Evaluation of supervised and unsupervised machine learning classifiers for Mac OS malware detection

Abstract

Mac operating system is based on UNIX based platform and some consider it to be a more resilient operating system compared to the Windows platform. However, the number of attacks for Mac OS has increased exponentially over recent years and new attacks are arising daily which is capable of bypassing the Mac inbuilt security mechanism. Various supervised and unsupervised machine learning classifiers can be used to detect malware samples by comparing their behavior such as the system calls with benign apps. In this paper, we have evaluated five different supervised and unsupervised classifiers to distinguish between the good ware and malware samples of the Mac OS platform. The experiment was conducted using two different approaches: using the original dataset and then a synthetic balanced dataset. We used Synthetic Minority Over-sampling Technique (SMOTE) for the upsampling of minority class and train the classifiers with a balanced dataset. The experiment results show that the balanced dataset reduces bias towards the majority class and increases the machine learning classifiers' accuracy. Using this approach, we successfully achieved higher accuracy for five machine learning algorithms with a low false-positive rate.