Obfuscated Privacy Malware Classifiers Based on Memory Dumping Analysis

David Cevallos-Salas; Felipe Grijalva; Jose Estrada-Jimenez; Diego Benitez; Roberto Andrade

doi:10.1109/ACCESS.2024.3358840

IEEE Access (Jan 2024)

Obfuscated Privacy Malware Classifiers Based on Memory Dumping Analysis

David Cevallos-Salas,
Felipe Grijalva,
Jose Estrada-Jimenez,
Diego Benitez,
Roberto Andrade

Affiliations

David Cevallos-Salas: ORCiD; Departamento de Electrónica, Telecomunicaciones y Redes de Información, Facultad de Ingeniería Eléctrica y Electrónica, Escuela Politécnica Nacional, Quito, Ecuador
Felipe Grijalva: ORCiD; Colegio de Ciencias e Ingenierías “El Politécnico,”, Universidad San Francisco de Quito (USFQ), Quito, Ecuador
Jose Estrada-Jimenez: ORCiD; Departamento de Electrónica, Telecomunicaciones y Redes de Información, Facultad de Ingeniería Eléctrica y Electrónica, Escuela Politécnica Nacional, Quito, Ecuador
Diego Benitez: ORCiD; Colegio de Ciencias e Ingenierías “El Politécnico,”, Universidad San Francisco de Quito (USFQ), Quito, Ecuador
Roberto Andrade: ORCiD; Departamento de Informática y Ciencias de la Computación, Facultad de Ingeniería en Sistemas, Escuela Politécnica Nacional, Quito, Ecuador

DOI: https://doi.org/10.1109/ACCESS.2024.3358840
Journal volume & issue: Vol. 12
pp. 17481 – 17498

Abstract

Read online

Malware targeting user privacy has seen a surge in recent times, attributed to evolving global regulations and the boost of electronic commerce and online services. Moreover, recognizing privacy malware that employs obfuscation as evasion mechanism presents a major challenge due to its dynamics, resilience, and polymorphism at runtime, necessitating the application of forensic techniques such as memory dumping analysis in order to reveal suitable patterns and behaviors that enable its subsequent detection and classification. In this paper, we present three obfuscated privacy malware classifiers trained on the CIC-MalMem-2022 dataset. These solutions include a binary classifier to distinguish benign from malicious samples using logistic regression (LR), a multiclass classifier that further categorizes benign, spyware, ransomware, and trojan horse obfuscated privacy malware; and a more detailed multiclass classifier capable of discriminating benign samples from fifteen specific obfuscated privacy malware families. Multiclass classifiers were built using several traditional machine learning algorithms and a novel Deep Neural Network (DNN). We applied the Synthetic Minority Oversampling Technique (SMOTE) to address data imbalances. In particular, our results demonstrate that DNN outperforms traditional machine learning algorithms, yielding statistically significant improvements in key metrics. These achievements reach practical thresholds, suggesting the potential for enhanced malware protection systems. The dataset and all the coding files required for experiments reproducibility are publicly available at https://github.com/dcevallossalas/PrivacyMalwareClassifiers.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords