Unveiling evasive malware behavior: toward generating a multi-sources benchmark dataset and evasive malware behavior profiling using network traffic and memory analysis

Unveiling evasive malware behavior: toward generating a multi-sources benchmark dataset and evasive malware behavior profiling using network traffic and memory analysis

연구 분야: Safety

학회: The Journal of Supercomputing

The ongoing issue of malware significantly undermines network security. Despite the proliferation of detection techniques, traditional detection methods often struggle to distinguish malware activities accurately. Consequently, there is a growing recognition of the need to leverage artificial intelligence (AI) techniques to enhance malware detection capabilities. However, AI-based approaches heavily depend on data to understand and differentiate various network behaviors. Nonetheless, nowadays, single-source datasets are inadequate to detect all types of malware, as malware can display malicious activity across multiple sources. To address this gap, in this paper, we introduce BCCC-Mal-NetMem-2025, a novel multi-source malware dataset merging memory and network data sources along with a benign user and entity behavioral profiler (BUEBP) to generate background benign data and a new memory data analyzer named VolMemLyzer-V2 to analyze and extract memory features. Our approach addresses shortcomings in current dataset creation and evaluation practices by synthesizing two data sources, aiming to establish a new standard for dataset integrity. Methodologically, we execute 2,000 malware samples across eight families, capturing memory and network data and extracting features for comprehensive analysis. This effort culminates in developing a sophisticated multilayer malware detection system leveraging network and memory data. The proposed model consistently outperforms alternatives in all scenarios through comprehensive evaluation and can identify unknown malicious activities.