Takaya Kubota,Kota Yoshida,Mitsuru Shiozaki,Takeshi Fujino

DOI: https://doi.org/10.1016/j.micpro.2020.103383

IF: 3.503

2021-11-01

Microprocessors and Microsystems

Abstract:<p>In the field of image recognition, machine learning technologies, especially deep learning, have been rapidly advancing alongside the advances of hardware such as GPUs. In image recognition, in general, large numbers of labeled images to be identified are input to a neural network, and repeatedly learning the images enables the neural network to identify objects with high accuracy. A new profiling side-channel attack method, the deep learning side-channel attack (DL-SCA), utilizes the neural network's high identifying ability to unveil a cryptographic module's secret key from side-channel information. In DL-SCAs, the neural network is trained with power waveforms captured from a target cryptographic module, and the trained network extracts the leaky part that depends on the secret. However, at this stage, the main target of investigation has been software implementation, and studies regarding hardware implementation, such as ASIC, are somewhat lacking. In this paper, we first depict deep learning techniques, profiling side-channel attacks, and leak models to clarify the relation between secret and side channels. Next, we investigate the use of DL-SCA against hardware implementations of AES and discuss the problem derived from the Hamming distance model and ShiftRow operation of AES. To solve the problem, we propose a new network training method called "mixed model dataset based on round-round XORed value." We prove that our proposal solves the problem and gives the attack capability to neural networks. We also compare the attack performance and characteristics of DL-SCA to conventional analysis methods such as correlation power analysis and conventional template attack. In our experiment, a dedicated ASIC chip for side-channel analysis is utilized and the chip is also equipped with a side-channel countermeasure AES. We show how DL-SCA can recover secret keys against the side-channel countermeasure circuit. Our results demonstrate that DL-SCA can be a more powerful option against side-channel countermeasure implementations than conventional SCAs.</p>

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Ngoc‐Tuan Do,Van‐Phuc Hoang,Van Sang Doan,Cong‐Kha Pham

DOI: https://doi.org/10.1049/ise2.12102

2022-12-22

IET Information Security

Abstract:This paper proposes and evaluates the applications of different DL techniques including the Convolutional Neural Network (CNN) and the multilayer perceptron (MLP) models for non‐profiled attacks on the AES‐128 encryption implementation. Along with the designed models, a dataset reconstruction and labelling technique for the proposed model has also been performed for solving the high dimension data and imbalanced dataset problem. As a result, the DL‐based SCA with our reconstructed dataset for different targets of ASCAD, RISC‐V microcontroller, and ChipWhisperer boards has achieved a higher performance of non‐profiled attacks. The experimental results have clarified that the exponential linear unit (ELU) function is better than the rectified linear unit (ReLU) in taking the correct key with the presence of the Gaussian noise. In modern embedded systems, security issues including side‐channel attacks (SCAs) are becoming of paramount importance since the embedded devices are ubiquitous in many categories of consumer electronics. Recently, deep learning (DL) has been introduced as a new promising approach for profiled and non‐profiled SCAs. This paper proposes and evaluates the applications of different DL techniques including the Convolutional Neural Network and the multilayer perceptron models for non‐profiled attacks on the AES‐128 encryption implementation. Especially, the proposed network is fine‐tuned with different number of hidden layers, labelling techniques and activation functions. Along with the designed models, a dataset reconstruction and labelling technique for the proposed model has also been performed for solving the high dimension data and imbalanced dataset problem. As a result, the DL based SCA with our reconstructed dataset for different targets of ASCAD, RISC‐V microcontroller, and ChipWhisperer boards has achieved a higher performance of non‐profiled attacks. Specifically, necessary investigations to evaluate the efficiency of the proposed techniques against different SCA countermeasures, such as masking and hiding, have been performed. In addition, the effect of the activation function on the proposed DL models was investigated. The experimental results have clarified that the exponential linear unit function is better than the rectified linear unit in fighting against noise generation‐based hiding countermeasure.

