Skip to main content

Research Repository

Advanced Search

Efficient and interpretable real-time malware detection using random-forest

Mills, Alan; Spyridopoulos, Theodoros; Legg, Phil


Alan Mills


© 2019 IEEE. Malicious software, often described as malware, is one of the greatest threats to modern computer systems, and attackers continue to develop more sophisticated methods to access and compromise data and resources. Machine learning methods have potential to improve malware detection both in terms of accuracy and detection runtime, and is an active area within academic research and commercial development. Whilst the majority of research focused on improving accuracy and runtime of these systems, to date there has been little focus on the interpretability of detection results. In this paper, we propose a lightweight malware detection system called NODENS that can be deployed on affordable hardware such as a Raspberry Pi. Crucially, NODENS provides transparency of output results so that an end-user can begin to examine why the classifier believes a software sample to be either malicious or benign. Using an efficient Random-Forest approach, our system provides interpretability whilst not sacrificing accuracy or detection runtime, with an average detection speed of between 3-8 seconds, allowing for early remedial action to be taken before damage is caused.


Mills, A., Spyridopoulos, T., & Legg, P. (2019). Efficient and interpretable real-time malware detection using random-forest. .

Conference Name 2019 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, Cyber SA 2019
Conference Location Oxford, England
Start Date Jun 3, 2019
End Date Jun 4, 2019
Acceptance Date Mar 26, 2019
Online Publication Date Jun 4, 2019
Publication Date Jun 1, 2019
Deposit Date Apr 4, 2019
Publicly Available Date Apr 4, 2019
Publisher Institute of Electrical and Electronics Engineers (IEEE)
Peer Reviewed Peer Reviewed
ISBN 9781728102320
Public URL
Publisher URL


cybersa19_malware.pdf (280 Kb)


Publisher Licence URL

Copyright Statement
(c) 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.

You might also like

Downloadable Citations