International Journal of Computer Network and Information Security (IJCNIS)
IJCNIS Vol. 18, No. 1, 8 Feb. 2026
Cover page and Table of Contents: PDF (size: 1278KB)
A Customized Machine Learning Model for Improving Malware Detection
PDF (1278KB), PP.1-17
Views: 0 Downloads: 0
Author(s)
Mosleh M. Abualhaj
1,*
Sumaya Al-Khatib
1
Mahran Al-Zyoud
1
Mohammad O. Hiari
1
Ali Al-Allawee
2
Mohammad A. Alsharaiah
3
Index Terms
Cybersecurity, Malware, Machine Learning, K-nearest Neighbors, Firefly Algorithm
Abstract
Malware detection is a significant factor in establishing effective cybersecurity in the face of constantly increasing cyber threats. This research article aims to investigate the field of machine learning (ML) techniques for malware detection. More specifically, the paper focuses on the Customized K-Nearest Neighbors (C-KNN) classifier and the Firefly Algorithm (FA). The work aims to assess the effectiveness of C-KNN and C-KNN with FA (C-KNN/FA) in malware identification using the MalMem-2022 dataset. The novelty of the proposed method lies in the synergistic integration of the C-KNN algorithm with the FA for metaheuristic optimization. The use of FA to select the most relevant features enables the C-KNN to train on a small and high-quality feature set. Therefore, the performance of malware detection will be improved. We compare the performance of both methods to understand the influence of KNN parameter adjustment and feature selection on malware classification. The C-KNN and C-KNN/FA have produced remarkable results in malware identification, reaching an accuracy of 99.98%. This accomplishment is quite encouraging. With regard to multiclass and binary classification methods, C-KNN and C-KNN/FA both perform better than their alternatives.
Cite This Paper
Mosleh M. Abualhaj, Sumaya Al-Khatib, Mahran Al-Zyoud, Mohammad O. Hiari, Ali Al-Allawee, Mohammad A. Alsharaiah, "A Customized Machine Learning Model for Improving Malware Detection", International Journal of Computer Network and Information Security(IJCNIS), Vol.18, No.1, pp.1-17, 2026. DOI:10.5815/ijcnis.2026.01.01
Reference
[1]M. Xu, K. M. Schweitzer, R. M. Bateman, and S. Xu, “Modeling and Predicting Cyber Hacking Breaches,” in IEEE Transactions on Information Forensics and Security, vol. 13, pp. 2856-2871, 2018 doi: 10.1109/TIFS.2018.2834227
[2]G. Salles-Loustau, V. Sadhu, L. Garcia, K. Joshi, D. Pompili, and S. Zonouz, “Don’t Just BYOD, Bring-Your-Own- App Too! Protection via Virtual Micro Security Perimeters,” in IEEE Transactions on Mobile Computing, vol. 21, pp. 76-92, 2022 doi: 10.1109/TMC.2020.3000852.
[3]Abualhaj, M., Abu-Shareha, A., Shambour, Q., Alsaaidah, A., Al-Khatib, S., and Anbar, M., “Customized K-nearest neighbors’ algorithm for malware detection”, International Journal of Data and Network Science, vol. 8, pp. 431-438, 2024.
[4]M. Ficco, “Malware Analysis by Combining Multiple Detectors and Observation Windows,” in IEEE Transactions on Computers, vol. 71, pp. 1276-1290, 2022,doi: 10.1109/TC.2021.3082002.
[5]O¨ . A. Aslan, and R. Samet, “A Comprehensive Review on Malware Detection Approaches,” in IEEE Access, vol. 8, pp. 6249-6271, 2020, doi: 10.1109/ACCESS.2019.2963724.
[6]D. Zhan, K. Tan, L. Ye, X. Yu, H. Zhang, and Z. He, “An Adversarial Robust Behavior Sequence Anomaly Detection Approach Based on Critical Behavior Unit Learning,” in IEEE Transactions on Computers, vol. 72, pp. 3286-3299, 2023, doi: 10.1109/TC.2023.3292001.
[7]P. Faruki et al., “Android Security: A Survey of Issues, Malware Penetration, and Defenses,” in IEEE Communica- tions Surveys & Tutorials, vol. 17, pp. 998-1022, 2015, doi: 10.1109/COMST.2014.2386139.
[8]Abualhaj, M., Mahran Al-Zyoud, M. Hiari, Yousef Alrabanah, Mohammed Anbar, Amal Amer, and Al-Allawee, A. “A fine-tuning of decision tree classifier for ransomware detection based on memory data.” International Journal of Data and Network Science vol. 8, pp. 733-742, 2024.
[9]G. Varshney, S. Varshney, A. Suman, K. Chouhan, and P. Suman, “Machine Learning Based Malware Detection Sys- tem,” 2023 3rd International Conference on Advancement in Electronics & Communication Engineering (AECE), GHAZIABAD, India, pp. 559-563, 2023, doi: 10.1109/AECE59614.2023.10428565.
