{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T23:18:05Z","timestamp":1773184685692,"version":"3.50.1"},"reference-count":59,"publisher":"MDPI AG","issue":"19","license":[{"start":{"date-parts":[[2022,10,8]],"date-time":"2022-10-08T00:00:00Z","timestamp":1665187200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Ministry of Higher Education Malaysia","award":["TRGS\/1\/2020\/UNITEN\/01\/1\/2"],"award-info":[{"award-number":["TRGS\/1\/2020\/UNITEN\/01\/1\/2"]}]},{"name":"Universiti Tenaga Nasional","award":["TRGS\/1\/2020\/UNITEN\/01\/1\/2"],"award-info":[{"award-number":["TRGS\/1\/2020\/UNITEN\/01\/1\/2"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Advanced Persistent Threat is an attack campaign in which an intruder or team of intruders establishes a long-term presence on a network to mine sensitive data, which becomes more dangerous when combined with polymorphic malware. This type of malware is not only undetectable, but it also generates multiple variants of the same type of malware in the network and remains in the system\u2019s main memory to avoid detection. Few researchers employ a visualization approach based on a computer\u2019s memory to detect and classify various classes of malware. However, a preprocessing step of denoising the malware images was not considered, which results in an overfitting problem and prevents us from perfectly generalizing a model. In this paper, we introduce a new data engineering approach comprising two main stages: Denoising and Re-Dimensioning. The first aims at reducing or ideally removing the noise in the malware\u2019s memory-based dump files\u2019 transformed images. The latter further processes the cleaned image by compressing them to reduce their dimensionality. This is to avoid the overfitting issue and lower the variance, computing cost, and memory utilization. We then built our machine learning model that implements the new data engineering approach and the result shows that the performance metrics of 97.82% for accuracy, 97.66% for precision, 97.25% for recall, and 97.57% for f1-score are obtained. Our new data engineering approach and machine learning model outperform existing solutions by 0.83% accuracy, 0.30% precision, 1.67% recall, and 1.25% f1-score. In addition to that, the computational time and memory usage have also reduced significantly.<\/jats:p>","DOI":"10.3390\/s22197611","type":"journal-article","created":{"date-parts":[[2022,10,10]],"date-time":"2022-10-10T05:12:21Z","timestamp":1665378741000},"page":"7611","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["Memory Visualization-Based Malware Detection Technique"],"prefix":"10.3390","volume":"22","author":[{"given":"Syed Shakir Hameed","family":"Shah","sequence":"first","affiliation":[{"name":"Institute of Energy Infrastructure, College of Computing and Informatics, Universiti Tenaga Nasional, Kajang 43000, Malaysia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7363-1466","authenticated-orcid":false,"given":"Norziana","family":"Jamil","sequence":"additional","affiliation":[{"name":"Institute of Energy Infrastructure, College of Computing and Informatics, Universiti Tenaga Nasional, Kajang 43000, Malaysia"}]},{"given":"Atta ur Rehman","family":"Khan","sequence":"additional","affiliation":[{"name":"College of Engineering and IT, Ajman University, Ajman 346, United Arab Emirates"}]}],"member":"1968","published-online":{"date-parts":[[2022,10,8]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"5108331","DOI":"10.1155\/2022\/5108331","article-title":"A Novel Machine Learning Technique for Selecting Suitable Image Encryption Algorithms for IoT Applications","volume":"2022","author":"Shafique","year":"2022","journal-title":"Wirel. Commun. Mob. Comput."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"6249","DOI":"10.1109\/ACCESS.2019.2963724","article-title":"A comprehensive review on malware detection approaches","volume":"8","author":"Aslan","year":"2020","journal-title":"IEEE Access"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Harter, G.T., and Rowe, N.C. (2021). Testing Detection of K-Ary Code Obfuscated by Metamorphic and Polymorphic Techniques. National Cyber Summit, Springer.","DOI":"10.1007\/978-3-030-84614-5_9"},{"key":"ref_4","unstructured":"Indusface (2022, June 10). New Malware Report. Available online: https:\/\/www.indusface.com\/blog\/15-malware-statistics-to-take-seriously-in-2022\/#_ednref1."},{"key":"ref_5","unstructured":"AV-TEST (2022, June 12). Malware Development. Available online: https:\/\/www.av-test.org\/en\/statistics\/malware\/."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"55013","DOI":"10.1109\/ACCESS.2018.2872115","article-title":"Masquerading attacks detection in mobile ad hoc networks","volume":"6","author":"Abbas","year":"2018","journal-title":"IEEE Access"},{"key":"ref_7","unstructured":"SecureList (2022, June 10). Mobile Malware Report. Available online: https:\/\/securelist.com\/it-threat-evolution-in-q1-2022-mobile-statistics\/106589\/."