An Effective Memory Analysis for Malware Detection and Classification
The study of malware behaviors, over the last years, has received tremendous attention from researchers for the purpose of reducing malware risks. Most of the investigating experiments are performed using either static analysis or behavior analysis. However, recent studies have shown that both analy...
Gespeichert in:
| Veröffentlicht in: | Computers, materials & continua materials & continua, 2021, Vol.67 (2), p.2301-2320 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 2320 |
|---|---|
| container_issue | 2 |
| container_start_page | 2301 |
| container_title | Computers, materials & continua |
| container_volume | 67 |
| creator | Sihwail, Rami Omar, Khairuddin Akram Zainol Ariffin, Khairul |
| description | The study of malware behaviors, over the last years, has received tremendous attention from researchers for the purpose of reducing malware risks. Most of the investigating experiments are performed using either static analysis or behavior analysis. However, recent studies have shown that both analyses are vulnerable to modern malware files that use several techniques to avoid analysis and detection. Therefore, extracted features could be meaningless and a distraction for malware analysts. However, the volatile memory can expose useful information about malware behaviors and characteristics. In addition, memory analysis is capable of detecting unconventional malware, such as in-memory and fileless malware. However, memory features have not been fully utilized yet. Therefore, this work aims to present a new malware detection and classification approach that extracts memory-based features from memory images using memory forensic techniques. The extracted features can expose the malware’s real behaviors, such as interacting with the operating system, DLL and process injection, communicating with command and control site, and requesting higher privileges to perform specific tasks. We also applied feature engineering and converted the features to binary vectors before training and testing the classifiers. The experiments show that the proposed approach has a high classification accuracy rate of 98.5% and a false positive rate as low as 1.24% using the SVM classifier. The efficiency of the approach has been evaluated by comparing it with other related works. Also, a new memory-based dataset consisting of 2502 malware files and 966 benign samples forming 8898 features and belonging to six memory types has been created and published online for research purposes. |
| doi_str_mv | 10.32604/cmc.2021.014510 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2691782710</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2691782710</sourcerecordid><originalsourceid>FETCH-LOGICAL-c313t-ee13955c4e1627720080e2caddea3923b69166dcff86305a88d3ed5121827d693</originalsourceid><addsrcrecordid>eNpNkE1PwzAMhiMEEmNw5xiJc4fttGl7nMb4kDZxgXMUEkfq1LUj6UD793SMAydb1uNXrx4hbhFmijTk927rZgSEM8C8QDgTEyxynRGRPv-3X4qrlDYASqsaJmI57-QyBHZD88Vyzds-HuS8s-0hNUmGPsq1bb9tZPnAw5HqO2k7LxetTakJjbPH07W4CLZNfPM3p-L9cfm2eM5Wr08vi_kqcwrVkDGjqovC5YyaypIAKmBy1nu2qib1oWvU2rsQKq2gsFXlFfsCCSsqva7VVNydcnex_9xzGsym38exbTI0_pYjhjBScKJc7FOKHMwuNlsbDwbB_MoyoyxzlGVOstQPba5boQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2691782710</pqid></control><display><type>article</type><title>An Effective Memory Analysis for Malware Detection and Classification</title><source>EZB-FREE-00999 freely available EZB journals</source><creator>Sihwail, Rami ; Omar, Khairuddin ; Akram Zainol Ariffin, Khairul</creator><creatorcontrib>Sihwail, Rami ; Omar, Khairuddin ; Akram Zainol Ariffin, Khairul</creatorcontrib><description>The study of malware behaviors, over the last years, has received tremendous attention from researchers for the purpose of reducing malware risks. Most of the investigating experiments are performed using either static analysis or behavior analysis. However, recent studies have shown that both analyses are vulnerable to modern malware files that use several techniques to avoid analysis and detection. Therefore, extracted features could be meaningless and a distraction for malware analysts. However, the volatile memory can expose useful information about malware behaviors and characteristics. In addition, memory analysis is capable of detecting unconventional malware, such as in-memory and fileless malware. However, memory features have not been fully utilized yet. Therefore, this work aims to present a new malware detection and classification approach that extracts memory-based features from memory images using memory forensic techniques. The