[10]Z. M. Elgamal, N. B. M. Yasin, M. Tubishat, M. Alswaitti, and S. Mirjalili, “An Improved Harris Hawks Optimiza- tion Algorithm With Simulated Annealing for Feature Selection in the Medical Field,” in IEEE Access, vol. 8, pp. 186638-186652, 2020, doi: 10.1109/ACCESS.2020.3029728.
[11]Y. Wan, A. Ma, Y. Zhong, X. Hu, and L. Zhang, “Multiobjective Hyperspectral Feature Selection Based on Discrete Sine Cosine Algorithm,” in IEEE Transactions on Geoscience and Remote Sensing, vol. 58, pp. 3601-3618, 2020, doi: 10.1109/TGRS.2019.2958812.
[12]S. Ekinci, B. Hekimog˘lu, E. Eker, and D. Sevim, “Hybrid Firefly and Particle Swarm Optimization Algorithm for PID Controller Design of Buck Converter,” 2019 3rd International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT), Ankara, Turkey, pp. 1-6, 2019 doi: 10.1109/ISMSIT.2019.8932733.
[13]W. Liu, P. Li, Z. Ye, and S. Yang, “A Node Deployment Optimization Method of Wireless Sensor Network Based on Firefly Algorithm,” 2021 IEEE 4th International Conference on Advanced Information and Communication Tech- nologies (AICT), Lviv, Ukraine, pp. 167-170, 2021, doi: 10.1109/AICT52120.2021.9628937
[14]Al-Mimi, Hani, Nesreen A. Hamad, Mosleh M. Abualhaj, Mohammad Sh Daoud, Ali Al-dahoud, and Moham- mad Rasmi. “An Enhanced Intrusion Detection System for Protecting HTTP Services from Attacks.” International Journal of Advances in Soft Computing & Its Applications vol. 15, pp. 2023.
[15]M. M. Abualhaj, S. Al-Khatib, M. O. Hiari, Q. Y. Shambour, “Enhancing Spam Detection Using Hybrid of Harris Hawks and Firefly Optimization Algorithms,” Journal of Soft Computing and Data Mining (JSCDM), vol 35, no. 2, pp. 161-174, 2024, doi: 10.30880/jscdm.2024.05.02.012.
[16]R. Agrawal, J. W. Stokes, K. Selvaraj, and M. Marinescu, “Attention in Recurrent Neural Networks for Ran- somware Detection,” ICASSP 2019 - 2019 IEEE International Conference on Acoustics, Speech and Signal Pro- cessing (ICASSP), Brighton, UK, 3222-3226, 2019, doi: 10.1109/ICASSP.2019.8682899.
[17]E. Odat, and Q. M. Yaseen, “A Novel Machine Learning Approach for Android Malware Detection Based on the Co-Existence of Features,” in IEEE Access, vol. 11, pp. 15471-15484, 2023, doi: 10.1109/ACCESS.2023.3244656.
[18]Y. Li, K. Xiong, T. Chin, and C. Hu, “A Machine Learning Framework for Domain Generation Algorithm-Based Malware Detection,” in IEEE Access, vol. 7, pp. 32765-32782, 2019, doi: 10.1109/ACCESS.2019.2891588.
[19]D. Javaheri, M. Hosseinzadeh, and A. M. Rahmani, “Detection and elimination of spyware and ransomware by intercepting Kernel-Level system routines,” IEEE Access, vol. 6, pp. 78321–78332, 2018, doi: 10.1109/ac- cess.2018.2884964.
[20]A. O. Almashhadani, M. Kaiiali, S. Sezer, and P. O’Kane, “A Multi-Classifier Network-Based Crypto Ransomware Detection System: A case study of Locky ransomware,” IEEE Access, vol. 7, pp. 47053–47067, 2019, doi: 10.1109/access.2019.2907485.
[21]K. Kono, S. Phomkeona, and K. Okamura, “An Unknown Malware Detection Using Execution Registry Access,” 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), Tokyo, Japan, Jul. 2018, doi: 10.1109/compsac.2018.10281.
[22]Akhtar MS, and Feng T. “Evaluation of Machine Learning Algorithms for Malware Detection.” Sensors (Basel), vol.23, pp. 946, 2023, doi: 10.3390/s23020946.
[23]Gumaa, Maha Adam. “Graph approach for android malware detection using machine learning techniques.” Humanit. Nat. Sci. J vol. 2, pp. 189-203, 2021.
[24]Poornima, S., and Mahalakshmi, R., “Automated malware detection using machine learning and deep learning ap- proaches for android applications,” Measurement: Sensors, vol. 32, pp. 100955, 2024.
