Binary and Multiclass Malware Classification of Windows Portable Executable Using Classic Machine Learning and Deep Learning

Moeiz Miraoui ^1* Mohamed Ben Belgacem ²

• ¹ Arab Open University, Riyadh, Saudi Arabia
• ² University of Gafsa, Gafsa, Tunisia

Cybersecurity has become a significant concern in recent decades. Enhancing cybersecurity and safeguarding important information systems are essential in today's world. It is now one of the most important challenges in the realm of IT. Malware has become a significant issue in the modern digital age. The primary objectives of malware are to disrupt, harm, or impair computer systems and information systems without the user's consent or awareness. Currently, malwares are viewed as some of the most prevalent cyber threats. The prevalence of Windows operating system has made it a prime target for malware attacks. PE (Portable Executable) is the standard file format for executable files and DLLs on Windows systems, with PE malware being the most common form of malicious software. Static analysis, which is mainly a signature-based method for detecting malware, can only identify already known malware. The main weakness of this approach is its struggle with obfuscation, such as encryption and packing. The use of machine learning methods has demonstrated significant potential in the field of malware detection and is an emerging field with many opportunities. Most previous works focus on binary classification, limited number of ML algorithms and even a single dataset. In this paper, we present both a binary and multiclass PE malware classification using four classic machine learning algorithms and four deep learning algorithms. We have applied this algorithm on three publicly available datasets and deduced the best algorithm depending on the number of features and dataset size.