Detecting Obfuscated Malware using Memory Feature Engineering

Tristan Carrier; Princy Victor; Ali Tekeoglu; Arash Lashkari

doi:10.5220/0010908200003120

Detecting Obfuscated Malware using Memory Feature Engineering

Tristan Carrier, Princy Victor, Ali Tekeoglu, Arash Lashkari

2022

Abstract

Memory analysis is critical in detecting malicious processes as it can capture various characteristics and behaviors. However, while there is much research in the field, there are also some significant obstacles in malware detection, such as detection rate and advanced malware obfuscation. As advanced malware uses obfuscation and other techniques to stay hidden from the detection methods, there is a strong need for an efficient framework that focuses on detecting obfuscation and hidden malware. In this research, the advancement of the VolMemLyzer, as one of the most updated memory feature extractors for learning systems, has been extended to focus on hidden and obfuscated malware used with a stacked ensemble machine learning model to create a framework for efficiently detecting malware. Also, a specific malware memory dataset (MalMemAnalysis-2022) was created to test and evaluate this framework, focusing on simulating real-world obfuscated malware as close as possible. The results show that the proposed solution can detect obfuscated and hidden malware using memory feature engineering extremely fast with an Accuracy and F1-Score of 99.00% and 99.02%, respectively.

Download

Paper Citation

in Harvard Style

Carrier T., Victor P., Tekeoglu A. and Lashkari A. (2022). Detecting Obfuscated Malware using Memory Feature Engineering. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-553-1, pages 177-188. DOI: 10.5220/0010908200003120

in Bibtex Style

@conference{icissp22,
author={Tristan Carrier and Princy Victor and Ali Tekeoglu and Arash Lashkari},
title={Detecting Obfuscated Malware using Memory Feature Engineering},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2022},
pages={177-188},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010908200003120},
isbn={978-989-758-553-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Detecting Obfuscated Malware using Memory Feature Engineering
SN - 978-989-758-553-1
AU - Carrier T.
AU - Victor P.
AU - Tekeoglu A.
AU - Lashkari A.
PY - 2022
SP - 177
EP - 188
DO - 10.5220/0010908200003120