Feature Collection and Selection in Malware Classification

In order to make up for the shortcomings of signature-based traditional classification methods, the supervised learning algorithms of machine learning and deep learning are gradually applied to malware detection and classification. Based on the Windows malware classification problem, we firstly introduce the collection techniques of different features. Then we discuss the impact of the different features from malware behavior selected on classification results. The results show that the fine-grained features are usually better than coarse-grained features, multi-features are better than single features under certain circumstances. Besides, the collection and training costs of static features are smaller than dynamic features. Finally, considering the factors of training time, complexity of feature collection and classification accuracy, we present our own views on the features that should be applied to malware classification issues in different situations.