Identifying Memory Dump Malware Using Supervised Learning

Abstract

Memory analysis is important in detecting malicious programs since it may capture many traits and behaviors. While there is a lot of research in the field, there are several important challenges in malware detection, such as detection rate and sophisticated malware obfuscation. Because sophisticated malware uses obfuscation and other ways to avoid detection, there is a significant demand for a framework that focuses on identifying obfuscation and hidden malware. In this paper, two scenarios were proposed, one with the full dataset and one using the correlation matrix to choose the most effective features for classification. Three classification algorithms were applied against each scenario which are K-nearest neighbor (KNN), Decision Tree (DT), and Random Forest (RF). High detection accuracy has been recorded, reaching 99.90% in identifying normal from an anomaly.