Performance Metrics of Different Machine Learning Models for Windows Malware Detection

Abstract

This study experimentally evaluates and analyzes the performance of various machine learning models for Windows malware detection. Their metrics are further analyzed to identify the most effective approach. For this purpose, the researchers employed a diverse dataset to train and assess the models. The used dataset contains known Windows malware samples and benign files. Besdies, the chosen machine learning algorithms, such as Logistic Regression (LR), AdaBoost, LightGBM (LGBM), XGBoost (XGB), Decision Trees (DT), Gradient Boosting, Bagging, Random Forest (RF), and Support Vector Machines (SVM), have various techniques. The study focuses on key performance metrics: Accuracy, Precision, Recall, F1 Score, Specificity, False Positive Rate (FPR), Negative Predictive Value (NPV), False Negative Rate (FNR), and Error Rate. They are used to thoroughly assess the models' effectiveness in distinguishing between malware and benign samples. Additionally, the exploration of the impact of feature selection and extraction methods on model performance is carried out to gain better insights. The study results demonstrate variations in the models' effectiveness. It is noted that certain algorithms demonstrate superior performance in specific metrics. They also offer significant perspectives into the strengths and weaknesses of various machine learning models in the detection of Windows malware, contributing valuable knowledge to the development of more robust cybersecurity strategies. The study implications can hopefully be used to develop an effective and accurate malware detection model. It is expected the model may ultimately foster the security of Windows environments.