Unveiling the Veiled: Unmasking Fileless Malware through Memory Forensics and Machine Learning

Abstract

In recent times, significant advancements within the realm of malware development have dramatically reshaped the entire landscape. The reasons for targeting a system have undergone a complete transformation, shifting from file-based to fileless malware.Fileless malware poses a significant cybersecurity threat, challenging traditional detection methods. This research introduces an innovative approach that combines memory forensics and machine learning to effectively detect and mitigate fileless malware. By analyzing volatile memory and leveraging machine learning algorithms, our system automates detection.We employ virtual machines to capture memory snapshots and conduct thorough analysis using the Volatility framework. Among various algorithms, we have determined that the Random Forest algorithm is the most effective, achieving an impressive overall accuracy rate of 93.33%. Specifically, it demonstrates a True Positive Rate (TPR) of 87.5% while maintaining a zero False Positive Rate (FPR) when applied to fileless malware obtained from HatchingTriage, AnyRun, VirusShare, PolySwarm, and JoESandbox datasets. To enhance user interaction, a user-friendly graphical interface is provided, and scalability and processing capabilities are optimized through Amazon Web Services.Experimental evaluations demonstrate high accuracy and efficiency in detecting fileless malware. This framework contributes to the advancement of cybersecurity, providing practical tools for detecting against evolving fileless malware threats.