{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,3]],"date-time":"2026-07-03T16:44:54Z","timestamp":1783097094185,"version":"3.54.6"},"reference-count":34,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2024,1,25]],"date-time":"2024-01-25T00:00:00Z","timestamp":1706140800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2024,1,25]],"date-time":"2024-01-25T00:00:00Z","timestamp":1706140800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title><jats:p>In the realm of cybersecurity, the detection and analysis of obfuscated malware remain a critical challenge, especially in the context of memory dumps. This research paper presents a novel machine learning-based framework designed to enhance the detection and analytical capabilities against such elusive threats for binary and multi type\u2019s malware. Our approach leverages a comprehensive dataset comprising benign and malicious memory dumps, encompassing a wide array of obfuscated malware types including Spyware, Ransomware, and Trojan Horses with their sub-categories. We begin by employing rigorous data preprocessing methods, including the normalization of memory dumps and encoding of categorical data. To tackle the issue of class imbalance, a Synthetic Minority Over-sampling Technique is utilized, ensuring a balanced representation of various malware types. Feature selection is meticulously conducted through Chi-Square tests, mutual information, and correlation analyses, refining the model\u2019s focus on the most indicative attributes of obfuscated malware. The heart of our framework lies in the deployment of an Ensemble-based Classifier, chosen for its robustness and effectiveness in handling complex data structures. The model\u2019s performance is rigorously evaluated using a suite of metrics, including accuracy, precision, recall, F1-score, and the area under the ROC curve (AUC) with other evaluation metrics to assess the model\u2019s efficiency. The proposed model demonstrates a detection accuracy exceeding 99% across all cases, surpassing the performance of all existing models in the realm of malware detection.<\/jats:p>","DOI":"10.1186\/s42400-024-00205-z","type":"journal-article","created":{"date-parts":[[2024,1,25]],"date-time":"2024-01-25T10:02:43Z","timestamp":1706176963000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":48,"title":["Enhanced detection of obfuscated malware in memory dumps: a machine learning approach for advanced cybersecurity"],"prefix":"10.1186","volume":"7","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5120-2911","authenticated-orcid":false,"given":"Md. Alamgir","family":"Hossain","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Md. Saiful","family":"Islam","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2024,1,25]]},"reference":[{"issue":"19","key":"205_CR1","doi-asserted-by":"publisher","first-page":"3142","DOI":"10.3390\/electronics11193142","volume":"11","author":"Q Abu Al-Haija","year":"2022","unstructured":"Abu Al-Haija Q, Odeh A, Qattous H (2022) PDF malware detection based on optimizable decision trees. Electronics 11(19):3142. https:\/\/doi.org\/10.3390\/electronics11193142","journal-title":"Electronics"},{"issue":"11","key":"205_CR2","doi-asserted-by":"publisher","first-page":"2304","DOI":"10.3390\/sym14112304","volume":"14","author":"MS Akhtar","year":"2022","unstructured":"Akhtar MS, Feng T (2022) Malware analysis and detection using machine learning algorithms. Symmetry 14(11):2304. https:\/\/doi.org\/10.3390\/sym14112304","journal-title":"Symmetry"},{"issue":"1","key":"205_CR3","doi-asserted-by":"publisher","first-page":"5","DOI":"10.3390\/jsan12010005","volume":"12","author":"M Al-Qudah","year":"2023","unstructured":"Al-Qudah M, Ashi Z, Alnabhan M, Abu Al-Haija Q (2023) Effective one-class classifier model for memory dump malware detection. J Sens Actuator Netw 12(1):5. https:\/\/doi.org\/10.3390\/jsan12010005","journal-title":"J Sens Actuator Netw"},{"key":"205_CR4","doi-asserted-by":"crossref","unstructured":"Asghar HJ, Zhao BZH, Ikram M, Nguyen G, Kaafar D, Lamont S, Coscia D (2023) Use of cryptography in malware obfuscation (arXiv:2212.04008; Issue arXiv:2212.04008). http:\/\/arxiv.org\/abs\/2212.04008","DOI":"10.1007\/s11416-023-00504-y"},{"key":"205_CR5","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102490","volume":"111","author":"C Beaman","year":"2021","unstructured":"Beaman C, Barkworth A, Akande TD, Hakak S, Khan MK (2021) Ransomware: recent advances, analysis, challenges and future research directions. Comput Secur 111:102490. https:\/\/doi.org\/10.1016\/j.cose.2021.102490","journal-title":"Comput Secur"},{"key":"205_CR6","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.102166","volume":"103","author":"AS Bozkir","year":"2021","unstructured":"Bozkir AS, Tahillioglu E, Aydos M, Kara I (2021) Catch them alive: a malware detection approach through memory forensics, manifold learning and computer vision. Comput Secur 103:102166. https:\/\/doi.org\/10.1016\/j.cose.2020.102166","journal-title":"Comput Secur"},{"key":"205_CR7","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2023\/8227751","volume":"2023","author":"K Brezinski","year":"2023","unstructured":"Brezinski K, Ferens K (2023) Metamorphic malware and obfuscation: a survey of techniques, variants, and generation kits. Secur Commun Netw 2023:1\u201341. https:\/\/doi.org\/10.1155\/2023\/8227751","journal-title":"Secur Commun Netw"},{"key":"205_CR8","doi-asserted-by":"publisher","unstructured":"Carrier T, Victor P, Tekeoglu A, Lashkari A (2022) Detecting obfuscated malware using memory feature engineering. In: Proceedings of the 8th international conference on information systems security and privacy, pp 177\u2013188. https:\/\/doi.org\/10.5220\/0010908200003120","DOI":"10.5220\/0010908200003120"},{"issue":"6","key":"205_CR9","doi-asserted-by":"publisher","first-page":"4060","DOI":"10.3390\/app13064060","volume":"13","author":"Z Chen","year":"2023","unstructured":"Chen Z, Ren X (2023) An efficient boosting-based windows malware family classification system using multi-features fusion. Appl Sci 13(6):4060. https:\/\/doi.org\/10.3390\/app13064060","journal-title":"Appl Sci"},{"key":"205_CR10","doi-asserted-by":"publisher","first-page":"731","DOI":"10.1007\/978-981-19-8069-5_54","volume-title":"Future data and security engineering. Big data, security and privacy, smart city and industry 4.0 applications","author":"Q-V Dang","year":"2022","unstructured":"Dang Q-V (2022) Enhancing obfuscated malware detection with machine learning techniques. In: Dang TK, K\u00fcng J, Chung TM (eds) Future data and security engineering. Big data, security and privacy, smart city and industry 4.0 applications, vol 1688. Springer, Singapore, pp 731\u2013738. https:\/\/doi.org\/10.1007\/978-981-19-8069-5_54"},{"key":"205_CR11","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1007\/978-981-99-7216-6_2","volume-title":"Power engineering and intelligent systems","author":"Q-V Dang","year":"2024","unstructured":"Dang Q-V (2024) Detecting obfuscated malware using graph neural networks. In: Shrivastava V, Bansal JC, Panigrahi BK (eds) Power engineering and intelligent systems, vol 1097. Springer, Singapore, pp 15\u201325. https:\/\/doi.org\/10.1007\/978-981-99-7216-6_2"},{"key":"205_CR12","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2022\/5852412","volume":"2022","author":"R Dugyala","year":"2022","unstructured":"Dugyala R, Reddy NH, Maheswari VU, Mohammad GB, Alenezi F, Polat K (2022) Analysis of malware detection and signature generation using a novel hybrid approach. Math Probl Eng 2022:1\u201313. https:\/\/doi.org\/10.1155\/2022\/5852412","journal-title":"Math Probl Eng"},{"key":"205_CR13","unstructured":"Federici M, Ruhe D, Forr\u00e9 P (2023) On the effectiveness of hybrid mutual information estimation. arXiv:2306.00608; http:\/\/arxiv.org\/abs\/2306.00608"},{"key":"205_CR14","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102838","volume":"121","author":"I Finder","year":"2022","unstructured":"Finder I, Sheetrit E, Nissim N (2022) A time-interval-based active learning framework for enhanced PE malware acquisition and detection. Comput Secur 121:102838. https:\/\/doi.org\/10.1016\/j.cose.2022.102838","journal-title":"Comput Secur"},{"key":"205_CR15","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/978-3-031-42430-4_5","volume-title":"Recent challenges in intelligent information and database systems","author":"NZ Gorment","year":"2023","unstructured":"Gorment NZ, Selamat A, Krejcar O (2023) Obfuscated malware detection: impacts on detection methods. In: Nguyen NT, Boonsang S, Fujita H, Hnatkowska B, Hong T-P, Pasupa K, Selamat A (eds) Recent challenges in intelligent information and database systems, vol 1863. Springer, Cham, pp 55\u201366. https:\/\/doi.org\/10.1007\/978-3-031-42430-4_5"},{"key":"205_CR16","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2023.122255","author":"H