Research Article

A Feature Extraction Method of Hybrid Gram for Malicious Behavior Based on Machine Learning

Table 3

Malware detection experiments based on feature selection.

Feature 
representation
Features QuantityClassification 
algorithm
TPR 
/%
FPR 
/%
Accuracy 
/%
AUC

2-gram36ID385.914.387.50.863
Random Forest86.312.886.60.850
AdboostM182.916.380.20.808
Bagging83.915.882.30.826
3-gram53ID386.315.785.00.841
Random Forest94.113.792.00.971
AdboostM191.214.793.00.956
Bagging91.212.887.50.931
4-gram65ID387.914.395.80.868
Random Forest96.86.293.10.98
AdboostM190.99.187.50.974
Bagging93.97.092.00.957
Hybrid n-gram with cross entropy28ID396.86.392.50.963
Random Forest97.85.196.80.983
AdboostM197.85.196.80.983
Bagging97.65.296.80.897