Malware Detection Using Ensemble N-gram Opcode Sequences

Malware Detection Using Ensemble N-gram Opcode Sequences

Malware Detection

N-Gram

Opcode

Machine Learning

Ensemble

Grid Search

Conventional approaches to tackling malware attacks have proven to be futile at detecting never-before-seen (zero-day) malware. Research however has shown that zero-day malicious files are mostly semantic-preserving variants of already existing malware, which are generated via obfuscation methods. In this paper we propose and evaluate a machine learning based malware detection model using ensemble approach. We employ a strategy of ensemble where multiple feature sets generated from different n-gram sizes of opcode sequences are trained using a single classifier. Model predictions on the trained multi feature sets are weighted and combined on average to make a final verdict on whether a binary file is malicious or benign. To obtain optimal weight combination for the ensemble feature sets, we applied a grid search on a set of pre-defined weights in the range 0 to 1. With a balanced dataset of 2000 samples, an ensemble of n-gram opcode sequences of n sizes 1 and 2 with respective weight pair 0.3 and 0.7 yielded the best detection accuracy of 98.1% using random forest (RF) classifier. Ensemble n-gram sizes 2 and 3 obtained 99.7% as best precision using weight 0.5 for both models.

Yeboah, Paul Ntim

Amuquandoh, Stephen Kweku

Musah, Haruna Balle Baz

International Journal of Interactive Mobile Technologies (iJIM); Vol. 15 No. 24 (2021); pp. 19-31

1865-7923

International Association of Online Engineering (IAOE), Vienna, Austria

2021-12-21

Copyright (c) 2021 Paul Ntim Yeboah, Stephen Kweku Amuquandoh, Haruna Balle Baz Musah

https://creativecommons.org/licenses/by/4.0

application/pdf

eng

info:eu-repo/semantics/article

info:eu-repo/semantics/publishedVersion

Peer-reviewed Article