Machine Learning for Windows Malware Detection and Classification: Methods, Challenges and Ongoing Research

TL;DR

This paper reviews machine learning techniques for Windows malware detection, discussing methods, challenges like dataset maintenance and adversarial attacks, and ongoing research on defenses.

Contribution

It provides a comprehensive overview of current machine learning approaches, challenges, and research directions in Windows malware detection and classification.

Findings

Survey of feature-based and deep learning detectors

Discussion of challenges like concept drift and adversarial attacks

Overview of ongoing research on adversarial defenses

Abstract

In this chapter, readers will explore how machine learning has been applied to build malware detection systems designed for the Windows operating system. This chapter starts by introducing the main components of a Machine Learning pipeline, highlighting the challenges of collecting and maintaining up-to-date datasets. Following this introduction, various state-of-the-art malware detectors are presented, encompassing both feature-based and deep learning-based detectors. Subsequent sections introduce the primary challenges encountered by machine learning-based malware detectors, including concept drift and adversarial attacks. Lastly, this chapter concludes by providing a brief overview of the ongoing research on adversarial defenses.