computer science, information systems, theory & methods

Dag Arne Osvik,Adi Shamir,Eran Tromer

DOI: https://doi.org/10.1007/11605805_1

2006-01-01

Abstract:We describe several software side-channel attacks based on inter-process leakage through the state of the CPU’s memory cache. This leakage reveals memory access patterns, which can be used for cryptanalysis of cryptographic primitives that employ data-dependent table lookups. The attacks allow an unprivileged process to attack other processes running in parallel on the same processor, despite partitioning methods such as memory protection, sandboxing and virtualization. Some of our methods require only the ability to trigger services that perform encryption or MAC using the unknown key, such as encrypted disk partitions or secure network links. Moreover, we demonstrate an extremely strong type of attack, which requires knowledge of neither the specific plaintexts nor ciphertexts, and works by merely monitoring the effect of the cryptographic process on the cache. We discuss in detail several such attacks on AES, and experimentally demonstrate their applicability to real systems, such as OpenSSL and Linux’s dm-crypt encrypted partitions (in the latter case, the full key can be recovered after just 800 writes to the partition, taking 65 milliseconds). Finally, we describe several countermeasures for mitigating such attacks.

DOI: https://doi.org/10.1007/s13389-023-00312-6

2023-03-28

Journal of Cryptographic Engineering

Abstract:Deep-learning side-channel attacks, applying deep neural networks to side-channel attacks, are known that can easily attack some existing side-channel attack countermeasures such as masking and random jitter. While there have been many studies on profiled deep-learning side-channel attacks, a new approach that involves applying deep learning to non-profiled attacks was proposed in 2018. In our study, we investigate the structure of multi-layer perceptrons and points of interest for non-profiled deep-learning side-channel attacks using the ANSSI database with a masking countermeasure. The results of investigations indicate that it is better to use a simple network model, apply regularization to prevent over-fitting, and select a wide range of power traces that contain side-channel information as the points of interest. We also implemented AES-128 software implementation protected with the Rotating Sboxes Masking countermeasure, which has never been attacked by non-profiled deep-learning side-channel attacks, on the Xmega128 microcontroller and carried out non-profiled deep-learning side-channel attacks against it. Non-profiled deep-learning side-channel attacks successfully recovered all partial keys while the conventional power analysis could not. The attack results also showed that the least significant bit is the adequate selection for successful non-profiled deep-learning side-channel attacks, but the best labeling method may vary depending on the implementation of the countermeasure algorithm. We conducted two experimental analyses to clarify that deep-learning side-channel attacks learn mask values used in the masking countermeasure. One is the gradient visualization used in previous studies, and the other is a new analysis method using partial removal of power traces.

computer science, theory & methods

Ongee Jeong,Ezat Ahmadzadeh,Inkyu Moon

DOI: https://doi.org/10.3390/math12131936

IF: 2.4

2024-06-22

Mathematics

Abstract:In this paper, we perform neural cryptanalysis on five block ciphers: Data Encryption Standard (DES), Simplified DES (SDES), Advanced Encryption Standard (AES), Simplified AES (SAES), and SPECK. The block ciphers are investigated on three different deep learning-based attacks, Encryption Emulation (EE), Plaintext Recovery (PR), Key Recovery (KR), and Ciphertext Classification (CC) attacks. The attacks attempt to break the block ciphers in various cases, such as different types of plaintexts (i.e., block-sized bit arrays and texts), different numbers of round functions and quantity of training data, different text encryption methods (i.e., Word-based Text Encryption (WTE) and Sentence-based Text Encryption (STE)), and different deep learning model architectures. As a result, the block ciphers can be vulnerable to EE and PR attacks using a large amount of training data, and STE can improve the strength of the block ciphers, unlike WTE, which shows almost the same classification accuracy as the plaintexts, especially in a CC attack. Moreover, especially in the KR attack, the Recurrent Neural Network (RNN)-based deep learning model shows higher average Bit Accuracy Probability than the fully connected-based deep learning model. Furthermore, the RNN-based deep learning model is more suitable than the transformer-based deep learning model in the CC attack. Besides, when the keys are the same as the plaintexts, the KR attack can perfectly break the block ciphers, even if the plaintexts are randomly generated. Additionally, we identify that DES and SPECK32/64 applying two round functions are more vulnerable than those applying the single round function by performing the KR attack with randomly generated keys and randomly generated single plaintext.

mathematics

Yohaï-Eliel Berreby,Laurent Sauvage

2023-09-23

Abstract:Over the past few years, deep learning has been getting progressively more popular for the exploitation of side-channel vulnerabilities in embedded cryptographic applications, as it offers advantages in terms of the amount of attack traces required for effective key recovery. A number of effective attacks using neural networks have already been published, but reducing their cost in terms of the amount of computing resources and data required is an ever-present goal, which we pursue in this work. We focus on the ANSSI Side-Channel Attack Database (ASCAD), and produce a JAX-based framework for deep-learning-based SCA, with which we reproduce a selection of previous results and build upon them in an attempt to improve their performance. We also investigate the effectiveness of various Transformer-based models.