extracted features can expose the malware’s real behaviors, such as interacting with the operating system, DLL and process injection, communicating with command and control site, and requesting higher privileges to perform specific tasks. We also applied feature engineering and converted the features to binary vectors before training and testing the classifiers. The experiments show that the proposed approach has a high classification accuracy rate of 98.5% and a false positive rate as low as 1.24% using the SVM classifier. The efficiency of the approach has been evaluated by comparing it with other related works. Also, a new memory-based dataset consisting of 2502 malware files and 966 benign samples forming 8898 features and belonging to six memory types has been created and published online for research purposes.</description><identifier>ISSN: 1546-2226</identifier><identifier>ISSN: 1546-2218</identifier><identifier>EISSN: 1546-2226</identifier><identifier>DOI: 10.32604/cmc.2021.014510</identifier><language>eng</language><publisher>Henderson: Tech Science Press</publisher><subject>Classifiers ; Command and control ; Communication ; Feature extraction ; Forensic computing ; Image classification ; Malware ; Support vector machines</subject><ispartof>Computers, materials & continua, 2021, Vol.67 (2), p.2301-2320</ispartof><rights>2021. This work is licensed under https://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c313t-ee13955c4e1627720080e2caddea3923b69166dcff86305a88d3ed5121827d693</citedby><cites>FETCH-LOGICAL-c313t-ee13955c4e1627720080e2caddea3923b69166dcff86305a88d3ed5121827d693</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>315,781,785,4025,27925,27926,27927</link.rule.ids></links><search><creatorcontrib>Sihwail, Rami</creatorcontrib><creatorcontrib>Omar, Khairuddin</creatorcontrib><creatorcontrib>Akram Zainol Ariffin, Khairul</creatorcontrib><title>An Effective Memory Analysis for Malware Detection and Classification</title><title>Computers, materials & continua</title><description>The study of malware behaviors, over the last years, has received tremendous attention from researchers for the purpose of reducing malware risks. Most of the investigating experiments are performed using either static analysis or behavior analysis. However, recent studies have shown that both analyses are vulnerable to modern malware files that use several techniques to avoid analysis and detection. Therefore, extracted features could be meaningless and a distraction for malware analysts. However, the volatile memory can expose useful information about malware behaviors and characteristics. In addition, memory analysis is capable of detecting unconventional malware, such as in-memory and fileless malware. However, memory features have not been fully utilized yet. Therefore, this work aims to present a new malware detection and classification approach that extracts memory-based features from memory images using memory forensic techniques. The extracted features can expose the malware’s real behaviors, such as interacting with the operating system, DLL and process injection, communicating with command and control site, and requesting higher privileges to perform specific tasks. We also applied feature engineering and converted the features to binary vectors before training and testing the classifiers. The experiments show that the proposed approach has a high classification accuracy rate of 98.5% and a false positive rate as low as 1.24% using the SVM classifier. The efficiency of the approach has been evaluated by comparing it with other related works. Also, a new memory-based dataset consisting of 2502 malware files and 966 benign samples forming 8898 features and belonging to six memory types has been created and published online for research purposes.</description><subject>Classifiers</subject><subject>Command and control</subject><subject>Communication</subject><subject>Feature extraction</subject><subject>Forensic computing</subject><subject>Image classification</subject><subject>Malware</subject><subject>Support vector machines</subject><issn>1546-2226</issn><issn>1546-2218</issn><issn>1546-2226</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><recordid>eNpNkE1PwzAMhiMEEmNw5xiJc4fttGl7nMb4kDZxgXMUEkfq1LUj6UD793SMAydb1uNXrx4hbhFmijTk927rZgSEM8C8QDgTEyxynRGRPv-3X4qrlDYASqsaJmI57-QyBHZD88Vyzds-HuS8s-0hNUmGPsq1bb9tZPnAw5HqO2k7LxetTakJjbPH07W4CLZNfPM3p-L9cfm2eM5Wr08vi_kqcwrVkDGjqovC5YyaypIAKmBy1nu2qib1oWvU2rsQKq2gsFXlFfsCCSsqva7VVNydcnex_9xzGsym38exbTI0_pYjhjBScKJc7FOKHMwuNlsbDwbB_MoyoyxzlGVOstQPba5boQ</recordid><startdate>2021</startdate><enddate>2021</enddate><creator>Sihwail, Rami</creator><creator>Omar, Khairuddin</creator><creator>Akram