Performance of Machine Learning Classifiers for Malware Detection Over Imbalanced Data

Paulina Morillo; Diego Bahamonde; Wilian Tapia

doi:10.1007/978-3-031-47721-8_33

Performance of Machine Learning Classifiers for Malware Detection Over Imbalanced Data

Paulina Morillo, Diego Bahamonde, Wilian Tapia

Grupo de Investigación Infraestructura de Datos Espaciales Inteligencia Artificial Geoportales y Computación Aplicada (IDE IA GEO CA)

Producción científica: Capítulo del libro/informe/acta de congreso › Contribución de conferencia › revisión exhaustiva

Resumen

Detecting malware is crucial to avoid severe damage to a computer system. However, doing it by training Machine Learning algorithms can present complications since often there is imbalanced data. Therefore, one of the challenges faced by binary classification is learning to clearly distinguish between two classes when you have a much larger number of instances of one class than another. To decrease bias and to handle imbalance, some techniques increase or reduce the number of cases of the minority and majority classes, respectively. This paper analyzes the performance of three cost-sensitive classifiers, LR, DT, and RF, trained with an imbalanced malware detection dataset and four artificial datasets built using Near Miss, SMOTE, SMOTEENN, and SMOTETomek re-sample techniques. The results show that Near Miss achieves a proper balance between the classes so that the algorithms increase their overall performance, reaching balanced accuracies greater than 95%. On the other hand, the rest of the techniques slightly increase the ability of the classifiers to identify objects of the minority class. Meanwhile, Random Forest achieved balanced and high performance. Besides, the training and testing times for oversampling or hybrid techniques are far superior to those obtained by undersampling since the latter reduces the number of instances processed by the models.

Idioma original	Inglés
Título de la publicación alojada	Intelligent Systems and Applications - Proceedings of the 2023 Intelligent Systems Conference IntelliSys Volume 1
Editores	Kohei Arai
Editorial	Springer Science and Business Media Deutschland GmbH
Páginas	496-507
Número de páginas	12
ISBN (versión impresa)	9783031477201
DOI	https://doi.org/10.1007/978-3-031-47721-8_33
Estado	Publicada - 2024
Evento	Intelligent Systems Conference, IntelliSys 2023 - Amsterdam, Países Bajos Duración: 7 sep. 2023 → 8 sep. 2023

Serie de la publicación

Nombre	Lecture Notes in Networks and Systems
Volumen	822
ISSN (versión impresa)	2367-3370
ISSN (versión digital)	2367-3389

Conferencia

Conferencia	Intelligent Systems Conference, IntelliSys 2023
País/Territorio	Países Bajos
Ciudad	Amsterdam
Período	7/09/23 → 8/09/23

Nota bibliográfica

Publisher Copyright:
© 2024, The Author(s), under exclusive license to Springer Nature Switzerland AG.

Acceder al documento

10.1007/978-3-031-47721-8_33

Otros archivos y enlaces

Enlace a la publicación en Scopus

Citar esto

Morillo, P., Bahamonde, D., & Tapia, W. (2024). Performance of Machine Learning Classifiers for Malware Detection Over Imbalanced Data. En K. Arai (Ed.), Intelligent Systems and Applications - Proceedings of the 2023 Intelligent Systems Conference IntelliSys Volume 1 (pp. 496-507). (Lecture Notes in Networks and Systems; Vol. 822). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-47721-8_33

Morillo, Paulina ; Bahamonde, Diego ; Tapia, Wilian. / Performance of Machine Learning Classifiers for Malware Detection Over Imbalanced Data. Intelligent Systems and Applications - Proceedings of the 2023 Intelligent Systems Conference IntelliSys Volume 1. editor / Kohei Arai. Springer Science and Business Media Deutschland GmbH, 2024. pp. 496-507 (Lecture Notes in Networks and Systems).

@inproceedings{1013ff9da556411b8164daed348b3407,

title = "Performance of Machine Learning Classifiers for Malware Detection Over Imbalanced Data",

abstract = "Detecting malware is crucial to avoid severe damage to a computer system. However, doing it by training Machine Learning algorithms can present complications since often there is imbalanced data. Therefore, one of the challenges faced by binary classification is learning to clearly distinguish between two classes when you have a much larger number of instances of one class than another. To decrease bias and to handle imbalance, some techniques increase or reduce the number of cases of the minority and majority classes, respectively. This paper analyzes the performance of three cost-sensitive classifiers, LR, DT, and RF, trained with an imbalanced malware detection dataset and four artificial datasets built using Near Miss, SMOTE, SMOTEENN, and SMOTETomek re-sample techniques. The results show that Near Miss achieves a proper balance between the classes so that the algorithms increase their overall performance, reaching balanced accuracies greater than 95%. On the other hand, the rest of the techniques slightly increase the ability of the classifiers to identify objects of the minority class. Meanwhile, Random Forest achieved balanced and high performance. Besides, the training and testing times for oversampling or hybrid techniques are far superior to those obtained by undersampling since the latter reduces the number of instances processed by the models.",

keywords = "AUC, Balance Accuracy, Binary Classification, Confusion Matrix, G-Mean, Hybrid, Oversampling, Re-Sample, Undersampling",

author = "Paulina Morillo and Diego Bahamonde and Wilian Tapia",

note = "Publisher Copyright: {\textcopyright} 2024, The Author(s), under exclusive license to Springer Nature Switzerland AG.; Intelligent Systems Conference, IntelliSys 2023 ; Conference date: 07-09-2023 Through 08-09-2023",