Cryptography and Security,Artificial Intelligence

Max Panoff,Honggang Yu,Haoqi Shan,Yier Jin

DOI: https://doi.org/10.1145/3517810

2024-02-04

Abstract:Side Channel Analysis (SCA) presents a clear threat to privacy and security in modern computing systems. The vast majority of communications are secured through cryptographic algorithms. These algorithms are often provably-secure from a cryptographical perspective, but their implementation on real hardware introduces vulnerabilities. Adversaries can exploit these vulnerabilities to conduct SCA and recover confidential information, such as secret keys or internal states. The threat of SCA has greatly increased as machine learning, and in particular deep learning, enhanced attacks become more common. In this work, we will examine the latest state-of-the-art deep learning techniques for side channel analysis, the theory behind them, and how they are conducted. Our focus will be on profiling attacks using deep learning techniques, but we will also examine some new and emerging methodologies enhanced by deep learning techniques, such as non-profiled attacks, artificial trace generation, and others. Finally, different deep learning enhanced SCA schemes attempted against the ANSSI SCA Database (ASCAD) and their relative performance will be evaluated and compared. This will lead to new research directions to secure cryptographic implementations against the latest SCA attacks.

Cryptography and Security,Machine Learning

Huimin Li,Guilherme Perin

DOI: https://doi.org/10.1007/s13389-024-00363-3

2024-09-01

Journal of Cryptographic Engineering

Abstract:Side-channel attacks against cryptographic implementations are mitigated by the application of masking and hiding countermeasures. Hiding countermeasures attempt to reduce the Signal-to-Noise Ratio of measurements by adding noise or desynchronization effects during the execution of the cryptographic operations. To bypass these protections, attackers adopt signal processing techniques such as pattern alignment, filtering, averaging, or resampling. Convolutional neural networks have shown the ability to reduce the effect of countermeasures without the need for trace preprocessing, especially alignment, due to their shift invariant property. Data augmentation techniques are also considered to improve the regularization capacity of the network, which improves generalization and, consequently, reduces the attack complexity. In this work, we deploy systematic experiments to investigate the benefits of data augmentation techniques against masked AES implementations when they are also protected with hiding countermeasures. Our results show that, for each countermeasure and dataset, a specific neural network architecture requires a particular data augmentation configuration to achieve significantly improved attack performance. Our results clearly show that data augmentation should be a standard process when targeting datasets with hiding countermeasures in deep learning-based side-channel attacks.

computer science, theory & methods

Ping Zhou,Tao Wang,Xiaoxuan Lou,Xinjie Zhao,Fan Zhang,Shize Guo

DOI: https://doi.org/10.1007/s11432-017-9108-3

2017-01-01

Science China Information Sciences

Abstract:Dear editor, Cache timing attack is a very powerful side channel attack technique to break cryptographic implementations.Recently,Flush-Reload,a new type of cache attacks,was proposed to attack cryptographic implementations on multi-core platforms.It utilizes a spy processes S to monitor the victim process V which shares the same memory pages.S flushes the specific memory lines of V,evicts data from all levels of caches,and then reloads these memory lines into cache.The corresponding loading time can be measured,therefore the victim's accesses to the specific instructions can be monitored.

Iván Prada,Francisco D. Igual,Katzalin Olcoz

DOI: https://doi.org/10.48550/arXiv.1904.11268

2019-04-25

Abstract:Cache timing attacks use shared caches in multi-core processors as side channels to extract information from victim processes. These attacks are particularly dangerous in cloud infrastructures, in which the deployed countermeasures cause collateral effects in terms of performance loss and increase in energy consumption. We propose to monitor the victim process using an independent monitoring (detector) process, that continuously measures selected Performance Monitoring Counters (PMC) to detect the presence of an attack. Ad-hoc countermeasures can be applied only when such a risky situation arises. In our case, the victim process is the AES encryption algorithm and the attack is performed by means of random encryption requests. We demonstrate that PMCs are a feasible tool to detect the attack and that sampling PMCs at high frequencies is worse than sampling at lower frequencies in terms of detection capabilities, particularly when the attack is fragmented in time to try to be hidden from detection.

