Obfuscated Memory Malware Detection

TL;DR

This paper presents a machine learning approach using Random Forest to detect and classify three types of obfuscated memory malware with high accuracy, addressing a gap in multi-class malware detection.

Contribution

It introduces a novel multi-class classification model for obfuscated memory malware detection using memory feature engineering, outperforming existing models.

Findings

Achieved 89.07% accuracy in classifying malware types.

Demonstrated the effectiveness of Random Forest over other models.

Addressed the challenge of multi-class obfuscated malware detection.

Abstract

Providing security for information is highly critical in the current era with devices enabled with smart technology, where assuming a day without the internet is highly impossible. Fast internet at a cheaper price, not only made communication easy for legitimate users but also for cybercriminals to induce attacks in various dimensions to breach privacy and security. Cybercriminals gain illegal access and breach the privacy of users to harm them in multiple ways. Malware is one such tool used by hackers to execute their malicious intent. Development in AI technology is utilized by malware developers to cause social harm. In this work, we intend to show how Artificial Intelligence and Machine learning can be used to detect and mitigate these cyber-attacks induced by malware in specific obfuscated malware. We conducted experiments with memory feature engineering on memory analysis of malware samples. Binary classification can identify whether a given sample is malware or not, but identifying the type of malware will only guide what next step to be taken for that malware, to stop it from proceeding with its further action. Hence, we propose a multi-class classification model to detect the three types of obfuscated malware with an accuracy of 89.07% using the Classic Random Forest algorithm. To the best of our knowledge, there is very little amount of work done in classifying multiple obfuscated malware by a single model. We also compared our model with a few state-of-the-art models and found it comparatively better.