year = "2024",

doi = "10.1007/978-3-031-47721-8_33",

language = "English",

isbn = "9783031477201",

series = "Lecture Notes in Networks and Systems",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "496--507",

editor = "Kohei Arai",

booktitle = "Intelligent Systems and Applications - Proceedings of the 2023 Intelligent Systems Conference IntelliSys Volume 1",

address = "Germany",

}

Morillo, P, Bahamonde, D & Tapia, W 2024, Performance of Machine Learning Classifiers for Malware Detection Over Imbalanced Data. En K Arai (ed.), Intelligent Systems and Applications - Proceedings of the 2023 Intelligent Systems Conference IntelliSys Volume 1. Lecture Notes in Networks and Systems, vol. 822, Springer Science and Business Media Deutschland GmbH, pp. 496-507, Intelligent Systems Conference, IntelliSys 2023, Amsterdam, Países Bajos, 7/09/23. https://doi.org/10.1007/978-3-031-47721-8_33

Performance of Machine Learning Classifiers for Malware Detection Over Imbalanced Data. / Morillo, Paulina; Bahamonde, Diego; Tapia, Wilian.
Intelligent Systems and Applications - Proceedings of the 2023 Intelligent Systems Conference IntelliSys Volume 1. ed. / Kohei Arai. Springer Science and Business Media Deutschland GmbH, 2024. p. 496-507 (Lecture Notes in Networks and Systems; Vol. 822).

Producción científica: Capítulo del libro/informe/acta de congreso › Contribución de conferencia › revisión exhaustiva

TY - GEN

T1 - Performance of Machine Learning Classifiers for Malware Detection Over Imbalanced Data

AU - Morillo, Paulina

AU - Bahamonde, Diego

AU - Tapia, Wilian

PY - 2024

Y1 - 2024

N2 - Detecting malware is crucial to avoid severe damage to a computer system. However, doing it by training Machine Learning algorithms can present complications since often there is imbalanced data. Therefore, one of the challenges faced by binary classification is learning to clearly distinguish between two classes when you have a much larger number of instances of one class than another. To decrease bias and to handle imbalance, some techniques increase or reduce the number of cases of the minority and majority classes, respectively. This paper analyzes the performance of three cost-sensitive classifiers, LR, DT, and RF, trained with an imbalanced malware detection dataset and four artificial datasets built using Near Miss, SMOTE, SMOTEENN, and SMOTETomek re-sample techniques. The results show that Near Miss achieves a proper balance between the classes so that the algorithms increase their overall performance, reaching balanced accuracies greater than 95%. On the other hand, the rest of the techniques slightly increase the ability of the classifiers to identify objects of the minority class. Meanwhile, Random Forest achieved balanced and high performance. Besides, the training and testing times for oversampling or hybrid techniques are far superior to those obtained by undersampling since the latter reduces the number of instances processed by the models.

AB - Detecting malware is crucial to avoid severe damage to a computer system. However, doing it by training Machine Learning algorithms can present complications since often there is imbalanced data. Therefore, one of the challenges faced by binary classification is learning to clearly distinguish between two classes when you have a much larger number of instances of one class than another. To decrease bias and to handle imbalance, some techniques increase or reduce the number of cases of the minority and majority classes, respectively. This paper analyzes the performance of three cost-sensitive classifiers, LR, DT, and RF, trained with an imbalanced malware detection dataset and four artificial datasets built using Near Miss, SMOTE, SMOTEENN, and SMOTETomek re-sample techniques. The results show that Near Miss achieves a proper balance between the classes so that the algorithms increase their overall performance, reaching balanced accuracies greater than 95%. On the other hand, the rest of the techniques slightly increase the ability of the classifiers to identify objects of the minority class. Meanwhile, Random Forest achieved balanced and high performance. Besides, the training and testing times for oversampling or hybrid techniques are far superior to those obtained by undersampling since the latter reduces the number of instances processed by the models.

KW - AUC

KW - Balance Accuracy

KW - Binary Classification

KW - Confusion Matrix

KW - G-Mean

KW - Hybrid

KW - Oversampling

KW - Re-Sample

KW - Undersampling

UR - http://www.scopus.com/inward/record.url?scp=85182509408&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-47721-8_33

DO - 10.1007/978-3-031-47721-8_33

M3 - Conference contribution

AN - SCOPUS:85182509408

SN - 9783031477201

T3 - Lecture Notes in Networks and Systems

SP - 496

EP - 507

BT - Intelligent Systems and Applications - Proceedings of the 2023 Intelligent Systems Conference IntelliSys Volume 1

A2 - Arai, Kohei

PB - Springer Science and Business Media Deutschland GmbH

T2 - Intelligent Systems Conference, IntelliSys 2023

Y2 - 7 September 2023 through 8 September 2023

ER -

Morillo P, Bahamonde D, Tapia W. Performance of Machine Learning Classifiers for Malware Detection Over Imbalanced Data. En Arai K, editor, Intelligent Systems and Applications - Proceedings of the 2023 Intelligent Systems Conference IntelliSys Volume 1. Springer Science and Business Media Deutschland GmbH. 2024. p. 496-507. (Lecture Notes in Networks and Systems). doi: 10.1007/978-3-031-47721-8_33