Cryptography and Security

Xinjie Zhao,Shize Guo,Fan Zhang,Tao Wang,Zhijie Shi,Zhe Liu,Jean-Francois Gallais

DOI: https://doi.org/10.1016/j.cose.2013.07.002

IF: 5.105

2013-01-01

Computers & Security

Abstract:Existing trace driven cache attacks (TDCAs) can only analyze the cache events in the first two rounds or the last round of AES, which limits the efficiency of the attacks. Recently, Zhao et al. proposed the multiple deductions-based algebraic side-channel attack (MDASCA) to cope with the errors in leakage measurements and to exploit new leakage models. Their preliminary results showed that MDASCA can improve TDCAs and attack the AES implemented with a compact lookup table of 256 bytes. This paper performs a comprehensive study of MDASCA-based TDCAs (MDATDCA) on most of the AES implementations that are widely used. First, the key recovery in TDCA is depicted by an abstract model regardless of the specific attack techniques. Then, the previous work of TDCAs on AES is classified into three types and its limitations are analyzed. How to utilize the cache events with MDATDCA is presented and the overhead is also calculated. To evaluate MDATDCA on AES, this paper constructs a mathematical model to estimate the maximal number of leakage rounds that can be utilized and the minimal number of cache traces required for a successful MDATDCA. Extensive experiments are conducted under different implementations, attack scenarios and key lengths of AES. The experimental results are consistent with the theoretical analysis. Many improvements are achieved. For the first time, we show that TDCAs on AES-192 and AES-256 become possible with the MDATDCA technique. Our work attests that combining TDCAs with algebraic techniques is a very efficient way to improve cache attacks.

Fan Zhang,Zhijie Jerry Shi

DOI: https://doi.org/10.1109/itng.2007.152

2007-01-01

Abstract:Power analysis can exploit the instantaneous power consumptions of elliptic curve cryptography (ECC) devices and retrieve secret keys. Many countermeasures have been proposed to make ECC implementations secure. One of the approaches is the randomized algorithms proposed by Oswald et al., which combine two scalar point multiplication algorithms and use random variables to decide which algorithm to follow at different stages of the computation. In this paper, we describe a power analysis attack that can break randomized automata proposed by Oswald et al. effectively, even with a small number of power traces

zhou ping,wang tao,li guang,zhang fan,zhao xinjie

DOI: https://doi.org/10.1109/CC.2015.7122479

2015-01-01

Abstract:FLUSH+RELOAD attack is recently proposed as a new type of Cache timing attacks. There are three essential factors in this attack, which are monitored instructions, threshold and waiting interval. However, existing literature seldom exploit how and why they could affect the system. This paper aims to study the impacts of these three parameters, and the method of how to choose optimal values. The complete rules for choosing the monitored instructions based on necessary and sufficient condition are proposed. How to select the optimal threshold based on Bayesian binary signal detection principal is also proposed. Meanwhile, the time sequence model of monitoring is constructed and the calculation of the optimal waiting interval is specified. Extensive experiments are conducted on RSA implemented with binary square-and-multiply algorithm. The results show that the average success rate of full RSA key recovery is 89.67%.

Pengfei Guo,Yingjian Yan,Fan Zhang,Chunsheng Zhu,Lichao Zhang,Zibin Dai

DOI: https://doi.org/10.1016/j.cose.2023.103255

2023-04-10

Abstract:Cryptographic devices are vulnerable to side-channel attacks, which have attracted broad attention in the hardware security field. The side-channel analysis framework proposed at Eurocrypt 2009 has been widely adopted in academia, containing key elements such as points of interest, leakage models, distinguishers, and security metrics. This classical framework, however, is not intuitively compatible with recent micro-architectural attacks such as cache attacks, therefore, few attempts have been made to link them. In this paper, we extend the classical side-channel analysis framework and migrate its ideas to access-driven cache attacks. We find that cache attacks can be effectively incorporated into this framework. Specifically, we propose a leakage model called cache access pattern vector according to the cache timing leakage characteristics. Furthermore, we propose data preprocessing schemes such as noise reduction, dimensionality reduction, and vector expansion to implement efficient attacks. Subsequently, we proposed seven distinguishers in three categories: difference of means-based analysis, vector distance-based analysis, and mutual information-based analysis. Moreover, we attacked the last round of the AES fast software implementation algorithm based on the Chipyard platform. According to the experimental results, all proposed methods can successfully extract the key, and five of them are comparable to mainstream cache analysis in attack efficiency. Finally, we evaluate the five efficient distinguishers under three different cache micro-architectures using guessing entropy. Based on the experimental environment of this paper, vector distance-based distinguishers have the best attack efficiency, and the difference of mean-based analysis has the worst. Surprisingly, the most general mutual information-based attacks can achieve excellent medium results in a few attack rounds without the help of static analysis tools. Meanwhile, the experimental results demonstrate that cache micro-architecture directly impacts the attack effect, in which the smaller cache line size benefits the attacks, while the random replacement policy increases the noise and difficulty of the attacks.

