DETECTION AND CLASSIFICATION OF MALWARE USING GRID SEARCH OPTIMIZATION TECHNIQUE

Abstract

Malware are programs written to compromise the confidentiality, integrity, and availability of information assets, rendering them vulnerable to several destructive attacks, mainly due to the emergence of the Internet.  Conventional Antimalware software is not effective at eliminating malware due to its many evasion techniques, such as polymorphism and code obfuscation. Antimalware software is ineffectual and defenceless against zero-day attacks, as it can only eliminate malware for which it has signatures. K Nearest Neighbor, Decision Tree, and Support Vector Machine are some of the leading classifiers that have successfully detected and classified malware, but optimal accuracy of detection has not been achieved. In addition, False Positives and false negatives persist because the hyperparameters of these classifiers were not optimized. Dataset imbalance from an unreliable source is also a major challenge in accurately detecting malware. This research employed K-Nearest Neighbor, Decision Tree, and Support Vector Machine to detect and classify Malware, employing a balanced dataset to train the model. Grid Search optimization technique with cross-validation was used to optimize the hyperparameters of the selected classifiers in order to boost the model's performance and achieve high detection accuracy as well as low false positives and low false negatives. Machine learning performance metrics such as the F1 Score, Precision, Recall, and Accuracy were used to evaluate the performance of the research model. The study achieved high accuracy, outperforming the classical memory analysis model (with tuned hyperparameters), achieving 100% accuracy, false positives of 2, and false negatives of 0 with Support Vector Machine.