Classification of computer viruses from binary code using ensemble classifier and recursive feature elimination

摘要

This paper proposes a supervised machine learning model for detecting (unseen) viruses files. Our main focus is on static analysis approach. To find the best method, we experiment with difference types of feature extraction and three classifier algorithms including extreme gradient boosting, random forest and multilayer perceptron. Our data set contains 6,319 executable files. Each file is extracted with objdump and sorted with TF-IDF score to find best features. The F1 score shows slightly better performance than those of the baselines. Random forest with 20 attributes yields 0.9379758 F1 score which is 0.0316167 more than that of the baseline. The extreme gradient boosting method with 500 attributes achieve 0.9628991 F1 score, 0.0418642 more than that of the baseline. We conclude that our approach can improve the precision and recall of the classification.