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Kaspersky (2022, June 15). Malware Attack on PC. Available online: https:\/\/securelist.com\/it-threat-evolution-in-q1-2022-non-mobile-statistics\/106531\/.","DOI":"10.1155\/2022\/7143054"},{"key":"ref_9","first-page":"1","article-title":"Dynamic malware analysis in the modern era\u2014A state of the art survey","volume":"52","author":"Nissim","year":"2019","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"1662","DOI":"10.18517\/ijaseit.8.4-2.6827","article-title":"A survey on malware analysis techniques: Static, dynamic, hybrid and memory analysis","volume":"8","author":"Sihwail","year":"2018","journal-title":"Int. J. Adv. Sci. Eng. Inf. Technol."},{"key":"ref_11","first-page":"1","article-title":"A comparison of static, dynamic, and hybrid analysis for malware detection","volume":"13","author":"Damodaran","year":"2015","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"ref_12","unstructured":"Nataraj, L., Karthikeyan, S., Jacob, G., and Manjunath, B.S. (2020, January 28). Malware images: Visualization and automatic classification. Proceedings of the 8th International Symposium on Visualization for Cyber Security, Pittsburgh, PA, USA."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"102166","DOI":"10.1016\/j.cose.2020.102166","article-title":"Catch them alive: A malware detection approach through memory forensics, manifold learning and computer vision","volume":"103","author":"Bozkir","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1109\/MSP.2007.45","article-title":"Toward automated dynamic malware analysis using cwsandbox","volume":"5","author":"Willems","year":"2007","journal-title":"Secur. Priv."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"804","DOI":"10.1016\/j.procs.2015.02.149","article-title":"Integrated static and dynamic analysis for malware detection","volume":"46","author":"Shijo","year":"2015","journal-title":"Procedia Comput. Sci."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Sihwail, R., Omar, K., Zainol Ariffin, K.A., and Al Afghani, S. (2019). Malware detection approach based on artifacts in memory image and dynamic analysis. Appl. Sci., 9.","DOI":"10.3390\/app9183680"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"1148","DOI":"10.1109\/TIM.2003.815989","article-title":"A method for estimation and filtering of Gaussian noise in images","volume":"52","author":"Russo","year":"2003","journal-title":"IEEE Trans. Instrum. Meas."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"1962","DOI":"10.1109\/TIP.2021.3049961","article-title":"Digital image noise estimation using DWT coefficients","volume":"30","author":"Pimpalkhute","year":"2021","journal-title":"IEEE Trans. Image Process."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"288","DOI":"10.18178\/ijmlc.2019.9.3.800","article-title":"A review of image denoising and segmentation methods based on medical images","volume":"9","author":"Kollem","year":"2019","journal-title":"Int. J. Mach. Learn. Comput."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Ahmad, K., Khan, J., and Iqbal, M.S.U.D. (2019, January 15\u201317). A comparative study of different denoising techniques in digital image processing. Proceedings of the 2019 8th International Conference on Modeling Simulation and Applied Optimization (ICMSAO), Manama, Bahrain.","DOI":"10.1109\/ICMSAO.2019.8880389"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s11416-018-0314-1","article-title":"Visual malware detection using local malicious pattern","volume":"15","author":"Hashemi","year":"2019","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Kolosnjaji, B., Demontis, A., Biggio, B., Maiorca, D., Giacinto, G., Eckert, C., and Roli, F. (2018, January 3\u20137). Adversarial malware binaries: Evading deep learning for malware detection in executables. Proceedings of the 2018 26th European Signal Processing Conference (EUSIPCO), Rome, Italy.","DOI":"10.23919\/EUSIPCO.2018.8553214"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1016\/S1361-3723(14)70531-7","article-title":"Using feature generation from API calls for malware detection","volume":"2014","author":"Salehi","year":"2014","journal-title":"Comput. Fraud Secur."},{"key":"ref_24","unstructured":"Veeramani, R., and Rai, N. (2012, January 14\u201316). Windows api based malware detection and framework analysis. Proceedings of the International Conference on Networks and Cyber Security, Alexandria, VA, USA."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"253","DOI":"10.1007\/s11416-007-0059-8","article-title":"Software transformations to improve malware detection","volume":"3","author":"Christodorescu","year":"2007","journal-title":"J. Comput. Virol."