Advanced memory forensics for malware classification with deep learning algorithms

The growing complexity of malware, especially polymorphic and obfuscated variants, has exposed significant limitations in traditional detection methods. This study addresses these challenges using memory forensics to detect and classify malware through deep learning algorithms. Memory-based features...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Cluster computing Jg. 28; H. 6; S. 353
Hauptverfasser: Odeh, Ammar, Taleb, Anas Abu, Alhajahjeh, Tareq, Navarro, Francisco
Format: Journal Article
Sprache:Englisch
Veröffentlicht: New York Springer US 01.10.2025
Springer Nature B.V
Schlagworte:
Accuracy
Algorithms
Artificial neural networks
Behavior
Classification
Computer Communication Networks
Computer Science
Cybersecurity
Deep learning
Feature extraction
Feature selection
Forensic computing
Forensic sciences
Machine learning
Malware
Methods
Operating Systems
Processor Architectures
Recurrent neural networks
Security systems
Threats
Deep learning
Recurrent neural networks
Autoencoders
Memory forensics
Feature extraction
Convolutional neural networks
Malware detection
ISSN:1386-7857, 1573-7543
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The growing complexity of malware, especially polymorphic and obfuscated variants, has exposed significant limitations in traditional detection methods. This study addresses these challenges using memory forensics to detect and classify malware through deep learning algorithms. Memory-based features, including memory pages, threads, open files, user sessions, system calls, and kernel modules, were extracted from memory dumps using the Volatility and Rekall frameworks. Three deep learning models—Convolutional Neural Networks (CNNs), Recurrent Neural Networks (RNNs), and Autoencoders—were applied to analyze the extracted features. The dataset was divided into ten subsets using 10-fold cross-validation to ensure robustness and prevent overfitting. The models’ performance was evaluated using accuracy, precision, recall, and F1-score metrics. The results show that CNNs and RNNs consistently outperformed Autoencoders, with CNNs achieving the highest accuracy of 97.8%. These findings demonstrate the superior effectiveness of CNNs and RNNs in detecting malware using memory-based data. This research establishes deep learning algorithms, particularly CNNs and RNNs, as powerful tools for malware detection in cybersecurity. In conclusion, this study contributes to ongoing efforts to enhance malware detection systems by leveraging memory forensics and deep learning. Future work will explore additional feature extraction techniques and hybrid model architectures to improve detection accuracy further and reduce false positives.
Bibliographie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1386-7857
1573-7543
DOI:10.1007/s10586-025-05104-7