Zero-Day Malware Detection using Machine Learning

Abstract

Numerous intrusion detection and prevention systems (IDPS) have been created to recognise anomalous behaviours. However, they frequently fail to detect zero-day assaults, which take use of fresh and unpatched system flaws. Zero-day attacks are a type of malicious software that take advantage of previously unknown vulnerabilities, making them challenging to identify and prevent, and inflicting significant harm to people and organisations. Due to the lack of established attack fingerprints, detecting these attacks is difficult. The conventional strategy, which depends on firewalls and intrusion detection systems (IDS) using recognised attack patterns, is easily circumvented by attackers using cutting-edge and unproven approaches. This research suggests using machine learning techniques to recognise zero-day assaults as a solution to this problem. The study will largely concentrate on unsupervised learning algorithms like clustering as well as supervised learning techniques like decision trees and support vector machines. In order to improve the effectiveness of the machine learning models in detecting zero-day malware from executable files, feature selection techniques will also be investigated. The primary goal of this research is to create an accurate and dependable approach for recognising zero-day malware so that people and organisations can defend themselves against these advanced attacks. The effectiveness of machine learning models created expressly for identifying zero-day malware from executable files was thoroughly assessed. The study shows that the Random Forest classifier demonstrated remarkable performance metrics after training. In addition, the accuracy score of the model was 0.9967, indicating a high degree of overall correct classification. Precision was 0.9956, defined as the percentage of malware samples correctly identified among all anticipated malware samples. The recall metric, which measures how many real malware samples are correctly identified as malware instances, hit 0.9978. The F1-score was determined as the harmonic mean of precision and recall. Furthermore, machine learning techniques have emerged as powerful tools in bolstering system and network security and detecting zero-day malware. This research shows that by leveraging pattern recognition and anomaly detection capabilities, machine learning models can identify potential security threats and zero-day malware attacks in real-time, enhancing the overall security posture.