A Hybrid Approach For Malware Classification Using Secondary Features Fusion
For cybersecurity practitioners, this provides an automated tool to classify malware into families, but the approach is incremental, combining known techniques.
The paper proposes a hybrid method for malware detection and family classification using feature fusion of API calls and n-grams with a voting-based algorithm fusion, achieving 99.72% accuracy and 0.989 AUC on the Microsoft dataset.
The number of malware (either variant or novel) is rapidly increasing, making malware detection and mitigation a complex problem. One approach to improving malware mitigation is automatic detection and malware family classification. However, traditional malware detection methods cannot classify detected malware into their respective families, hindering effective malware mitigation. Consequently, this paper proposes a method to automate malware detection and classification of the detected malware into respective malware families. The proposed method uses feature fusion after extracting relevant malware features such as API calls and fixed and variable length n-grams with a customized feature selection method. Moreover, for the predictive model, a voting based approach is proposed for algorithm fusion. For the experimental evaluation of the proposed method, both binary and multi-class classification approaches are applied to the data set provided by Microsoft. Finally, the experimental results are compared with the state of the art. The experimental results indicate the effectiveness and efficiency of the proposed approach with an AUC of 0.989, accuracy of 99.72%, and a log loss of 0.01.