Improving malware detection using multi-view ensemble learning

The huge influx of new malware is created every day, and those malware have not been previously seen in the wild. Current anti-virus software uses byte signature to identify known malware and has little hope of identifying new malware. Researchers have proposed several malware detection methods based on byte n-grams, opcode n-grams, and format information, and those methods partially capture the distinguishable information between benign and malicious programs. In this study, we design two schemes to incorporate the aforementioned three single-view features and fully exploit complementary information of those features to discover the true nature of a program. Two datasets are used to evaluate new malware detection performance and generalization performance of the proposed schemes. Experimental results indicate that the proposed schemes increase the detection rate of new malware, improve the generalization performance of learning model, and reduce the false alarm rate to 0%. Because malware is hard to disguise itself in every feature view, the proposed schemes are more robust and not easy to be deceived. Copyright © 2016 John Wiley & Sons, Ltd.