Panagiotis Bellonias, "Malware detection using machine learning: a double input architecture", Diploma Work, School of Electrical and Computer Engineering, Technical University of Crete, Chania, Greece, 2020
https://doi.org/10.26233/heallink.tuc.86343
This dissertation evaluates the effectiveness of a double input architecture of a machine learning model on malware detection. The model developed is compared to two different neural network architectures to highlight its effectiveness. The first one uses an image representation of the executable file as an input and the second one utilizes only features from the headers of the file. The implemented neural network, using both inputs, outperformed its contestants with an area under receiver operating characteristic (ROC) curve (AUC) equal to 0.989. Furthermore, state-of-the-art antivirus products were compared to the proposed architecture, even though the latter was trained with a relatively limited dataset. The proposed neural network of this work was placed third with a True Positive Rate of 0.972. Complete sources are provided for reproducing the proposed model and the derived results. The importance of large dataset availability in such domains should not be overlooked.