A Survey of Machine Learning Methods and Challenges for Windows Malware Classification

TL;DR

This survey reviews machine learning techniques for Windows malware classification, highlighting current methods, challenges, and future research directions in data collection, feature extraction, and model evaluation.

Contribution

It provides a comprehensive overview of existing machine learning approaches and discusses the unique challenges faced in malware classification tasks.

Findings

Identifies key challenges in data collection and labeling.

Highlights the importance of feature selection and extraction.

Discusses constraints and potential solutions in applying ML to malware detection.

Abstract

Malware classification is a difficult problem, to which machine learning methods have been applied for decades. Yet progress has often been slow, in part due to a number of unique difficulties with the task that occur through all stages of the developing a machine learning system: data collection, labeling, feature creation and selection, model selection, and evaluation. In this survey we will review a number of the current methods and challenges related to malware classification, including data collection, feature extraction, and model construction, and evaluation. Our discussion will include thoughts on the constraints that must be considered for machine learning based solutions in this domain, and yet to be tackled problems for which machine learning could also provide a solution. This survey aims to be useful both to cybersecurity practitioners who wish to learn more about how machine learning can be applied to the malware problem, and to give data scientists the necessary background into the challenges in this uniquely complicated space.