Obfuscated Privacy Malware Classifiers Based on Memory Dumping Analysis

Malware targeting user privacy has seen a surge in recent times, attributed to evolving global regulations and the boost of electronic commerce and online services. Moreover, recognizing privacy malware that employs obfuscation as evasion mechanism presents a major challenge due to its dynamics, resilience, and polymorphism at runtime, necessitating the application of forensic techniques such as memory dumping analysis in order to reveal suitable patterns and behaviors that enable its subsequent detection and classification. In this paper, we present three obfuscated privacy malware classifiers trained on the CIC-MalMem-2022 dataset. These solutions include a binary classifier to distinguish benign from malicious samples using logistic regression (LR), a multiclass classifier that further categorizes benign, spyware, ransomware, and trojan horse obfuscated privacy malware; and a more detailed multiclass classifier capable of discriminating benign samples from fifteen specific obfuscated privacy malware families. Multiclass classifiers were built using several traditional machine learning algorithms and a novel Deep Neural Network (DNN). We applied the Synthetic Minority Oversampling Technique (SMOTE) to address data imbalances. In particular, our results demonstrate that DNN outperforms traditional machine learning algorithms, yielding statistically significant improvements in key metrics. These achievements reach practical thresholds, suggesting the potential for enhanced malware protection systems. The dataset and all the coding files required for experiments reproducibility are publicly available at https://github.com/dcevallossalas/PrivacyMalwareClassifiers.