Feature-Driven Malware Detection using Cascade Machine Learning Models

Feature-Driven Malware Detection using Cascade Machine Learning Models

연구 분야: Safety

학회: SN Computer Science

Malware proliferation continues to jeopardize global data security and user privacy, necessitating robust detection and classification mechanisms. In this research, we propose Malware Detection using Cascade Machine Learning (MDCML) classifier designed to detect anomalies in Portable Executable (PE) files and classify them into malware families with high precision. The model integrates three machine learning algorithms such as Random Forest, Bagging and Boosting, fine-tuned through extensive hyperparameter optimization, significantly enhancing detection and classification performance. To extract features from raw textual data, we have utilized a TF-IDF based inter-class dispersion architecture, transforming unstructured opcode data into structured feature maps that emphasize contextual importance. The model uses cascade approach which enhances performance by passing uncertain or misclassified samples from one classifier to the next, enabling successive stages to refine predictions. It is evaluated on two public datasets-Big-2015 and Mal-API-2019, both of which contain a diverse set of malware families. The study includes a comprehensive experimentation on multi-class classification tasks. Performance was evaluated across diverse sample sizes, execution times and optimization strategies to ensure robust analysis. An accuracy of 98.97% and 95.42% on the respective datasets highlights the superior performance of the proposed framework over traditional machine learning models, showcasing significant advancements. This research underscores the concept of the hybrid MDCML classifier in improving malware detection and classification, thereby enhancing data security and privacy.