computer science, information systems

Zhijie Jerry Shi,Fan Zhang

2006-01-01

Abstract:Elliptic curve cryptography (ECC) has attracted a lot of attention because it can provide similar levels of security with much shorter keys than the arithmetic of multiple-precision integers in finite fields, which has been widely used in many public-key and key-exchange algorithms. Small key sizes are especially important to resource constrained devices as shorter keys require less storage space and consume less power to transmit and compute. However, ECC algorithms are vulnerable to power analysis attacks, which exploit the instantaneous power consumptions of computing devices to retrieve secret data. Many countermeasures have been proposed to make ECC implementations secure against power analysis. One of the approaches is randomized algorithms that generate different power traces even if the input of the algorithm is the same. For example, the randomized scalar point multiplication algorithm proposed by Oswald et al. combines two algorithms and uses random variables to decide which algorithm to follow at different stages of the execution. The randomized algorithm can thwart traditional power analysis attacks. However, in this paper, we propose an effective attack on the randomized algorithms. Our attack does not require a large number of power traces and has a very high success rate.

Nan Liao,Xiaoxin Cui,Tian Wang,Kai Liao,Dunshan Yu,Xiaole Cui

DOI: https://doi.org/10.1109/cstic.2016.7464078

2016-01-01

Abstract:Random fault attacks against Advanced Encryption Standard (AES) hardware implementation are widely researched. In the previous fault analysis, 6 rounds of attacks are required to recover the correct round-key, which is not efficient enough for extensive analysis. In this paper, a more efficient fault model is proposed. Based on the analysis of theoretical key candidate number, the proposed attack method can complete the analysis as few as 3 rounds. Experiment results shows that nearly 90% of the attacks recover the correct round-key with 3 rounds and in average only 3.125 rounds are required with our proposed attack method.

Xiaozhong Pan,Shuiyu He,Yuechuan Wei,Lipeng Chang

DOI: https://doi.org/10.3390/app12168246

2022-08-18

Applied Sciences

Abstract:With the in-depth integration of deep learning and side-channel analysis (SCA) technology, the security threats faced by embedded devices based on the Internet of Things (IoT) have become increasingly prominent. By building a neural network model as a discriminator, the correlation between the side information leaked by the cryptographic device, the key of the cryptographic algorithm, and other sensitive data can be explored. Then, the security of cryptographic products can be evaluated and analyzed. For the AES-128 cryptographic algorithm, combined with the CW308T-STM32F3 demo board on the ChipWhisperer experimental platform, a Correlation Power Analysis (CPA) is performed using the four most common deep learning methods: the multilayer perceptron (MLP), the convolutional neural network (CNN), the recurrent neural network (RNN), and the long short-term memory network (LSTM) model. The performance of each model is analyzed in turn when the samples are small data sets, sufficient data sets, and data sets of different scales. Finally, each model is comprehensively evaluated by indicators such as classifier accuracy, network loss, training time, and rank of side-channel attacks. The experimental results show that the convolutional neural network CNN classifier has higher accuracy, lower loss, better robustness, stronger generalization ability, and shorter training time. The rank value is 2, that is, only two traces can recover the correct key byte information. The comprehensive performance effect is better.

