TY - GEN
T1 - Memory Feature Engineering for Performance-Gain in Obfuscated Malware Detection Using Machine Learning and Sensitivity Analysis
AU - Oliveira, Diogo
AU - Lomotey, Richard
AU - Ray, Madhurima
AU - Rahouti, Mohamed
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Malware detection techniques are critical in the modern cyber-warfare, and memory analysis is a key feature in this process. Most common memory analysis methods and tools are based on traditional static and/or dynamic inspection, which may not be efficient against most malware-obfuscation techniques. Therefore, recent studies have analyzed pattern-based methods, specifically using machine learning. However, performance and complexity issues can be obstacles against the adoption of such technique due the large number of parameters available for training and testing. Therefore, one of the challenges of machine learning for obfuscated malware detection is deploying sensitivity analysis seeking to reduce the numerous memory features. Hence, this research inspects the 58 memory features presented by the MalMemAnalysis-2022 dataset, and strives to extract the ones that establish a trade-off between concise malware classification and performance improvement. The here proposed classifier, namely Reduced Feature Random Forest, can increase accuracy to 99.57% and reduce classification time to 0.88 milliseconds.
AB - Malware detection techniques are critical in the modern cyber-warfare, and memory analysis is a key feature in this process. Most common memory analysis methods and tools are based on traditional static and/or dynamic inspection, which may not be efficient against most malware-obfuscation techniques. Therefore, recent studies have analyzed pattern-based methods, specifically using machine learning. However, performance and complexity issues can be obstacles against the adoption of such technique due the large number of parameters available for training and testing. Therefore, one of the challenges of machine learning for obfuscated malware detection is deploying sensitivity analysis seeking to reduce the numerous memory features. Hence, this research inspects the 58 memory features presented by the MalMemAnalysis-2022 dataset, and strives to extract the ones that establish a trade-off between concise malware classification and performance improvement. The here proposed classifier, namely Reduced Feature Random Forest, can increase accuracy to 99.57% and reduce classification time to 0.88 milliseconds.
UR - http://www.scopus.com/inward/record.url?scp=85206807681&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85206807681&partnerID=8YFLogxK
U2 - 10.1109/PACRIM61180.2024.10690212
DO - 10.1109/PACRIM61180.2024.10690212
M3 - Conference contribution
AN - SCOPUS:85206807681
T3 - 2024 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, PACRIM 2024
BT - 2024 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, PACRIM 2024
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2024 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, PACRIM 2024
Y2 - 21 August 2024 through 24 August 2024
ER -