Febrian Kasmar
Politeknik Negeri Padang

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

Deteksi Malware pada File Executable Menggunakan Machine Learning Random Forest M. Cakra Adhana; Alde Alanda; Hidra Amnur; Febrian Kasmar
JITSI : Jurnal Ilmiah Teknologi Sistem Informasi Vol 7 No 2 (2026)
Publisher : SOTVI - Society of Visual Informatics

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.62527/jitsi.7.2.602

Abstract

The pervasive expansion of digital infrastructure has triggered an exponential surge in cyber threats, with malicious software (malware) posing a paramount risk to information security systems. Traditional signature-based and heuristic detection methods demonstrate severe limitations in mitigating zero-day exploits and multi-variant obfuscated malware due to their rigid dependency on existing signature repositories and susceptibility to high false-positive rates. To transcend these boundaries, this study introduces an adaptive and robust static detection framework for Portable Executable (PE) files leveraging the ensemble machine learning technique of Random Forest. Utilizing a structured dataset comprising PE files harvested from public malware repositories including Malware Bazaar alongside verified benign applications, static analysis was performed without code execution to preserve environment safety. A total of 75 distinctive structural features spanning COFF headers, section characteristics, data directories, and configuration markers were systematically extracted using the Python pefile library. The model was trained using an 80:20 data split ratio. Experimental evaluation achieved an exceptional internal generalization capability with an Out-of-Bag (OOB) score of 97.43%. Independent validation on a test suite of 332 unseen files yielded a balanced confusion matrix comprising 160 True Positives, 164 True Negatives, 5 False Positives, and 3 False Negatives, establishing a high precision, recall, and F1-score of approximately 98%. Feature importance analysis highlighted that parameters such as MajorOperatingSystemVersion, MajorSubsystemVersion, and DllCharacteristics serve as critical discriminators. Finally, the optimized predictive model was integrated into a web-accessible application architecture powered by Flask and MySQL to facilitate user-driven file uploading and real-time inference reporting, offering an scalable complementary defense layer for modern cybersecurity ecosystems