Machine Learning for Malware Detection: Beyond Accuracy Rates
Conference Paper
Overview
Identity
Additional Document Info
Other
View All
Overview
abstract
Today's world is supported by connected, electronic systems, thus ensuring their secure operation is essential to our daily lives. A major threat to system's security is malware infections, which cause nancial and image losses to corporate and end-users, thus motivating the development of malware detectors. In this scenario, Machine Learning (ML) has been demonstrated to be a powerful technique to develop classiers able to distinguish malware from goodware samples. However, many ML research work on malware detection focus only on the nal detection accuracy rate and overlook other important aspects of classier's implementation and evaluation, such as feature extraction and parameter selection. In this paper, we shed light to these aspects to highlight the challenges and drawbacks of ML-based malware classiers development. We trained 25 distinct classication models and applied them to 2,800 real x86, Linux ELF malware binaries. Our results shows that: (i) dynamic features outperforms static features when the same classiers are considered; (ii) Discrete-bounded features present smaller accuracy variance over time in comparison to continuous features, at the cost of some time-localized accuracy loss; (iii) Datasets presenting distinct characteristics (e.g., temporal changes) impose generalization challenges to ML models; and (iv) Feature analysis can be used as feedback information for malware detection and infection prevention. We expect that our work could help other researchers when developing their ML-based malware classication solutions.
name of conference
Anais Estendidos do XIX Simpsio Brasileiro de Segurana da Informao e de Sistemas Computacionais (SBSeg Estendido 2019)
