A Comparative Study of Malware Detection in Enterprise Networks

Abstract

Malware detection is a software and technique that detects malicious activity on a host or network. The internet's rapid growth and development necessitate data verification and authentication before its use in an enterprise. Therefore, we should deploy ML techniques to identify and detect malware, thereby aiding in the protection of the enterprise network. The paper illustrates malware detection techniques by utilizing the CICIDS-2017 dataset, selecting relevant features, and grouping the dataset into different classes depending on their characteristics, such as weight. Also, we employ classification techniques such as naive Bayes models, support vector algorithms, random forests, and decision trees (C4.5). The accuracy of these systems is 72.96%, 96%, 99.67%, and 99.59%, respectively, and we compare their performance. Additionally, we employ preprocessors to identify malware patterns in the training dataset and monitor online network traffic. These systems classify the malware as either benign or malicious. Among various ML techniques, the research indicates that random forests obtain the highest accuracy.