Engineering,Computer Science

Naila Mukhtar,Ali Mehrabi,Yinan Kong,Ashiq Anjum

DOI: https://doi.org/10.1002/cpe.6764

2021-12-07

Concurrency and Computation: Practice and Experience

Abstract:The processing of locally harvested data at the physically accessible edge devices opens a new avenue of security threats for edge enhanced analytics. Cryptographic algorithms are used to secure the data being processed on the edge device. However, the implementation weakness of the algorithms on the edge devices can lead to side‐channel attack vulnerability, which is exacerbated with the application of machine‐learning techniques. This research proposes a deep learning‐based system integrated at the edge device to identify the side‐channel leakages. To design such a deep learning‐based system, one of the challenges is formulating the suitable attack model for the underlying target algorithm. Based on the previous findings, three machine learning‐based side‐channel attack models are curated and investigated for the edge device security evaluations. As a test case, the standard elliptic‐curve cryptographic algorithm is selected. Moreover, quantitative analysis is provided for the best attack model selection using standard machine‐learning evaluation metrics. A comparative analysis is performed on the raw unaligned data samples and reduced feature‐engineered samples using edge enhanced security analytics. The investigation concludes that the vulnerable algorithm implementation can lead to the secret key recovery from the edge device, with 96% accuracy, using a neural‐network‐based algorithm to analyse side‐channel attacks.

Amjed Abbas Ahmed,Mohammad Kamrul Hasan,Shayla Islam,Azana Hafizah Mohd Aman,Nurhizam Safie

DOI: https://doi.org/10.5755/j02.eie.33995

2023-09-07

Elektronika ir Elektrotechnika

Abstract:Deep learning (DL) is a new option that has just been made available for side-channel analysis. DL approaches for profiled side-channel attacks (SCA) have dominated research till now. In this attack, the attacker has complete control over the profiling device and can collect many traces for a range of critical parameters to characterise device leakage before the attack. In this study, we apply DL algorithms to non-profiled data. An attacker can only retrieve a limited number of side-channel traces from a closed device with an unknown key value in non-profiled mode. The authors conducted this research. Key estimations and deep learning measurements can reveal the secret key. We prove that this is doable. This technology is excellent for non-profits. DL and neural networks can benefit these organisations. Neural networks can provide a new technique to verify the safety of hardware cryptographic algorithms. It was recently suggested. This study creates a non-profiled SCA utilising convolutional neural networks (CNNs) on an AVR microcontroller with 8 bits of memory and the AES-128 cryptographic algorithm. We used aligned power traces with several samples to demonstrate how challenging CNN-based SCA is in practise. This will help us reach our goals. Here is another technique to create a solid CNN data set. In particular, CNN-based SCA experiment data and noise effects are examined. These experiments employ power traces with Gaussian noise. The CNN-based SCA works well with our data set for non-profiled attacks. Gaussian noise on power traces causes many more issues. These results show that our method can recover more bytes successfully from SCA compared to other methods in correlation power analysis (CPA) and DL-SCA without regularisation.

engineering, electrical & electronic

Johan Note,Maaruf Ali

DOI: https://doi.org/10.33166/aetic.2022.03.003

2022-07-01

Annals of Emerging Technologies in Computing

Abstract:Attacks against computer networks, “cyber-attacks”, are now common place affecting almost every Internet connected device on a daily basis. Organisations are now using machine learning and deep learning to thwart these types of attacks for their effectiveness without the need for human intervention. Machine learning offers the biggest advantage in their ability to detect, curtail, prevent, recover and even deal with untrained types of attacks without being explicitly programmed. This research will show the many different types of algorithms that are employed to fight against the different types of cyber-attacks, which are also explained. The classification algorithms, their implementation, accuracy and testing time are presented. The algorithms employed for this experiment were the Gaussian Naïve-Bayes algorithm, Logistic Regression Algorithm, SVM (Support Vector Machine) Algorithm, Stochastic Gradient Descent Algorithm, Decision Tree Algorithm, Random Forest Algorithm, Gradient Boosting Algorithm, K-Nearest Neighbour Algorithm, ANN (Artificial Neural Network) (here we also employed the Multilevel Perceptron Algorithm), Convolutional Neural Network (CNN) Algorithm and the Recurrent Neural Network (RNN) Algorithm. The study concluded that amongst the various machine learning algorithms, the Logistic Regression and Decision tree classifiers all took a very short time to be implemented giving an accuracy of over 90% for malware detection inside various test datasets. The Gaussian Naïve-Bayes classifier, though fast to implement, only gave an accuracy between 51-88%. The Multilevel Perceptron, non-linear SVM and Gradient Boosting algorithms all took a very long time to be implemented. The algorithm that performed with the greatest accuracy was the Random Forest Classification algorithm.