A Comprehensive Review of Machine Learning-Based Malware Detection Techniques for Windows Platform
Abstract
The growing threat of windows malware poses an increasing risk to the security of computers and the sensitive information they hold. The exponential rise in malware threats targeting the windows platform necessitates robust and adaptive detection mechanisms. Machine learning (ML) techniques demonstrate effectiveness in identifying windows malware therefore, a thorough analysis of these techniques is essential. This paper presents a comprehensive review of machine learning based techniques which have been proposed by research community for detecting windows malware. The review begins by providing a comparison of this study with the existing reviews. Then, we provide details of different ML based malware detection techniques. These techniques have been assessed on multiple parameters including: dataset used for training and testing, availability of dataset, ML model used for classification, the type of extracted features, analysis type and the metrics employed to measure the effectiveness of technique. Furthermore, the paper highlights the limitations and challenges in this field and suggests potential future research directions. By providing a comprehensive overview and critical analysis of ML-based malware detection techniques proposed for the windows environment, this study aims to guide and inspire further research in handling evolving cyber threats.
References
S. Naz and D.K. Singh, "Review of machine learningmethods for windows malware detection," in 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp. 1-6, 2019.
J. Singh and J. Singh, "A survey on machine learning-based malware detection in executable files," Journal of Systems Architecture, vol. 112, pp. 101861, 2021.
M.N.U.R. Chowdhury, A. Haque, H. Soliman, M.S. Hossen, T. Fatima, and Ahmed, I., "Android malware Detection using Machine learning: A Review," arXiv preprint arXiv:2307.02412, 2023.
Ö. Aslan and R. Samet, "A comprehensive review on malware detection approaches," IEEE Access, vol. 8, pp. 6249-6271, 2020.
Ö. Aslan and A.A. Yilmaz, "A new malware classification framework based on deep learning algorithms," IEEE Access, vol. 9, pp. 87936-87951,2021.
Q. Wu, X. Zhu, and B. Liu, "A survey of android malware static detection technology based on machine learning," Mobile Information Systems, vol. 2021, pp. 1-18, 2021.
E.J. Alqahtani, R. Zagrouba, and A. Almuhaideb, "A survey on android malware detection techniques using machine learning algorithms," in 2019 Sixth International Conference on Software Defined Systems (SDS), pp. 110-117, 2019.
V. Kouliaridis and G. Kambourakis, "A comprehensive survey on machine learning techniques for android malware detection," Information, vol. 12, no. 5, pp. 185, 2021.
J. Senanayake, H. Kalutarage, and M. O. Al-Kadri, "Android mobile malware detection using machine learning: A systematic review," Electronics, vol. 10, no. 13,pp. 1606, 2021.
M. Al-Janabi and A. M. Altamimi, "A comparative analysis of machine learning techniques for classification and detection of malware," in 2020 21st International Arab Conference on Information Technology (ACIT), pp. 1-9, 2020.
J. Qiu, J. Zhang, W. Luo, L. Pan, S. Nepal, and Y. Xiang, "A survey of android malware detection with deep neural models," ACM Computing Surveys (CSUR), vol. 53, no. 6, pp. 1-36, 2020.
K. Liu, S. Xu, G. Xu, M. Zhang, D. Sun, and H. Liu, "A review of android malware detection approaches based on machine learning," IEEE Access, vol. 8, pp. 124579-124607, 2020.
Z. Wang, Q. Liu, and Y. Chi, "Review of android malware detection based on deep learning," IEEE Access, vol. 8, pp. 181102-181126, 2020.
A. Hussain, M. Asif, M. B. Ahmad, T. Mahmood, and M. A. Raza, "Malware detection using machine learning algorithms for windows platform," in Proceedings of International Conference on Information Technology and Applications: ICITA, Singapore: Springer Nature Singapore, pp. 619-632, 2022.
R. Damaševičius, A. Venčkauskas, J. Toldinas, and Š. Grigaliūnas, "Ensemble-based classification using neural networks and machine learning models for windows pe malware detection," Electronics, vol. 10, no. 4, pp. 485, 2021.
M. Almousa, S. Basavaraju, and M. Anwar, "Api-based ransomware detection using machine learning-based threat detection models," in 2021 18th International Conference on Privacy, Security and Trust (PST), pp. 1-7, 2021.
A. Irshad, R. Maurya, M. K. Dutta, R. Burget, and V. Uher, "Feature optimization for runtime analysis of malware in windows operating system using machine learning approach," in 2019 42nd International Conference on Telecommunications and Signal Processing (TSP), pp. 255-260, 2019.
F. O. Catak, A. F. Yazı, O. Elezaj, and J. Ahmed, "Deep learning based Sequential model for malware analysis using Windows exe API Calls," PeerJ Computer Science, vol. 6, pp. e285, 2020.
X. Huang, L. Ma, W. Yang, and Y. Zhong, "A method for Windows malware detection based on deep learning," Journal of Signal Processing Systems, vol. 93, pp. 265-273, 2021.
D. Rabadi and S. G. Teo, "Advanced Windows methods on malware detection and classification," in Annual Computer Security Applications Conference,pp. 54-68, 2020.
K. Sethi, R. Kumar, L. Sethi, P. Bera, and P. K. Patra, "A novel machine learning based malware detection and classification framework," in 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), pp. 1-4, 2019.
M. S. Akhtar and T. Feng, "Malware Analysis and Detection Using Machine Learning Algorithms," Symmetry, vol. 14, no. 11, pp. 2304, 2022.
