Malware Detection Using Decision Tree Algorithm Based on Memory Features Engineering
DOI:
https://doi.org/10.33633/jais.v7i3.6735Abstract
Malware is malicious software that can harm, manipulate, steal from victim's device system. Due to the diverse needs of using internet services, security threats are also increasingly difficult to detect. now attackers are starting to develop malware that can change their own signature which is referred to as polymorphism. Therefore, improvements in the traditional approach to detecting the presence of malware are needed to be improved. One of the malware detection approaches, memory-based analysis technique has proven to be a powerful and effective analytical technique in studying malware behavior. In this study, the implementation of a Decision Tree-based classification algorithm was carried out to analyze the data set. Classifier model was created for the purpose of classifying malware based on memory features engineering. The result shows that the Decision Tree machine learning algorithm has been well performed with accuracy to 99.982 %, a false positive rate equal to 0.1% and precision equal to 99.977%References
R. Sihwail, K. Omar, and K. A. Zainol Ariffin, “A Survey on Malware Analysis Techniques: Static, Dynamic, Hybrid and Memory Analysis,” Int. J. Adv. Sci. Eng. Inf. Technol., vol. 8, no. 4–2, pp. 1662–1671, 2018.
R. Sihwail, K. Omar, and K. A. Z. Ariffin, “An Effective Memory Analysis for Malware Detection and Classification,” Comput. Mater. Contin., vol. 67, no. 2, pp. 2301–2320, 2021.
S. Banin and G. Olav Dyrkolbotn, “Detection of Previously Unseen Malware using Memory Access Patterns Recorded before the Entry Point,” Proc. - 2020 IEEE Int. Conf. Big Data, Big Data 2020, pp. 2242–2253, 2020.
A. H. Lashkari, B. Li, T. L. Carrier, and G. Kaur, “VolMemLyzer: Volatile Memory Analyzer for Malware Classification using Feature Engineering,” 2021 Reconciling Data Anal. Autom. Privacy, Secur. A Big Data Challenge, RDAAPS 2021, no. Cic, 2021.
B. Khilosiya and K. Makadiya, “Malware Analysis and Detection Using Memory Forensic,” Multidiscip. Int. Res. J. Gujarat Technol. Univ., vol. 2, no. 2, p. 106, 2020.
A. Singh, R. Ikuesan, and H. Venter, “Ransomware Detection using Process Memory,” Int. Conf. Cyber Warf. Secur., vol. 17, no. 1, pp. 413–422, 2022, doi: 10.34190/iccws.17.1.53.
Y. Gao, H. Hasegawa, Y. Yamaguchi, and H. Shimada, “Malware Detection Using Gradient Boosting Decision Trees with Customized Log Loss Function,” in International Conference on Information Networking, 2021, vol. 2021-Janua, pp. 273–278.
R. Sihwail, K. Omar, K. A. Z. Ariffin, and S. Al Afghani, “Malware detection approach based on artifacts in memory image and dynamic analysis,” Appl. Sci., vol. 9, no. 18, 2019.
T. Carrier, P. Victor, A. Tekeoglu, and A. Lashkari, “Detecting Obfuscated Malware using Memory Feature Engineering,” no. Icissp, pp. 177–188, 2022.
M. S. A. B. M. Sari and M. A. Maarof, “Classification of Malware Family Using Decision Tree Algorithm Phase : Features Identification and Classification .,” in UTM Computing Proceedings: Innovations in Computing Technology and Applications, 2017, vol. 2, no. 1, pp. 1–8.
A. Kumar, S. S. Singh, K. Singh, H. K. Shakya, and B. Biswas, An Implementation of Malware Detection System Using Hybrid C4.5 Decision Tree Algorithm, vol. 956, no. January. Springer Singapore, 2019.
F. Ullah et al., “Modified Decision Tree Technique for Ransomware Detection at Runtime through API Calls,” Sci. Program., vol. 2020, 2020.
M. Hossain, S. Rafi, and S. Hossain, “An Optimized Decision Tree based Android Malware Detection Approach using Machine Learning,” in 2020 7th International Conference on Smart Structures and Systems, ICSSS 2020, 2020, pp. 117–125.
Downloads
Published
Issue
Section
License
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).