Malware Detection Using a Random Forest Method Trained on a Balanced Synthetic Dataset
DOI:
https://doi.org/10.54327/set2025/v5.i1.167Keywords:
malware detection, accuracy, random forest, flow-based model, balanced dataset, synthetic datasetAbstract
The accuracy of malware detection is closely related to the available datasets, which are often small and imbalanced. To overcome these challenges, this study proposed a new method that creates synthetic malware data and increases the size and balance by generating several data sets with a flow-based model. Subsequently, a random forest classifier is fitted on this augmented dataset. This study aimed to analyze the generation of synthetic data based on flow-based models and the impact of synthetic data generation on the performance of a random forest for malware detection. A flow-based model was used to generate a balanced synthetic dataset based on the CICMalDroid2020 dataset. The generated data was used for feature selection and engineering to optimize the Random Forest model. The experimental results demonstrate the effectiveness of the proposed approach. The flow-based model generated an additional 13,402 samples, massively increasing the dataset size, even though the original dataset had only 11,598 data entries. After training on the synthetic augmented dataset, the Random Forest model achieved better performance compared to the original dataset evaluation with metrics precision (93%), recall (100%), balanced precision (96%), and the F1 score (91%). The results show that flow-based model-generated synthetic data can significantly enhance malware detection capabilities.
Downloads
Downloads
Published
Data Availability Statement
The dataset is available at the following link: https://www.unb.ca/cic/datasets/maldroid-2020.html
License
Copyright (c) 2025 Neo Onica Matsobane, Sello Mokwena
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website, social networking sites, etc).
© SET Journal