Abstract
Windows is a popular Graphical User Interface-based Operating System that provides services like storage, run third-party software, play videos, network connection, etc. The purpose of such services can be demolished by targeting the availability of these services. Malware is one of the major security concerns for the Windows platform. Malware is any type of computer software that disturbs the availability of computer services. The traditional detection systems such as the intrusion detection/prevention system, Anti-Virus software cannot detect unseen malware due to the use of signature-based methods. So, there is a need to accurately detect such kind of malware in the Windows environment. In this work, a Machine Learning (ML)-based malware detection system is introduced which extracts features from the Portable Executable file's header to detect whether the executable is clean or malicious. After preprocessing the data, several ML models including Random Forest, Support Vector Machine (SVM), Decision Tree, AdaBoost, Gaussian Naive Bayes (GNB), and Gradient Boosting are applied to cope up with the malware. Moreover, a comparative analysis is conducted among ML models to select the appropriate one for the targeted problem. The experimental results show that the Random Forest outperformed the others with an accuracy level of 99.44\% for the detection of malware. This can be used to develop a desktop application for scanning the malware for the Windows platform with the added ability to customize the scanning process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Statcounter: Global state: Operating System Market Share Worldwide [Online]. Available https://gs.statcounter.com/os-market-share. Accessed 19 June 2021
What is malware? [Online]. Available https://searchsecurity.techtarget.com/definition/malware. Accessed 19 June 2021
Ahmad MB, Fahad M, Khan AW, Asif M (2016) A first step towards reducing insider threats in government organizations. Int J Comput Sci Netw Secur 16(6):81–85
Ahmad MB, Fahad M, Khan AW, Asif M (2016) towards securing medical documents from insider attacks. Int J Adv Comput Sci Appl 7(8):357–360
Ahmad MB, Akram A, Asif M, Rehman SU (2014) Using genetic algorithm to minimize false alarms in insider threats detection of information misuse in windows. Environment 2014:1–12
What are the different types of Malware? [Online]. Available https://comtact.co.uk/blog/what-are-the-different-types-of-malware/. Accessed 19 June 2021
What is a cyber-attack? [Online]. Available https://www.ibm.com/services/businesscontinuity/cyber-attack. Accessed 19 June 2021
Anderson HS, Roth P (2018) Ember: an open dataset for training static PE malware machine learning models. arXiv preprint arXiv:1804.04637
Cabrera A, Calix RA (2016, October) On the anatomy of the dynamic behavior of pol-ymorphic viruses. In 2016 international conference on collaboration technologies and systems (CTS), Orlando, FL, USA, 31 October–4 November. IEEE, New York, USA, pp. 424–429
WWhat is zero-day (0day) exploit [Online] Available https://www.imperva.com/learn/application-security/zero-day-exploit/. Accessed 19 June 2021
Tully S, Mohanraj Y (2017) Mobile security: a practitioner’s perspective. In: Mobile security and privacy, 2nd edn. Elsevier, pp 5–55
Hosseinzadeh S, Hyrynsalmi S, Leppnen V (2016) Obfuscation and diversification for securing the internet of things (IoT). Internet of Thing. ScienceDirect, pp 259–274
Naz S, Singh DK (2019, July) Review of machine learning methods for windows malware detection. In: 10th international conference on computing, communication and networking technologies (ICCCNT), Kanpur, India, 6–8 July. IEEE, New York, USA, pp 01–06
Darshan SLS, Jaidhar CD (2019) Windows malware detection system based on LSVC recommended hybrid features. J Comput Virol Hacking Tech 15(2):127–146 (Springer)
Samantray OP, Tripathy SN (2020) A knowledge-domain analyser for malware classification. In: 2020 international conference on computer science, engineering and applications (ICCSEA), Gunupur, India, 13–14 March. IEEE, New York, USA, pp 1–7
