Exploring the Effectiveness and Efficiency of LightGBM Algorithm for Windows Malware Detection

Malware has posed a serious problem in today's world of cyber security. Effective malware detection approaches minimize damages caused by malware attack, while efficient detection strategies reduce the amount of resources required to detect malware. A previous application of LightGBM model to malware detection shows that the technique is suitable for Windows malware detection. However, the study did not compute the training time, detection time and classification accuracy of the model. There is need to evaluate the accuracy of LightGBM algorithm and determine the time required for training it. This is because quality training produces highly reliable model. It is also necessary to compute the classification accuracy and prediction time, to enhance better decision making. This paper applied the generic LightGBM algorithm on Windows malware to determine its efficiency and effectiveness in terms of training time, prediction time and classification accuracy. Performance evaluation based on the Malimg dataset shows a 99.80% training accuracy for binary class, while the accuracy for multi-class is 96.87%. The training time of the generic LightGBM is 179.51s for binary class and 2224.77s for multi-class. The classification accuracy showed a True Positive Rate (TPR) of 99% and False Positive Rate (FPR) of 0.99% for the binary classification, while the prediction time of the model are 0.08s and 0.40s for binary and multi class respectively. The results obtained for training time, detection time and classification accuracy show that LightGBM algorithm is suitable for detecting Windows malware.