Abstract
Memory analysis is important in detecting malicious programs since it may capture many traits and behaviors. While there is a lot of research in the field, there are several important challenges in malware detection, such as detection rate and sophisticated malware obfuscation. Because sophisticated malware uses obfuscation and other ways to avoid detection, there is a significant demand for a framework that focuses on identifying obfuscation and hidden malware. In this paper, two scenarios were proposed, one with the full dataset and one using the correlation matrix to choose the most effective features for classification. Three classification algorithms were applied against each scenario which are K-nearest neighbor (KNN), Decision Tree (DT), and Random Forest (RF). High detection accuracy has been recorded, reaching 99.90% in identifying normal from an anomaly.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Love J (2018) A brief history of malware—its evolution and impact. Lastline. https://www.lastline.com/blog/history-of-malware-its-evolution-and-impact/
Jovanovic B (2021) A not-so-common cold: malware statistics in 2022. Data port. https://dataprot.net/statistics/malware-statistics/
Shishkova T (2022) IT threat evolution in Q1 2022. Mobile statistics. Kaspersky. https://securelist.com/it-threat-evolution-in-q1-2022-mobile-statistics/106589/
Al-Haija QA, Ishtaiwi A (2022) Multiclass classification of firewall log files using shallow neural network for network security applications. In: Ranganathan G, Fernando X, Shi F, El Allioui Y (eds) Soft computing for security applications . advances in intelligent systems and computing, vol 1397. Springer, Singapore. https://doi.org/10.1007/978-981-16-5301-8_3
von Ogden J (nd) 5 places ransomware and malware can hide that you may never check. Cimcor.Com. https://www.cimcor.com/blog/5-places-ransomware-and-malware-can-hide-that-you-may-never-check. Accessed 1 June 2022
Eight8 most common types of malware attacks (2021) Arctic Wolf. https://arcticwolf.com/resources/blog/8-types-of-malware
Malware memory analysis (nd) Unb.Ca. https://www.unb.ca/cic/datasets/malmem-2022.html. Accessed 1 June 2022
Shree R, Shukla AK, Pandey RP, Shukla V, Bajpai D (2021) Memory forensic: acquisition and analysis mechanism for operating systems. Mater Today Proc
Al-Haija QA, Saleh E, Alnabhan M (2021) Detecting port scan attacks using logistic regression. In: 2021 4th International symposium on advanced electrical and communication technologies (ISAECT), pp 1–5. https://doi.org/10.1109/ISAECT53699.2021.9668562
Abu Al-Haija Q, Al Badawi A, Bojja GR (2022) Boost-defence for resilient IoT networks: a head-to-toe approach. Expert Syst e12934. https://doi.org/10.1111/exsy.12934
St¨uttgen (2014) Robust Linux memory acquisition with minimal target impact. Digit Investig 11:112–119
Okolica J, Peterson GL (2010) Windows operating systems agnostic memory analysis. Digit Investig 7:48–56
Thantilage R, Jeyamohan N (2017) A volatile memory analysis tool for retrieval of social media evidence in windows 10 os based workstations. Natl Inf Technol Conf (NITC)
Nissima N, Lahava O, Cohena A, Rokacha YEL (2019) Volatile memory analysis using the Minhash method for efficient and secured detection of malware in private cloud. Comput Secur 87
Sai KVN, Thanudas B, Chakraborty A, Manoj BS (2019) A malware detection technique using memory management API call mining. IEEE
Carrier T, Victor P, Tekeoglu A, Lashkari AH (2022) Detecting obfuscated malware using memory feature engineering. In: The 8th international conference on information systems security and privacy (ICISSP)
Lashkari A, Kadir A, Gonzalez H, Mbah K, Ghorbani A (2014) Towards a network-based framework for android malware detection and characterization. In: 2017 15th annual conference on privacy, security and trust
Kotsiantis SB (2013) Decision trees: a recent overview. Artif Intell Rev 39(4):261–283
Breiman L (2001) Random forests. Mach Learn 45(1):5–32
Cunningham P, Delany S (2007) k-Nearest neighbour classifiers. Mult Classif Syst 54. https://doi.org/10.1145/3459665
Abu Al-Haija Q, Al-Saraireh J (2022) Asymmetric identification model for human-robot contacts via supervised learning. Symmetry 14:591. https://doi.org/10.3390/sym14030591
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Klaib, A.K., Al-Nabhan, M., Abu Al-Haija, Q. (2023). Identifying Memory Dump Malware Using Supervised Learning. In: Shakya, S., Balas, V.E., Haoxiang, W. (eds) Proceedings of Third International Conference on Sustainable Expert Systems . Lecture Notes in Networks and Systems, vol 587. Springer, Singapore. https://doi.org/10.1007/978-981-19-7874-6_74
Download citation
DOI: https://doi.org/10.1007/978-981-19-7874-6_74
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-7873-9
Online ISBN: 978-981-19-7874-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)