Haidros Rahima Manzil","year":"2023","unstructured":"Haidros Rahima Manzil H, Manohar Naik S (2023) Detection approaches for android malware: taxonomy and review analysis. Expert Syst Appl. https:\/\/doi.org\/10.1016\/j.eswa.2023.122255","journal-title":"Expert Syst Appl"},{"issue":"2","key":"205_CR17","doi-asserted-by":"publisher","first-page":"165","DOI":"10.37256\/aie.4220233337","volume":"4","author":"MA Hossain","year":"2023","unstructured":"Hossain MA (2023) Enhanced ensemble-based distributed denial-of-service (DDoS) attack detection with novel feature selection: a robust cybersecurity approach. Artif Intell Evol 4(2):165\u2013186. https:\/\/doi.org\/10.37256\/aie.4220233337","journal-title":"Artif Intell Evol"},{"key":"205_CR18","doi-asserted-by":"publisher","DOI":"10.1016\/j.array.2023.100306","author":"MA Hossain","year":"2023","unstructured":"Hossain MA, Islam MS (2023a) Ensuring network security with a robust intrusion detection system using ensemble-based machine learning. Array. https:\/\/doi.org\/10.1016\/j.array.2023.100306","journal-title":"Array"},{"issue":"1","key":"205_CR19","doi-asserted-by":"publisher","first-page":"21207","DOI":"10.1038\/s41598-023-48230-1","volume":"13","author":"MA Hossain","year":"2023","unstructured":"Hossain MA, Islam MS (2023b) A novel hybrid feature selection and ensemble-based machine learning approach for botnet detection. Sci Rep 13(1):21207. https:\/\/doi.org\/10.1038\/s41598-023-48230-1","journal-title":"Sci Rep"},{"key":"205_CR20","doi-asserted-by":"publisher","first-page":"5369","DOI":"10.1109\/BigData52589.2021.9671434","volume":"2021","author":"MJ Hossain Faruk","year":"2021","unstructured":"Hossain Faruk MJ, Shahriar H, Valero M, Barsha FL, Sobhan S, Khan MA, Whitman M, Cuzzocrea A, Lo D, Rahman A, Wu F (2021) Malware detection and prevention using artificial intelligence techniques. IEEE Int Conf Big Data (big Data) 2021:5369\u20135377. https:\/\/doi.org\/10.1109\/BigData52589.2021.9671434","journal-title":"IEEE Int Conf Big Data (big Data)"},{"key":"205_CR21","doi-asserted-by":"publisher","unstructured":"Lashkari AH, Li B, Carrier TL, Kaur G (2021) VolMemLyzer: volatile memory analyzer for malware classification using feature engineering. In: 2021 reconciling data analytics, automation, privacy, and security: a big data challenge (RDAAPS), pp 1\u20138. https:\/\/doi.org\/10.1109\/RDAAPS48126.2021.9452028","DOI":"10.1109\/RDAAPS48126.2021.9452028"},{"issue":"5","key":"205_CR22","doi-asserted-by":"publisher","first-page":"2894","DOI":"10.3390\/app13052894","volume":"13","author":"K Lee","year":"2023","unstructured":"Lee K, Lee J, Yim K (2023) Classification and analysis of malicious code detection techniques based on the APT attack. Appl Sci 13(5):2894. https:\/\/doi.org\/10.3390\/app13052894","journal-title":"Appl Sci"},{"issue":"16","key":"205_CR23","doi-asserted-by":"publisher","first-page":"11259","DOI":"10.1007\/s00500-023-08587-x","volume":"27","author":"H Mamdouh Farghaly","year":"2023","unstructured":"Mamdouh Farghaly H, Abd El-Hafeez T (2023) A high-quality feature selection method based on frequent and correlated items for text classification. Soft Comput 27(16):11259\u201311274. https:\/\/doi.org\/10.1007\/s00500-023-08587-x","journal-title":"Soft Comput"},{"issue":"1","key":"205_CR24","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1186\/s42400-023-00139-y","volume":"6","author":"HHR Manzil","year":"2023","unstructured":"Manzil HHR, Manohar Naik S (2023) Android malware category detection using a novel feature vector-based machine learning model. Cybersecurity 6(1):6. https:\/\/doi.org\/10.1186\/s42400-023-00139-y","journal-title":"Cybersecurity"},{"issue":"6","key":"205_CR25","doi-asserted-by":"publisher","first-page":"3413","DOI":"10.1016\/j.jksuci.2021.01.014","volume":"34","author":"NU Maulidevi","year":"2022","unstructured":"Maulidevi NU, Surendro K (2022) SMOTE-LOF for noise identification in imbalanced data classification. J King Saud Univ Comput Inf Sci 34(6):3413\u20133423. https:\/\/doi.org\/10.1016\/j.jksuci.2021.01.014","journal-title":"J King Saud Univ Comput Inf Sci"},{"key":"205_CR26","doi-asserted-by":"publisher","unstructured":"Mezina A, Burget R (2022). Obfuscated malware detection using dilated convolutional network. In: 2022 14th international congress on ultra modern telecommunications and control systems and workshops (ICUMT), pp 110\u2013115. https:\/\/doi.org\/10.1109\/ICUMT57764.2022.9943443","DOI":"10.1109\/ICUMT57764.2022.9943443"},{"issue":"11","key":"205_CR27","doi-asserted-by":"publisher","first-page":"1978","DOI":"10.3390\/sym15111978","volume":"15","author":"BI Mukhtar","year":"2023","unstructured":"Mukhtar BI, Elsayed MS, Jurcut AD, Azer MA (2023) IoT vulnerabilities and attacks: SILEX malware case study. Symmetry 15(11):1978. https:\/\/doi.org\/10.3390\/sym15111978","journal-title":"Symmetry"},{"key":"205_CR28","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2022\/9156514","volume":"2022","author":"MR Naeem","year":"2022","unstructured":"Naeem MR, Khan M, Abdullah AM, Noor F, Khan MI, Khan MA, Ullah I, Room S (2022) A malware detection scheme via smart memory forensics for windows devices. Mob Inf Syst 2022:1\u201316. https:\/\/doi.org\/10.1155\/2022\/9156514","journal-title":"Mob Inf Syst"},{"key":"205_CR29","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.neucom.2022.08.055","volume":"510","author":"G Ngo","year":"2022","unstructured":"Ngo G, Beard R, Chandra R (2022) Evolutionary bagging for ensemble learning. Neurocomputing 510:1\u201314. https:\/\/doi.org\/10.1016\/j.neucom.2022.08.055","journal-title":"Neurocomputing"},{"key":"205_CR30","doi-asserted-by":"publisher","DOI":"10.1016\/j.iswa.2023.200283","volume":"20","author":"KS Roy","year":"2023","unstructured":"Roy KS, Ahmed T, Udas PB, Karim MdE, Majumdar S (2023) MalHyStack: a hybrid stacked ensemble learning framework with feature engineering schemes for obfuscated malware analysis. Intell Syst Appl 20:200283. https:\/\/doi.org\/10.1016\/j.iswa.2023.200283","journal-title":"Intell Syst Appl"},{"key":"205_CR31","doi-asserted-by":"publisher","DOI":"10.1145\/3615669","author":"EM Rudd","year":"2023","unstructured":"Rudd EM, Krisiloff D, Coull S, Olszewski D, Raff E, Holt J (2023) Efficient malware analysis using metric embeddings. Digit Threats Res Pract. https:\/\/doi.org\/10.1145\/3615669","journal-title":"Digit Threats Res Pract"},{"key":"205_CR32","doi-asserted-by":"publisher","first-page":"307","DOI":"10.1007\/978-3-031-25271-6_19","volume-title":"Pan-african artificial intelligence and smart systems","author":"Z Sawadogo","year":"2023","unstructured":"Sawadogo Z, Dembele J-M, Tahar A, Mendy G, Ouya S (2023) DeepMalOb: deep detection of obfuscated android malware. In: NgatchedNkouatchah TM, Woungang I, Tapamo J-R, Viriri S (eds) Pan-african artificial intelligence and smart systems, vol 459. Springer, Cham, pp 307\u2013318. https:\/\/doi.org\/10.1007\/978-3-031-25271-6_19"},{"issue":"11","key":"205_CR33","doi-asserted-by":"publisher","first-page":"5348","DOI":"10.3390\/s23115348","volume":"23","author":"SS Shafin","year":"2023","unstructured":"Shafin SS, Karmakar G, Mareels I (2023) Obfuscated memory malware detection in resource-constrained IoT devices for smart city applications. Sensors 23(11):5348. https:\/\/doi.org\/10.3390\/s23115348","journal-title":"Sensors"},{"key":"205_CR34","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2023.103561","volume":"77","author":"LK Vashishtha","year":"2023","unstructured":"Vashishtha LK, Chatterjee K, Rout SS (2023) An ensemble approach for advance malware memory analysis using image classification techniques. J Inf Secur Appl 77:103561. https:\/\/doi.org\/10.1016\/j.jisa.2023.103561","journal-title":"J Inf Secur Appl"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-024-00205-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-024-00205-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-024-00205-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,25]],"date-time":"2024-01-25T10:06:07Z","timestamp":1706177167000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-024-00205-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,1,25]]},"references-count":34,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024,12]]}},"alternative-id":["205"],"URL":"https:\/\/doi.org\/10.1186\/s42400-024-00205-z","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,1,25]]},"assertion":[{"value":"18 November 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 January 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 January 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors of this paper affirm that there are no competing interest related to this research.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interest"}}],"article-number":"16"}}