Enhanced detection of obfuscated malware in memory dumps: a machine learning approach for advanced cybersecurity
Copyright policy )Enhanced detection of obfuscated malware in memory dumps: a machine learning approach for advanced cybersecurity
AbstractIn the realm of cybersecurity, the detection and analysis of obfuscated malware remain a critical challenge, especially in the context of memory dumps. This research paper presents a novel machine learning-based framework designed to enhance the detection and analytical capabilities against such elusive threats for binary and multi type’s malware. Our approach leverages a comprehensive dataset comprising benign and malicious memory dumps, encompassing a wide array of obfuscated malware types including Spyware, Ransomware, and Trojan Horses with their sub-categories. We begin by employing rigorous data preprocessing methods, including the normalization of memory dumps and encoding of categorical data. To tackle the issue of class imbalance, a Synthetic Minority Over-sampling Technique is utilized, ensuring a balanced representation of various malware types. Feature selection is meticulously conducted through Chi-Square tests, mutual information, and correlation analyses, refining the model’s focus on the most indicative attributes of obfuscated malware. The heart of our framework lies in the deployment of an Ensemble-based Classifier, chosen for its robustness and effectiveness in handling complex data structures. The model’s performance is rigorously evaluated using a suite of metrics, including accuracy, precision, recall, F1-score, and the area under the ROC curve (AUC) with other evaluation metrics to assess the model’s efficiency. The proposed model demonstrates a detection accuracy exceeding 99% across all cases, surpassing the performance of all existing models in the realm of malware detection.
FOS: Computer and information sciences, Computer engineering. Computer hardware, Computer Networks and Communications, Malware, Detection and Prevention of Phishing Attacks, TK7885-7895, Characterization and Detection of Android Malware, Computer security, Memory dump analysis, Embedded system, Machine learning in cybersecurity, QA75.5-76.95, Computer science, Intrusion Detection, Obfuscated malware detection, Detection, Advanced malware analytics, Electronic computers. Computer science, Signal Processing, Computer Science, Physical Sciences, Network Intrusion Detection and Defense Mechanisms, Security Analysis, Malware behavioral patterns, Botnet Detection, Information Systems
FOS: Computer and information sciences, Computer engineering. Computer hardware, Computer Networks and Communications, Malware, Detection and Prevention of Phishing Attacks, TK7885-7895, Characterization and Detection of Android Malware, Computer security, Memory dump analysis, Embedded system, Machine learning in cybersecurity, QA75.5-76.95, Computer science, Intrusion Detection, Obfuscated malware detection, Detection, Advanced malware analytics, Electronic computers. Computer science, Signal Processing, Computer Science, Physical Sciences, Network Intrusion Detection and Defense Mechanisms, Security Analysis, Malware behavioral patterns, Botnet Detection, Information Systems
selected citations These citations are derived from selected sources.This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).24 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Top 10% influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Top 10% impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Top 10%
Citations provided by BIP!Popularity provided by BIP!