Memory-efficient detection of large-scale obfuscated malware

Obfuscation techniques are frequently used in malicious programs to evade detection. However, current effective methods often require much memory space during training. This paper proposes a machine-learning-based solution to the malware detection problem that consumes fewer memory resources. We use hash and sparse matrix to build a text bag of words to reduce memory usage during training. Experiments show that our approach reduces the memory footprint by 95% when using 110,000 text data for confusion recognition training compared to the existing model. In the de-obfuscation step, our method improves the recognition accuracy of the import table function by 40%. Our model achieves shallow memory usage during confusion recognition training and enhances the accuracy of imported table recognition. Additionally, the confusion recognition accuracy is only about 10% lower than the confusion recognition model before the improvement. Copyright © 2024 Inderscience Enterprises Ltd.