[25]Radwan, A.M., “Machine learning techniques to detect maliciousness of portable executable files,” In 2019 Interna- tional Conference on Promising Electronic Technologies (ICPET) 86-90, 2019.
[26]Akhtar, M.S., and Feng, T., “Malware Analysis and Detection Using Machine Learning Algorithms”, Symmetry, vol. 14, pp. 2304, 2022.
[27]Alkahtani, Hasan, and Theyazn HH Aldhyani. “Artificial intelligence algorithms for malware detection in android- operated mobile devices.” Sensors vol. 22, pp. 2268, 2022.
[28]Luhr, J., and Hallqvist, H., “Fast Classification of Obfuscated Malware with an Artificial Neural Network”, 2022.
[29]Carrier, T., Victor, P., Tekeoglu, A., and Lashkari, A. H. “Detecting Obfuscated Malware using Memory Feature Engineering”, In Icissp, pp.177-188, 2022.
[30]Mezina, A., and Burget, R. “Obfuscated malware detection using dilated convolutional network”, In 2022 14th In- ternational Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT), pp.110- 115, 2022.
[31]Jerbi, M., Dagdia, Z. C., Bechikh, S., and Said, L. B., “Immune-Based System to Enhance Malware Detection”, In IEEE 2023 Congress on Evolutionary Computation, 2023, July.
[32]C¸ avus¸og˘lu, U¨ nal. “A new hybrid approach for intrusion detection using machine learning methods.” Applied Intelli- gence vol. 49, pp. 2735-2761, 2019.
[33]Abualhaj, Mosleh M., Ahmad Adel Abu-Shareha, Mohammad O. Hiari, Yousef Alrabanah, Mahran Al-Zyoud, and Mohammad A. Alsharaiah. “A Paradigm for DoS Attack Disclosure using Machine Learning Techniques.” International Journal of Advanced Computer Science and Applications vol. 13, pp. 2022.
[34]S. Liaquat et al., “Application of Dynamically Search Space Squeezed Modified Firefly Algorithm to a Novel Short Term Economic Dispatch of Multi-Generation Systems,” in IEEE Access, vol. 9, pp. 1918-1939, 2021, doi: 10.1109/ACCESS.2020.3046910.
[35]A. S. Jaradat and S. B. Hamad, “Community Structure Detection Using Firefly Algorithm,” Inter- national Journal of Applied Metaheuristic Computing, vol. 9, no. 4, pp. 52–70, Oct. 2018, doi: https://doi.org/10.4018/ijamc.2018100103.
[36]J. Hegedus, Y. Miche, A. Ilin, and A. Lendasse, “Methodology for Behavioral-based Malware Analysis and Detec- tion Using Random Projections and K-Nearest Neighbors Classifiers,” 2011 Seventh International Conference on Computational Intelligence and Security, Sanya, China, pp.1016-1023, 2011, doi: 10.1109/CIS.2011.227.
[37]K. Shi, S. Chen, D. Li, K. Tian, and M. Feng, “Analysis of the Optimized KNN Algorithm for the Data Security of DR Service,” 2022 IEEE 6th Conference on Energy Internet and Energy System Integration (EI2), Chengdu, China, pp.1634-1637, 2022, doi: 10.1109/EI256261.2022.10116197.
[38]S. Zhang, J. Li, and Y. Li, “Reachable Distance Function for KNN Classification,” in IEEE Transactions on Knowl- edge and Data Engineering, vol. 35, pp. 7382-7396, 2023, doi: 10.1109/TKDE.2022.3185149.
[39]Y. Sanjalawe, S. Fraihat, S. Al-E’Mari, M. Abualhaj, S. Makhadmeh and E. Alzubi,” A Review of 6G and AI Convergence: Enhancing Communication Networks With Artificial Intelligence,” in IEEE Open Journal of the Communications Society, vol. 6, pp. 2308-2355, 2025, doi: 10.1109/OJCOMS.2025.3553302.
[40]Al-Mimi, H. M., Hamad, N. A., Abualhaj, M. M., Al-Khatib, S. N., and Hiari, M. O. “Improved Intrusion Detec- tion System to Alleviate Attacks on DNS Service”, Journal of Computer Science, vol. 19, pp. 1549-1560, 2023. https://doi.org/10.3844/jcssp.2023.1549.1560.
[41]Y. Alraba’nah and W. Toghuj, “A deep learning based architecture for malaria parasite detection,” Bulletin of Electrical Engineering and Informatics, vol. 13, no. 1, pp. 292–299, Dec. 2023, doi: https://doi.org/10.11591/eei.v13i1.5485.
[42]L. Al-dabbas, and A. A. Abu-Shareha, “Early Detection of Female Type-2 Diabetes using Machine Learning and Oversampling Techniques,” Journal of Applied Data Sciences, vol. 5, no. 3, pp. 1237–1245, Sep. 2024, doi: https://doi.org/10.47738/jads.v5i3.298