Malware Detection System Using Mathematics of Random Forest Classifier

Abstract

Most cyberattacks including data breaches, identity theft, fraud, and other issues, are known to be caused by malware. Some of the malware attacks are categories as adware, spyware, virus, worm, trojan, rootkit, backdoor, ransomware and command and control (C&C) bot, based on its purpose and behaviour. Malware detectors still utilise signature-based approaches to detect malicious software, which can only detect known malware. Attacks by malware pose a serious threat to people's and organizations' cybersecurity globally. These attacks are occurring more frequently and more frequently lately. Over eight billion malware attacks occurred in 2020, up 4% over the previous year, according to a Symantec report. It is crucial that computer users safeguard their computers with a malware detector like an antivirus, anti-spyware, etc. When creating a machine learning model to differentiate between malicious and benign files, it might be challenging to use domain-level expertise to extract the necessary attributes. This research aims to create a malware detector that uses a trained random forest classifier model to find malware and stop zero-day assaults. A dataset (including both harmful and benign software PE header information) was obtained from virusshare.com and used to train the random forest classifier in order to create this malware detector. The Random Forest Classifier generate greater accuracy when compared with other machine learning classifiers, such as KNN (K-Nearest Neighbors), Decision Tree, Logistic Regression etc., the random forest classifier gives a better accuracy of 99.4%. The Classifier model used here will be a better option to use in order to efficiently and effectively detect malware, it shows that the methodology can be utilized as the basis for an operational system for detecting an unknown malicious executable.