Solving Malware Classification Task using Python

data analysis and visualization; machine learning; cybersecurity-related data analytics

My interests:

Topic is important

Terms

Malware

software that is specifically designed to disrupt, damage, or gain unauthorized access

Main Steps

Dataset collection

Building a machine learning model

Data reduction

01

02

03

Dataset collection

01.

With data collection, “the sooner the better”, is always the best

Problem

Create a dataset with features that will help the system distinguish between

Solution

Found:

3077 binary malicious files

1952 binary benign files

collected from “VX Heavens

Solution

Extracted:

100 features from binary portable executable files (.exe, .dll, .sys, etc.) using

Dataset reduction

02.

Redundancy is expensive but indispensable.
—Jane Jacobs

Problem

Select features that yield the most accurate results:

apply data reduction algorithms

obtain

Solution

Applied:

Feature importance technique based on Gini importance metric

Principal component analysis (PCA)

Solution

Obtained:

10 features with the highest scores; the higher, the more important the

Solution

Obtained:

reduced the dimensionality of the data from 8 to 2
Principal component 1

Building a machine learning model

03.

What we want is a machine that

Problem

Determine which file is malicious and which is benign:

apply a machine learning

Solution

The data was split into:

5 equal folds
Each fold was used for both

Solution

Applied:

Decision Trees Classifier algorithm.
Built Decision Tree.
Classification rate (accuracy score): 0.9371

Libraries & frameworks used

Pandas
Numpy
Pefile
Scikit-learn
Matplotlib
Math

Resources

Presentation template

M. Zubair Shafiq et al. (2009) PE-Miner: Mining Structural Information to