Microsoft Malware Prediction

1. Problem Statement

As a skilled data scientist at Microsoft, you play a critical role in protecting millions of Windows users from the ever-evolving threat of malware. The malware landscape is constantly changing, with new viruses and attack vectors emerging every day. To stay ahead of these threats, Microsoft needs to leverage advanced machine learning techniques to identify and neutralize malware before it can cause harm. You are working in Microsoft's defense, and now you must prepare for the future of coding.

You are given a massive and complex dataset containing telemetry data from Windows machines worldwide. Your task is to build a robust and accurate classification model that can predict the likelihood of a machine being infected with malware based on its configuration, usage patterns, and other relevant factors. This model will be integrated into Microsoft's endpoint protection solution, Windows Defender, to proactively identify and block malware attacks, safeguarding the security and privacy of millions of users around the globe. With your skills, you will continue to protect their millions of users against any attacks from all corners.

Goal: The goal of this project is to build a model that can predict whether a Windows machine will be infected with malware.

2. Data Description

The dataset contains telemetry data and machine properties, used to predict the probability of a machine getting infected by malware.

• Rows: 1048576
• Columns: 83
• Variables:
  • MachineIdentifier: Individual machine ID
  • ProductName: Defender state information
  • EngineVersion: Defender state information
  • AppVersion: Defender state information
  • AvSigVersion: Defender state information
  • IsBeta: Defender state information
  • RtpStateBitfield: NA
  • IsSxsPassiveMode: NA
  • DefaultBrowsersIdentifier: ID for the machine's default browser
  • AVProductStatesIdentifier: ID for antivirus software configuration
  • AVProductsInstalled: NA
  • AVProductsEnabled: NA
  • HasTpm: True if machine has tpm
  • CountryIdentifier: ID for the country the machine is located in
  • CityIdentifier: ID for the city the machine is located in
  • OrganizationIdentifier: ID for the organization the machine belongs to
  • GeoNameIdentifier: ID for the geographic region a machine is located in
  • LocaleEnglishNameIdentifier: English name of Locale ID
  • Platform: Platform name
  • Processor: Processor architecture
  • OsVer: Version of the current operating system
  • OsBuild: Build of the current operating system
  • OsSuite: Product suite mask
  • OsPlatformSubRelease: OS Platform sub-release
  • OsBuildLab: Build lab that generated the current OS
  • SkuEdition: SKU-Edition name
  • IsProtected: Whether a machine is protected
  • AutoSampleOptIn: SubmitSamplesConsent value
  • PuaMode: Pua Enabled mode
  • SMode: Field for S mode
  • IeVerIdentifier: NA
  • SmartScreen: SmartScreen enabled string value
  • Firewall: Windows firewall is enabled
  • UacLuaenable: Attribute that reports whether or not the "administrator in Admin Approval Mode" user type is disabled or enabled in UAC
  • Census_MDC2FormFactor: Device census level hardware characteristics
  • Census_DeviceFamily: Device type
  • Census_OEMNameIdentifier: NA
  • Census_OEMModelIdentifier: NA
  • Census_ProcessorCoreCount: Number of logical cores in the processor
  • Census_ProcessorManufacturerIdentifier: NA
  • Census_ProcessorModelIdentifier: NA
  • Census_ProcessorClass: Processor classification
  • Census_PrimaryDiskTotalCapacity: Amount of disk space on primary disk
  • Census_PrimaryDiskTypeName: Primary Disk Type
  • Census_SystemVolumeTotalCapacity: Size of the system volume partition
  • Census_HasOpticalDiskDrive: True if machine has an optical disk drive
  • Census_TotalPhysicalRAM: Physical RAM
  • Census_ChassisTypeName: Type of chassis
  • Census_InternalPrimaryDiagonalDisplaySizeInInches: Physical diagonal length in inches of the primary display
  • Census_InternalPrimaryDisplayResolutionHorizontal: Pixel resolution in the horizontal direction
  • Census_InternalPrimaryDisplayResolutionVertical: Pixel resolution in the vertical direction
  • Census_PowerPlatformRoleName: Power management profile
  • Census_InternalBatteryType: NA
  • Census_InternalBatteryNumberOfCharges: NA
  • Census_OSVersion: Numeric OS version
  • Census_OSArchitecture: Architecture on which the OS is based
  • Census_OSBranch: Branch of the OS
  • Census_OSBuildNumber: OS Build number
  • Census_OSBuildRevision: OS Build revision
  • Census_OSEdition: Edition of the current OS
  • Census_OSSkuName: OS edition friendly name
  • Census_OSInstallTypeName: Description of the install
  • Census_OSInstallLanguageIdentifier: NA
  • Census_OSUILocaleIdentifier: NA
  • Census_OSWUAutoUpdateOptionsName: Windows Update auto-update settings
  • Census_IsPortableOperatingSystem: True if OS is booted from USB
  • Census_GenuineStateName: OSGenuineStateID
  • Census_ActivationChannel: License key
  • Census_IsFlightingInternal: NA
  • Census_IsFlightsDisabled: If machine is participating in flighting
  • Census_FlightRing: Ring the device user receives flights for
  • Census_ThresholdOptIn: NA
  • Census_FirmwareManufacturerIdentifier: NA
  • Census_FirmwareVersionIdentifier: NA
  • Census_IsSecureBootEnabled: Secure Boot mode is enabled
  • Census_IsWIMBootEnabled: NA
  • Census_IsVirtualDevice: Identifies a Virtual Machine
  • Census_IsTouchEnabled: Is this a touch device?
  • Census_IsPenCapable: Is the device capable of pen input?
  • Census_IsAlwaysOnAlwaysConnectedCapable: battery status
  • Wdft_IsGamer: Is this a gamer device
  • Wdft_RegionIdentifier: NA
  • HasDetections: the target variable

Data Source: Kaggle Microsoft Malware Prediction

3. Your Task

Your task is to build a classification model to predict malware infection.

1. Data Exploration and Preprocessing:
   • Load the dataset using Pandas.
   • Explore the data to understand the distribution of features.
   • Handle missing values - be aware there are many!
   • Consider techniques for dimensionality reduction due to the high number of features (e.g., PCA, feature selection).
   • Convert categorical variables to numerical format using techniques like one-hot encoding.
2. Feature Engineering (Crucial):
   • Create new features that may improve model performance - be creative!
3. Model Building:
   • Split the data into training and validation sets. Given the size of the dataset, consider using techniques like stratified sampling.
   • Choose a suitable classification algorithm (e.g., Logistic Regression, Random Forest, Gradient Boosting). Consider using algorithms that are designed for large datasets.
   • Train the model on the training data.
4. Model Evaluation:
   • Evaluate the model's performance on the validation data.
   • Use metrics such as accuracy, precision, recall, F1-score, and AUC-ROC. Pay careful attention to the evaluation metrics - consider the problem as potentially imbalanced.
5. Prediction and Submission:
   • Make predictions on the test data.

Python Libraries: Pandas, NumPy, scikit-learn, Matplotlib/Seaborn, (potentially) XGBoost/LightGBM due to the size and complexity of the data.