Radwan AM (2019, October) Machine learning techniques to detect maliciousness of portable executable files. In: 2019 international conference on promising electronic technologies (ICPET), Gaza, Palestine, 23–24 October. IEEE, New York, USA, pp 86–90
Shukla H, Patil S, Solanki D, Singh L, Swarnkar M, Thakkar HK (2019, December) On the design of supervised binary classifiers for malware detection using portable executable Files. In: 9th international conference on advanced computing (IACC), Tiruchirappalli, India, 13–14 December. IEEE, New York, USA, pp 141–146
Zhang S-H, Kuo C-C, Yang C-S (2019, August) Static PE malware type classification using machine learning techniques. In: International conference on intelligent computing and its emerging applications (ICEA), Tainan, Taiwan, 30 August–1 September. IEEE, New York, USA, pp 81–86
Sun B, Li Q, Guo Y, Wen Q, Lin X, Liu W (2017, December) Malware family classification method based on static feature extraction. In: 3rd IEEE international conference on computer and communications (ICCC), Chengdu, China, 13–16 Deccember. IEEE, New York, USA, pp 507–513
Gandotra E, Bansal D, Sofat S (2016, December) Zero-day malware detection. In Sixth international symposium on embedded computing and system design (ISED), Patna, India, 15–17 December. IEEE, New York, USA, pp 171–175
Mohammed AR, Viswanath GS, Babu KS, Anuradha T (2019, March) Malware detection in executable files using machine learning. In: International conference on E-Business and telecommunications. Springer, Berlin, pp 277–284
Roseline SA, Geetha S (2018, September) Intelligent malware detection using oblique random forest paradigm. In: International conference on advances in computing, communications, and informatics (ICACCI), Bangalore, India, 19–22 September. IEEE, New York, USA, pp 330–336
Gupta D, Rani R (2018) Big data framework for zeroday malware detection. Cybern Syst 49(2):103–121
Cho K, Kim TG, Shim YJ, Ryu M, Lm EG (2016) Malware analysis and classification using sequence alignments. Intell Autom Soft Comput 22(3):371–377
Burnap P, French R, Turner F, Jones K (2018) Malware classification using self-organizing feature maps and machine activity data. Comput Secur 73:399–410
Wang C, Ding J, Guo T, Cui B (2017, November) A malware detection method based on sandbox, binary instrumentation, and multidimensional feature extraction. In: International conference on broadband and wireless computing, communication and applications. Springer, Cham, pp 427–438
Makandar A, Patrot A (2015, December) Malware analysis and classification using artificial neural network. In: International conference on trends in automation, communications and computing technology (I-TACT-15), Bangalore, India (21–22 December). IEEE, New York, USA, pp 1–6
Devesa J, Santos I, Cantero X, Penya YK, Bringas PG (2010) Automatic behavior-based analysis and classification system for malware detection. ICEIS J 2(2):395–399
Dataset [Online]. Available https://www.kaggle.com/. Accessed 19 June 2021
Malware-DataSet [Online]. Available https://github.com/System-CTL/Malware-DataSet. Accessed 19 June 2021
Extra Trees Classifier [Online]. Available https://scikit-learn.org/stable/modules/generated/sklearn.ensemble.ExtraTreesClassifier.html. Accessed 19 June 2021
Scikit-learn [Online]. https://scikit-learn.org/stable/. Accessed 19 June 2021
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Hussain, A., Asif, M., Ahmad, M.B., Mahmood, T., Raza, M.A. (2022). Malware Detection Using Machine Learning Algorithms for Windows Platform. In: Ullah, A., Anwar, S., Rocha, Á., Gill, S. (eds) Proceedings of International Conference on Information Technology and Applications. Lecture Notes in Networks and Systems, vol 350. Springer, Singapore. https://doi.org/10.1007/978-981-16-7618-5_53
Download citation
DOI: https://doi.org/10.1007/978-981-16-7618-5_53
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-7617-8
Online ISBN: 978-981-16-7618-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)