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1007\/s11416-017-0290-x","article-title":"Trends of anti-analysis operations of malwares observed in API call logs","volume":"14","author":"Oyama","year":"2018","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"ref_27","unstructured":"Mehmood, A., Khan, A.N., and Elhadef, M. (2022). HeuCrip: A malware detection approach for internet of battlefield things. Clust. Comput., 1\u201316."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Cheng, Y., Fan, W., Huang, W., and An, J. (2017, January 13\u201315). A shellcode detection method based on full native api sequence and support vector machine. Proceedings of the IOP Conference Series: Materials Science and Engineering, Birmingham, UK.","DOI":"10.1088\/1757-899X\/242\/1\/012124"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Bayer, U., Kirda, E., and Kruegel, C. (2010, January 22\u201326). Improving the efficiency of dynamic malware analysis. Proceedings of the 2010 ACM Symposium on Applied Computing, Sierre, Switzerland.","DOI":"10.1145\/1774088.1774484"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Udayakumar, N., Anandaselvi, S., and Subbulakshmi, T. (2017, January 7\u20138). Dynamic malware analysis using machine learning algorithm. Proceedings of the 2017 International Conference on Intelligent Sustainable Systems (ICISS), Palladam, India.","DOI":"10.1109\/ISS1.2017.8389286"},{"key":"ref_31","unstructured":"Zhang, Z., Qi, P., and Wang, W. (2020, January 7\u201312). Dynamic malware analysis with feature engineering and feature learning. Proceedings of the AAAI Conference on Artificial Intelligence, New York, NY, USA."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Jindal, C., Salls, C., Aghakhani, H., Long, K., Kruegel, C., and Vigna, G. (2019, January 9\u201313). Neurlux: Dynamic malware analysis without feature engineering. Proceedings of the 35th Annual Computer Security Applications Conference, San Juan, PR, USA.","DOI":"10.1145\/3359789.3359835"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Ijaz, M., Durad, M.H., and Ismail, M. (2019, January 8\u201312). Static and dynamic malware analysis using machine learning. Proceedings of the 2019 16th International Bhurban Conference on Applied Sciences and Technology (IBCAST), Islamabad, Pakistan.","DOI":"10.1109\/IBCAST.2019.8667136"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Raghuraman, C., Suresh, S., Shivshankar, S., and Chapaneri, R. (2019, January 8\u201312). Static and dynamic malware analysis using machine learning. Proceedings of the First International Conference on Sustainable Technologies for Computational Intelligence, Islamabad, Pakistan.","DOI":"10.1007\/978-981-15-0029-9_62"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"5320","DOI":"10.1109\/TII.2019.2896987","article-title":"Simultaneous static and dynamic analysis for fine-scale identification of process operation statuses","volume":"15","author":"Zhang","year":"2019","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"2579","DOI":"10.3390\/electronics11162579","article-title":"Memory Forensics-Based Malware Detection Using Computer Vision and Machine Learning","volume":"11","author":"Shah","year":"2022","journal-title":"Electronics"},{"key":"ref_37","first-page":"2301","article-title":"An effective memory analysis for malware detection and classification","volume":"67","author":"Sihwail","year":"2021","journal-title":"Comput. Mater. Contin."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1016\/j.diin.2018.09.006","article-title":"A malware classification method based on memory dump grayscale image","volume":"27","author":"Dai","year":"2018","journal-title":"Digit. Investig."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Mosli, R., Li, R., Yuan, B., and Pan, Y. (2016, January 10\u201312). Automated malware detection using artifacts in forensic memory images. Proceedings of the 2016 IEEE Symposium on Technologies for Homeland Security (HST), Waltham, MA, USA.","DOI":"10.1109\/THS.2016.7568881"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Rathnayaka, C., and Jamdagni, A. (2017, January 1\u20134). An efficient approach for advanced malware analysis using memory forensic technique. Proceedings of the 2017 IEEE Trustcom\/BigDataSE\/ICESS, Sydney, Australia.","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.365"},{"key":"ref_41","unstructured":"Teller, T., and Hayon, A. (2014). Enhancing Automated Malware Analysis Machines with Memory Analysis, Black Hat."},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"101590","DOI":"10.1016\/j.cose.2019.101590","article-title":"Volatile memory analysis using the MinHash method for efficient and secured detection of malware in private cloud","volume":"87","author":"Nissim","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Tien, C.-W., Liao, J.-W., Chang, S.-C., and Kuo, S.