loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Tristan Carrier 1 ; Princy Victor 1 ; Ali Tekeoglu 2 and Arash Habibi Lashkari 1

Affiliations: 1 Canadian Institute for Cybersecurity (CIC), University of New Brunswick (UNB), Fredericton, NB, Canada ; 2 Johns Hopkins University Applied Physics Laboratory, Critical Infrastructure Protection Group, Maryland, U.S.A.

Keyword(s): Obfuscated Malware, Memory Analysis, Ensemble Learning, Malware Detection, Stacking, Machine Learning

Abstract: Memory analysis is critical in detecting malicious processes as it can capture various characteristics and behaviors. However, while there is much research in the field, there are also some significant obstacles in malware detection, such as detection rate and advanced malware obfuscation. As advanced malware uses obfuscation and other techniques to stay hidden from the detection methods, there is a strong need for an efficient framework that focuses on detecting obfuscation and hidden malware. In this research, the advancement of the VolMemLyzer, as one of the most updated memory feature extractors for learning systems, has been extended to focus on hidden and obfuscated malware used with a stacked ensemble machine learning model to create a framework for efficiently detecting malware. Also, a specific malware memory dataset (MalMemAnalysis-2022) was created to test and evaluate this framework, focusing on simulating real-world obfuscated malware as close as possible. The results sh ow that the proposed solution can detect obfuscated and hidden malware using memory feature engineering extremely fast with an Accuracy and F1-Score of 99.00% and 99.02%, respectively. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 44.222.194.62

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Carrier, T.; Victor, P.; Tekeoglu, A. and Lashkari, A. (2022). Detecting Obfuscated Malware using Memory Feature Engineering. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-553-1; ISSN 2184-4356, SciTePress, pages 177-188. DOI: 10.5220/0010908200003120

@conference{icissp22,
author={Tristan Carrier. and Princy Victor. and Ali Tekeoglu. and Arash Habibi Lashkari.},
title={Detecting Obfuscated Malware using Memory Feature Engineering},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP},
year={2022},
pages={177-188},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010908200003120},
isbn={978-989-758-553-1},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP
TI - Detecting Obfuscated Malware using Memory Feature Engineering
SN - 978-989-758-553-1
IS - 2184-4356
AU - Carrier, T.
AU - Victor, P.
AU - Tekeoglu, A.
AU - Lashkari, A.
PY - 2022
SP - 177
EP - 188
DO - 10.5220/0010908200003120
PB - SciTePress