Detecting Obfuscated Malware Infections on Windows Using Ensemble Learning Techniques
In the internet and smart devices era, malware detection has become crucial for system security. Obfuscated malware poses significant risks to various platforms, including computers, mobile devices, and IoT devices, by evading advanced security solutions. Traditional heuristic-based and signature-ba...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Russian Academy of Sciences, St. Petersburg Federal Research Center
2025-01-01
|
| Series: | Информатика и автоматизация |
| Subjects: | |
| Online Access: | https://ia.spcras.ru/index.php/sp/article/view/16592 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832592291585327104 |
|---|---|
| author | Yadigar Imamverdiyev Elshan Baghirov John Chukwu Ikechukwu |
| author_facet | Yadigar Imamverdiyev Elshan Baghirov John Chukwu Ikechukwu |
| author_sort | Yadigar Imamverdiyev |
| collection | DOAJ |
| description | In the internet and smart devices era, malware detection has become crucial for system security. Obfuscated malware poses significant risks to various platforms, including computers, mobile devices, and IoT devices, by evading advanced security solutions. Traditional heuristic-based and signature-based methods often fail against these threats. Therefore, a cost-effective detection system was proposed using memory dump analysis and ensemble learning techniques. Utilizing the CIC-MalMem-2022 dataset, the effectiveness of decision trees, gradient-boosted trees, logistic Regression, random forest, and LightGBM in identifying obfuscated malware was evaluated. The study demonstrated the superiority of ensemble learning techniques in enhancing detection accuracy and robustness. Additionally, SHAP (SHapley Additive exPlanations) and LIME (Local Interpretable Model-agnostic Explanations) were employed to elucidate model predictions, improving transparency and trustworthiness. The analysis revealed vital features significantly impacting malware detection, such as process services, active services, file handles, registry keys, and callback functions. These insights are crucial for refining detection strategies and enhancing model performance. The findings contribute to cybersecurity efforts by comprehensively assessing machine learning algorithms for obfuscated malware detection through memory analysis. This paper offers valuable insights for future research and advancements in malware detection, paving the way for more robust and effective cybersecurity solutions in the face of evolving and sophisticated malware threats. |
| format | Article |
| id | doaj-art-74cf8dcc6af84574858c3d8d48102a9a |
| institution | Kabale University |
| issn | 2713-3192 2713-3206 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | Russian Academy of Sciences, St. Petersburg Federal Research Center |
| record_format | Article |
| series | Информатика и автоматизация |
| spelling | doaj-art-74cf8dcc6af84574858c3d8d48102a9a2025-01-21T11:27:24ZengRussian Academy of Sciences, St. Petersburg Federal Research CenterИнформатика и автоматизация2713-31922713-32062025-01-012419912410.15622/ia.24.1.516592Detecting Obfuscated Malware Infections on Windows Using Ensemble Learning TechniquesYadigar Imamverdiyev0Elshan Baghirov1John Chukwu Ikechukwu2Azerbaijan Technical UniversityInstitute of Information Technology of The Ministry of Science and Education of the Azerbaijan RepublicKadir Has UniversityIn the internet and smart devices era, malware detection has become crucial for system security. Obfuscated malware poses significant risks to various platforms, including computers, mobile devices, and IoT devices, by evading advanced security solutions. Traditional heuristic-based and signature-based methods often fail against these threats. Therefore, a cost-effective detection system was proposed using memory dump analysis and ensemble learning techniques. Utilizing the CIC-MalMem-2022 dataset, the effectiveness of decision trees, gradient-boosted trees, logistic Regression, random forest, and LightGBM in identifying obfuscated malware was evaluated. The study demonstrated the superiority of ensemble learning techniques in enhancing detection accuracy and robustness. Additionally, SHAP (SHapley Additive exPlanations) and LIME (Local Interpretable Model-agnostic Explanations) were employed to elucidate model predictions, improving transparency and trustworthiness. The analysis revealed vital features significantly impacting malware detection, such as process services, active services, file handles, registry keys, and callback functions. These insights are crucial for refining detection strategies and enhancing model performance. The findings contribute to cybersecurity efforts by comprehensively assessing machine learning algorithms for obfuscated malware detection through memory analysis. This paper offers valuable insights for future research and advancements in malware detection, paving the way for more robust and effective cybersecurity solutions in the face of evolving and sophisticated malware threats.https://ia.spcras.ru/index.php/sp/article/view/16592malware detectionmachine learningmalware analysiscybersecurity |
| spellingShingle | Yadigar Imamverdiyev Elshan Baghirov John Chukwu Ikechukwu Detecting Obfuscated Malware Infections on Windows Using Ensemble Learning Techniques Информатика и автоматизация malware detection machine learning malware analysis cybersecurity |
| title | Detecting Obfuscated Malware Infections on Windows Using Ensemble Learning Techniques |
| title_full | Detecting Obfuscated Malware Infections on Windows Using Ensemble Learning Techniques |
| title_fullStr | Detecting Obfuscated Malware Infections on Windows Using Ensemble Learning Techniques |
| title_full_unstemmed | Detecting Obfuscated Malware Infections on Windows Using Ensemble Learning Techniques |
| title_short | Detecting Obfuscated Malware Infections on Windows Using Ensemble Learning Techniques |
| title_sort | detecting obfuscated malware infections on windows using ensemble learning techniques |
| topic | malware detection machine learning malware analysis cybersecurity |
| url | https://ia.spcras.ru/index.php/sp/article/view/16592 |
| work_keys_str_mv | AT yadigarimamverdiyev detectingobfuscatedmalwareinfectionsonwindowsusingensemblelearningtechniques AT elshanbaghirov detectingobfuscatedmalwareinfectionsonwindowsusingensemblelearningtechniques AT johnchukwuikechukwu detectingobfuscatedmalwareinfectionsonwindowsusingensemblelearningtechniques |