE, New York, USA, pp 1–6

    Google Scholar 

  28. Devesa J, Santos I, Cantero X, Penya YK, Bringas PG (2010) Automatic behavior-based analysis and classification system for malware detection. ICEIS J 2(2):395–399

    Google Scholar 

  29. Dataset [Online]. Available https://www.kaggle.com/. Accessed 19 June 2021

  30. Malware-DataSet [Online]. Available https://github.com/System-CTL/Malware-DataSet. Accessed 19 June 2021

  31. Extra Trees Classifier [Online]. Available https://scikit-learn.org/stable/modules/generated/sklearn.ensemble.ExtraTreesClassifier.html. Accessed 19 June 2021

  32. Scikit-learn [Online]. https://scikit-learn.org/stable/. Accessed 19 June 2021

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Lahore Garrison University, Lahore, Pakistan

    Abrar Hussain, Muhammad Asif & M. Arslan Raza

  2. Karachi Institute of Economics and Technology (KIET), Karachi, Pakistan

    Maaz Bin Ahmad

  3. Department of Computer Science, National Textile University, Faisalabad, Pakistan

    Toqeer Mahmood

Authors
  1. Abrar Hussain
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad Asif
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Maaz Bin Ahmad
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Toqeer Mahmood
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. M. Arslan Raza
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Muhammad Asif .

Editor information

Editors and Affiliations

  1. School of Mathematical and Computer Science, Heriot-Watt University, Dubai, United Arab Emirates

    Abrar Ullah

  2. Institute of Management Sciences, Center of Excellence in Information Technology, Peshawar, Pakistan

    Sajid Anwar

  3. Lisbon School of Economics and Management, University of Lisbon, Portugal, Portugal

    Álvaro Rocha

  4. School of Mathematical and Computer Science, Heriot-Watt University, Dubai, United Arab Emirates

    Steve Gill

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hussain, A., Asif, M., Ahmad, M.B., Mahmood, T., Raza, M.A. (2022). Malware Detection Using Machine Learning Algorithms for Windows Platform. In: Ullah, A., Anwar, S., Rocha, Á., Gill, S. (eds) Proceedings of International Conference on Information Technology and Applications. Lecture Notes in Networks and Systems, vol 350. Springer, Singapore. https://doi.org/10.1007/978-981-16-7618-5_53

Download citation

Publish with us

Policies and ethics

Search

Navigation