N-gram feature extraction and Naïve Bayes classifier for malware detection using FPGA implementation

Nowadays malicious software, or commonly known as malwares, play a very critical role in almost every network intrusion attack that attempts to harm the connected devices. Thus, installing malware detection systems to protect the network environment has become even more imperative. Naïve Bayes classifier is a probabilistic supervised machine learning algorithm that can be launched on most general-purpose devices to solve a wide range of classification problems, including malware detection. Apart from the classifier, a good feature extractor is important to improve the performance and reliability of the classifier model. However, when it comes to real time applications, the general-purpose devices are limited in terms of their computational throughput. Therefore, the aim of this project is to implement n-gram feature extractor and Naïve Bayes classifier on hardware environments. To improve the throughput and latency of the malware detection, parallel processing capability of field-programmable gate array (FPGA) has been exploited whereby multiple processing units have been designed for the inference module to be implemented on the hardware. Besides, the inference module is designed to be pipelined with six stages. Other than that, hardware-friendly algorithms which have implemented base 2 logarithm transformation and floating-point to fixed-point conversion are used in this study. From the result, both software and hardware designs have obtained similar accuracy of 99.18% on the test dataset. Besides, it is found out that the higher number of parallel processing units, n in this design leads to higher throughput, resource utilization, power consumption, and energy efficiency for malware detection. Hardware design with n = 62 is the optimal design in this project, as it has achieved the highest value of throughput and energy efficiency at the same time.