-Y. (2017, January 7\u201310). Memory forensics using virtual machine introspection for Malware analysis. Proceedings of the 2017 IEEE Conference on Dependable and Secure Computing, Taipei, Taiwan.","DOI":"10.1109\/DESEC.2017.8073871"},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Choi, S., Jang, S., Kim, Y., and Kim, J. (2017, January 18\u201320). Malware detection using malware image and deep learning. Proceedings of the 2017 International Conference on Information and Communication Technology Convergence (ICTC), Jeju Island, Korea.","DOI":"10.1109\/ICTC.2017.8190895"},{"key":"ref_45","first-page":"300979","article-title":"Evaluation of live forensic techniques in ransomware attack mitigation","volume":"33","author":"Davies","year":"2020","journal-title":"Forensic Sci. Int. Digit. Investig."},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1016\/j.diin.2017.10.004","article-title":"Leveraging virtual machine introspection with memory forensics to detect and characterize unknown malware using machine learning techniques at hypervisor","volume":"23","author":"Kumara","year":"2017","journal-title":"Digit. Investig."},{"key":"ref_47","unstructured":"Sali, V.R., and Khanuja, H. (2018, January 16\u201318). Ram forensics: The analysis and extraction of malicious processes from memory image using gui based memory forensic toolkit. Proceedings of the 2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA), Pune, India."},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"102515","DOI":"10.1016\/j.cose.2021.102515","article-title":"A novel malware classification and augmentation model based on convolutional neural network","volume":"112","author":"Tekerek","year":"2022","journal-title":"Comput. Secur."},{"key":"ref_49","doi-asserted-by":"crossref","unstructured":"Kalash, M., Rochan, M., Mohammed, N., Bruce, N.D., Wang, Y., and Iqbal, F. (2018, January 26\u201328). Malware classification with deep convolutional neural networks. Proceedings of the 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Paris, France.","DOI":"10.1109\/NTMS.2018.8328749"},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Hemalatha, J., Roseline, S.A., Geetha, S., Kadry, S., and Dama\u0161evi\u010dius, R. (2021). An efficient densenet-based deep learning model for malware detection. Entropy, 23.","DOI":"10.3390\/e23030344"},{"key":"ref_51","doi-asserted-by":"crossref","first-page":"87936","DOI":"10.1109\/ACCESS.2021.3089586","article-title":"A new malware classification framework based on deep learning algorithms","volume":"9","author":"Aslan","year":"2021","journal-title":"IEEE Access"},{"key":"ref_52","unstructured":"Dumpware10 (2022, March 20). Memory Based Malware Dataset. Available online: https:\/\/web.cs.hacettepe.edu.tr\/~selman\/dumpware10\/."},{"key":"ref_53","unstructured":"Norton (2022, June 15). Adware. Available online: https:\/\/us.norton.com\/internetsecurity-emerging-threats-what-is-grayware-adware-and-madware.html."},{"key":"ref_54","unstructured":"Github (2021, November 10). bin2png Version. Available online: https:\/\/github.com\/ESultanik\/bin2png."},{"key":"ref_55","doi-asserted-by":"crossref","first-page":"1747","DOI":"10.1109\/TIP.2005.857261","article-title":"A universal noise removal algorithm with an impulse detector","volume":"14","author":"Garnett","year":"2005","journal-title":"IEEE Trans. Image Process."},{"key":"ref_56","doi-asserted-by":"crossref","unstructured":"Kumain, S.C., Singh, M., Singh, N., and Kumar, K. (2018, January 15\u201317). An efficient Gaussian noise reduction technique for noisy images using optimized filter approach. Proceedings of the 2018 First International Conference on Secure Cyber Computing and Communication (ICSCCC), Jalandhar, India.","DOI":"10.1109\/ICSCCC.2018.8703305"},{"key":"ref_57","first-page":"252","article-title":"Salt and pepper noise: Effects and removal","volume":"2","author":"Azzeh","year":"2018","journal-title":"JOIV Int. J. Inform. Vis."},{"key":"ref_58","doi-asserted-by":"crossref","first-page":"15983","DOI":"10.1109\/ACCESS.2020.2967178","article-title":"Speckle noise reduction in ultrasound images for improving the metrological evaluation of biomedical applications: An overview","volume":"8","author":"Becerra","year":"2020","journal-title":"IEEE Access"},{"key":"ref_59","doi-asserted-by":"crossref","unstructured":"Rezende, E., Ruppert, G., Carvalho, T., Theophilo, A., Ramos, F., and Geus, P.D. (2018). Malicious software classification using VGG16 deep neural network\u2019s bottleneck features. Information Technology-New Generations, Springer.","DOI":"10.1007\/978-3-319-77028-4_9"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/19\/7611\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T00:48:00Z","timestamp":1760143680000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/19\/7611"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10,8]]},"references-count":59,"journal-issue":{"issue":"19","published-online":{"date-parts":[[2022,10]]}},"alternative-id":["s22197611"],"URL":"https:\/\/doi.org\/10.3390\/s22197611","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,10,8]]}}}