K. Shaukat, S. Luo, and V. Varadharajan, "A novel deep learning-based approach for malware detection," Engineering Applications of Artificial Intelligence, vol. 122, pp. 106030, 2023.
M. S. Akhtar and T. Feng, "Detection of malware by deep learning as CNN-LSTM machine learning techniques in real time," Symmetry, vol. 14, no. 11, pp. 2308, 2022.
M. Ahmed, N. Afreen, M. Ahmed, M. Sameer, and J. Ahamed, "An inception V3 approach for malware classification using machine learning and transfer learning," International Journal of Intelligent Networks, vol. 4, pp. 11-18, 2023.
J. Palša, N. Ádám, J. Hurtuk, E. Chovancová, B. Madoš, M. Chovanec, and S. Kocan, "Mlmd—a malware-detecting antivirus tool based on the xgboost machine learning algorithm," Applied Sciences, vol. 12, no. 13, pp. 6672, 2022.
G. O. Ganfure, C. F. Wu, Y. H. Chang, and W. K. Shih, "Deepware: Imaging performance counters with deep learning to detect ransomware," IEEE Transactions on Computers, vol. 72, no. 3, pp. 600-613, 2022.
U. Zahoora, A. Khan, M. Rajarajan, S. H. Khan, M. Asam, and T. Jamal, "Ransomware detection using deep learning based unsupervised feature extraction and a cost-sensitive Pareto Ensemble classifier," Scientific Reports, vol. 12, no. 1, pp. 15647, 2022.
P. Tumuluru, L. R. Burra, M. V. V. Reddy, S. Sudarsa, Y. Sreeraman, and A. L. A. Reddy, "APMWMM: Approach to Probe Malware on Windows Machine using Machine Learning," in 2022 International Conference on Applied Artificial Intelligence and Computing (ICAAIC), pp. 614-619, 2022.
M. Kumar, "Scalable malware detection system using big data and distributed machine learning approach," Soft Computing, vol. 26, no. 8, pp. 3987-4003, 2022.
S. S. Alshamrani, "Design and Analysis of Machine Learning Based Technique for Malware Identification and Classification of Portable Document Format Files," Security and Communication Networks, vol. 2022, 2022.
F. Alhaidari, N. A. Shaib, M. Alsafi, H. Alharbi, M. Alawami, R. Aljindan, and R. Zagrouba, "ZeVigilante: detecting zero-day malware using machine learning and sandboxing analysis techniques," Computational Intelligence and Neuroscience, vol. 2022, 2022.
W. Z. Zakaria, M. F. Abdollah, O. Mohd, S. W. M. S. M. Yassin, and A. Ariffin, "RENTAKA: A Novel Machine Learning Framework for Crypto-Ransomware Pre-encryption Detection," International Journal of Advanced Computer Science and Applications, vol. 13, no. 5, pp. 378-385, 2022
E. V. P. Kalyan, A. P. Adarsh, S. S. L. Reddy, and P. Renjith, "Detection of malware using CNN," in 2022 Second International Conference on Computer Science, Engineering and Applications (ICCSEA), pp. 1-6, 2022.
Q. Abu Al-Haija, A. Odeh, and H. Qattous, "PDF malware detection based on optimizable decision trees," Electronics, vol. 11, no. 19, pp. 3142, 2022.
N. A. Azeez, O. E. Odufuwa, S. Misra, J. Oluranti, and R. Damaševičius, "Windows PE malware detection using ensemble learning," Informatics, vol. 8, no. 1, pp. 10, 2021.
N. Loi, C. Borile, and D. Ucci, "Towards an automated pipeline for detecting and classifying malware through machine learning," arXiv preprint arXiv:2106.05625, 2021.
M. Asam,S. J. Hussain, M. Mohatram, S. H. Khan, T. Jamal, A. Zafar, and U. Zahoora, "Detection of exceptional malware variants using deep boosted feature spaces and machine learning," Applied Sciences, vol. 11, no. 21, pp. 10464, 2021.
M. Ashik, A. Jyothish, S. Anandaram, P. Vinod, F. Mercaldo, F. Martinelli, and A. Santone, "Detection of malicious software by analyzing distinct artifacts using machine learning and deep learning algorithms," Electronics, vol. 10, no. 14, pp. 1694, 2021.
G. Ahn, K. Kim, W. Park, and D. Shin, "Malicious file detection method using machine learning and interworking with MITRE ATT&CK framework," Applied Sciences, vol. 12, no. 21, pp. 10761, 2022.
S. Aurangzeb, R. N. B. Rais, M. Aleem, M. A. Islam, and M. A. Iqbal, "On the classification of Microsoft-Windows ransomware using hardware profile," PeerJ Computer Science, vol. 7, pp. e361, 2021.
J. Hemalatha, S. A. Roseline, S. Geetha, S. Kadry, and R. Damaševičius, "An efficient densenet-based deep learning model for malware detection," Entropy, vol. 23, no. 3, pp. 344, 2021.
Z. He, T. Miari, H. M. Makrani, M. Aliasgari, H. Homayoun, and H. Sayadi, "When machine learning meets hardware cybersecurity: Delving into accurate zero-day malware detection," in 2021 22nd International Symposium on Quality Electronic Design (ISQED), pp. 85-90, 2021.
D. Sgandurra, L. Muñoz-González, R. Mohsen, and E. C. Lupu, "Automated dynamic analysis of ransomware: Benefits, limitations and use for detection," arXiv preprint arXiv:1609.03020, 2016.
