ML-Based Cross-Platform Malware Detection

The rapidly evolving landscape of malware necessitates robust cross-platform detection solutions. This study addresses a critical gap by investigating the efficacy of Machine Learning (ML) and heuristic methods combined for superior malware detection across platforms. Traditional signature-based methods struggle with this ever-evolving threat landscape, particularly due to modern malware’s obfuscation techniques. Our research proposes a novel approach leveraging Deep Learning models (Convolutional Neural Network (CNN) and Deep Neural Network (DNN)) to overcome these limitations. We compare these models with established ML algorithms on a comprehensive malware dataset (CICAndMal2017) for both binary and multi-class classification. The findings demonstrate significant advancements: Deep Learning models consistently outperform traditional ML approaches, achieving superior accuracy, precision, and recall. Additionally, combining Deep Learning with heuristics yields even better detection performance, highlighting the value of incorporating domain knowledge through heuristics for improved feature selection and classification. Furthermore, the study emphasizes the importance of dynamic features, capturing malware’s runtime behavior, to bypass obfuscation techniques. Traditional static analysis often struggles with such obfuscation, highlighting the need for a combined approach that analyzes both static and dynamic features for a more comprehensive understanding of malware behavior. This research significantly contributes to cross-platform malware detection by validating the superiority of Deep Learning models, particularly when combined with heuristics. It emphasizes the crucial role of dynamic analysis and promotes a combined detection approach leveraging both Deep Learning and heuristics for superior malware classification and mitigation. Future work directions include expanding data collection with diverse features and investigating unsupervised or reinforcement learning techniques for further enhanced detection capabilities. By addressing the research gap through this combined approach, this study paves the way for more robust and adaptable security solutions against evolving threats.