1 year ago
32
JSAN, Vol. 12, Pages 5: Effective One-Class Classifier Model for Memory Dump Malware Detection
Journal of Sensor and Actuator Networks doi: 10.3390/jsan12010005
Authors: Mahmoud Al-Qudah Zein Ashi Mohammad Alnabhan Qasem Abu Al-Haija
Malware complexity is rapidly increasing, causing catastrophic impacts on computer systems. Memory dump malware is gaining increased attention due to its ability to expose plaintext passwords or key encryption files. This paper presents an enhanced classification model based on One class SVM (OCSVM) classifier that can identify any deviation from the normal memory dump file patterns and detect it as malware. The proposed model integrates OCSVM and Principal Component Analysis (PCA) for increased model sensitivity and efficiency. An up-to-date dataset known as “MALMEMANALYSIS-2022” was utilized during the evaluation phase of this study. The accuracy achieved by the traditional one-class classification (TOCC) model was 55%, compared to 99.4% in the one-class classification with the PCA (OCC-PCA) model. Such results have confirmed the improved performance achieved by the proposed model.
