Memory Analysis of Obfuscated Malware in the CIC-MALMEM-2022 Dataset

Abstract

Memory obfuscation malware is a sophisticated technique used by cybercriminals to avoid detection by antivirus programs and make it difficult for security researchers to analyze. This research work is based on a data set created to represent scenarios in a real environment. It is composed of ransomware, trojans and spyware, providing a data set for the purpose of testing obfuscated malware detection systems. An intelligent analysis of the data used for the present study allows finding common patterns to identify obfuscated malware. The proposed research proposes to carry out an exhaustive analysis to locate types of malwares, relationships and significant differences that allow extracting indicators that can reveal the presence of malware obfuscated in memory. There is a balance of data between the benign crash dump and its malware counterpart. Likewise, the group made up of ransomware, Trojans and spyware in their different categories has a high balance according to the analysis carried out.