City Research Online

Abstract

Many commercial anti-virus software already usesome form of machine learning to help with detection. How-ever, there has been little research on ways in which multiplealgorithms can be combined to improve malware detection. Thispaper presents an analysis of a dataset of malware and benignsoftware, analysed by diverse recurrent neural networks (RNNs).Our focus is on analysing the possible benefits and/or drawbacksin malware detection from using multiple algorithms in diverseconfigurations. We have analysed the sensitivity, specificity andaccuracy of RNN combinations with up to 10 models percombination, using prediction results from a previous research.Our results show significant gains in malware detection whenusing combinations with 1-out-of-N adjudication schemes (anincrease of 0.28), and likewise gains for specificity in N-out-of-N schemes (an increase of 0.14). We also look at the interplaybetween sensitivity and specificity when putting together systemsthat use a simple majority adjudication scheme (e.g. 3-out-of-5).Additionally, we highlight the major sources of diversity betweenthe various RNN models used, and speculate on the benefitstowards specific types of malware. To the best of our knowledge,similar results on the use of diverse machine learning algorithmsfor malware detection have not been presented in the past.

Publication Type:	Article
Additional Information:	© 2021. This manuscript version is made available under the CC-BY-NC-ND 4.0 license http://creativecommons.org/licenses/by-nc-nd/4.0/
Publisher Keywords:	malware detection; design diversity; diverse machine learning; model diversity; cybersecurity
Subjects:	Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Departments:	School of Science & Technology > Computer Science School of Science & Technology > Computer Science > Software Reliability
SWORD Depositor:	Symplectic Administrator

Export

Downloads