Enhancing multi-class malware detection in resource-constrained environments

Abstract

The emergence of multi-class malware attacks such as ransomware, spyware, trojan etc. presents an increasing and serious threat to cybersecurity, particularly in resource constrained environments like in IoT devices. Existing machine learning models have achieved nearly perfect accuracy in binary malware classification but falls short in terms of classifying malware families and individual malwares. Additionally, the complexity of these multi-class malware attacks present a significant challenge of detection in resourceconstrained environments as multi-class detection usually requires high computational capability. This research bridges the gap by enhancing the detection accuracy of multiclass malware classification as well as developing a lightweight model that can run efficiently on resource-constrained devices. In this paper, we propose a robust lightweight machine learning model featuring LightGBM classifier with SMOTE oversampling and SOM-US undersampling techniques for data balancing as well as well-engineered feature selection through Genetic Algorithm. The model performed better than the current state of the art models developed on the same dataset in both malware family classification (4 classes) and individual malware type classification (16 classes) with accuracy of 89.1% and 76% respectively. Thus, Maintaining a balance between classification accuracy and computational efficiency in resource constrained environments. Furthermore, we propose another model using Random Forest classifier with an accuracy of 91.2% in malware family classification and 78.7% in individual malware classification. Demonstrating a significant enhancement in terms of accuracy from the current state of the art models.