Towards Improved Malware Detection using Multilevel Ensemble Supervised Learning

Abstract

Malware is a computer program or a piece of software that is designed to penetrate and detriment computers without the owner's permission. There are different malware types such as viruses, rootkits, keyloggers, worms, trojans, spyware, ransomware, backdoors, logic bomb, etc. Volume, variant, and speed of propagation of malware are increasing every year. Antivirus companies are receiving thousands of malware on the daily basis, so detection of malware is a complex and time-consuming task. Traditional signature based and anomaly based malware detection techniques are still in use. However, the signature based detection system fails for new unknown malware. In case of anomaly based detection, if the malicious activity behaves like a normal activity, the detection treats it as a normal one. Today's attackers are using various obfuscation techniques which has become a great challenge for the detectors to detect the malicious content with the traditional malware detection techniques. In this research, multilevel ensemble classification approach is introduced to detect malware using the concept of API Calls usage frequency in a portable executable format to find accuracy, sensitivity, specificity, misclassification rate, Kappa, precision, false positive rate and false negative rate. The results show that the proposed multilevel ensemble approach can classify malware with 94.67% accuracy and 4.79% False Positive Rate.