Malware classification and detection using artificial neural network

The steady transition towards higher computer dependency and usage has created a dangerous threat landscape that malefactors and cybercriminals are interested in. This has given the rise to an ever-changing series of malware being created aiming to do a series of malicious tasks. The Anti-Virus (AV) industry has implemented traditional methods, such as hash-based, signature-based, and heuristic-based detection techniques to detect malware, each of which has their own set of drawbacks that limit their ability to detect malware with high efficacy. To address these issues, security analysts and researchers have transitioned their focus to other disciplinary fields, most notably, machine learning. Although there have been notable works done in this domain, there yet lies a gap, as no work thus far has been able to achieve the ultimate detection rate with minimal performance overhead, therefore there’s a need for exploring new methods or set of approaches for malware detection. This paper focuses on the investigation and implementation of a neural network binary malware classifier that can classify an unseen file as malicious or benign. The scope has been narrowed down to classify Windows Portable Executable (PE) files based on their imported library function calls. The implemented model achieved an average accuracy of 97.8%, with 97.6% precision, and 96.6% recall. These are very promising results, as they signify the model’s ability to generalize against an independent set, thus accentuating the viability of the proposed and implemented a method for malware classification.