Obfuscated Malware Memory Detection Employing Lazy Instance Based Learner Algorithm Based On Manhattan Distance Function

Document Type : Original Article


1 Computer Science Department , College of Science, Charmo University, Sulaimani, Kurdistan Region, Iraq

2 a) Information Technology Department, National Institute of Technology, Sulaymaniyah, Center, Iraq b) Information Technology Department, Bright Technical and Vocational Institute, Sulaymaniyah, Center, Iraq

3 Computer Engineering Technique, Mazaya University College, Nasiriyah, Iraq


Malware is a severe threat to the network and host system security. It is frequently the primary cause of many events, such as Distributed Denial-of-Service attacks (DDoS), spam emails, etc. The detection and elimination of malware are hence the subjects of intensive study. As a result, many antivirus programs have been created to help identify and remove malware. The issue with this antivirus software is that it uses an obsolete method of detecting malware, the signature-matching approach, which the primary forms of code obfuscation may deceive. Since then, this has resulted in the creation of a new generation of metamorphic and polymorphic malware. In this paper, we investigated using the Instance-Based Learner (IBK) algorithm for detecting obfuscated malware in a given dataset. Utilizing the Lazy IBK technique in malware detection is beneficial because the algorithm can accurately detect and classify the obfuscated malware in the dataset using the Manhattan Distance function, one of the most well-known distance metric functions for measuring the distance between points. We analysed an obfuscated malware dataset of 58,596 records selected from 3 malware categories. The algorithm was illustrated on the dataset utilizing 10-fold cross-validation. The results demonstrate that the proposed algorithm can quickly and accurately detect obfuscated malware with an accuracy of 99.99%, a precision of 100%, and a recall of 100%, respectively.


Main Subjects