Zainol Ariffin, Khairul</creator><general>Tech Science Press</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope></search><sort><creationdate>2021</creationdate><title>An Effective Memory Analysis for Malware Detection and Classification</title><author>Sihwail, Rami ; Omar, Khairuddin ; Akram Zainol Ariffin, Khairul</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c313t-ee13955c4e1627720080e2caddea3923b69166dcff86305a88d3ed5121827d693</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Classifiers</topic><topic>Command and control</topic><topic>Communication</topic><topic>Feature extraction</topic><topic>Forensic computing</topic><topic>Image classification</topic><topic>Malware</topic><topic>Support vector machines</topic><toplevel>online_resources</toplevel><creatorcontrib>Sihwail, Rami</creatorcontrib><creatorcontrib>Omar, Khairuddin</creatorcontrib><creatorcontrib>Akram Zainol Ariffin, Khairul</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><jtitle>Computers, materials & continua</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Sihwail, Rami</au><au>Omar, Khairuddin</au><au>Akram Zainol Ariffin, Khairul</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>An Effective Memory Analysis for Malware Detection and Classification</atitle><jtitle>Computers, materials & continua</jtitle><date>2021</date><risdate>2021</risdate><volume>67</volume><issue>2</issue><spage>2301</spage><epage>2320</epage><pages>2301-2320</pages><issn>1546-2226</issn><issn>1546-2218</issn><eissn>1546-2226</eissn><abstract>The study of malware behaviors, over the last years, has received tremendous attention from researchers for the purpose of reducing malware risks. Most of the investigating experiments are performed using either static analysis or behavior analysis. However, recent studies have shown that both analyses are vulnerable to modern malware files that use several techniques to avoid analysis and detection. Therefore, extracted features could be meaningless and a distraction for malware analysts. However, the volatile memory can expose useful information about malware behaviors and characteristics. In addition, memory analysis is capable of detecting unconventional malware, such as in-memory and fileless malware. However, memory features have not been fully utilized yet. Therefore, this work aims to present a new malware detection and classification approach that extracts memory-based features from memory images using memory forensic techniques. The extracted features can expose the malware’s real behaviors, such as interacting with the operating system, DLL and process injection, communicating with command and control site, and requesting higher privileges to perform specific tasks. We also applied feature engineering and converted the features to binary vectors before training and testing the classifiers. The experiments show that the proposed approach has a high classification accuracy rate of 98.5% and a false positive rate as low as 1.24% using the SVM classifier. The efficiency of the approach has been evaluated by comparing it with other related works. Also, a new memory-based dataset consisting of 2502 malware files and 966 benign samples forming 8898 features and belonging to six memory types has been created and published online for research purposes.</abstract><cop>Henderson</cop><pub>Tech Science Press</pub><doi>10.32604/cmc.2021.014510</doi><tpages>20</tpages><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1546-2226 |
| ispartof | Computers, materials & continua, 2021, Vol.67 (2), p.2301-2320 |
| issn | 1546-2226 1546-2218 1546-2226 |
| language | eng |
| recordid | cdi_proquest_journals_2691782710 |
| source | EZB-FREE-00999 freely available EZB journals |
| subjects | Classifiers Command and control Communication Feature extraction Forensic computing Image classification Malware Support vector machines |
| title | An Effective Memory Analysis for Malware Detection and Classification |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-18T04%3A48%3A22IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=An%20Effective%20Memory%20Analysis%20for%20Malware%20Detection%20and%20Classification&rft.jtitle=Computers,%20materials%20&%20continua&rft.au=Sihwail,%20Rami&rft.date=2021&rft.volume=67&rft.issue=2&rft.spage=2301&rft.epage=2320&rft.pages=2301-2320&rft.issn=1546-2226&rft.eissn=1546-2226&rft_id=info:doi/10.32604/cmc.2021.014510&rft_dat=%3Cproquest_cross%3E2691782710%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2691782710&rft_id=info:pmid/&rfr_iscdi=true |