Trojan Horse is a major threat that has grown with the spread of the digital world. Data gathered through the study of memory can provide valuable insights into the Trojan Horse’s behavior patterns. Because of this, memory analysis techniques are one of the topics that should be investigated in Trojan Horse detection. This study proposes the use of memory data in Trojan Horse detection. Trojan Horse detection used a decision tree (DT) classifier with memory data. Experiments were performed on the Trojan Horse samples from the CIC-MalMem-2022 dataset. The binary classification was made using DT, gradient boosted tree, Naive Bayes (NB), linear vector support machine, K-nearest neighbors (KNN), and machine learning (ML) classifiers. The comparison of the various classification methods was performed utilizing the accuracy, recall, precision, and F1-score metrics. As a result, the most successful Trojan Horse detection was gained with the DT classifier, which achieved accuracy of 99.96% using memory data. The NB classifier showed the lowest achievement in Trojan Horse detection using memory data, which achieved accuracy of 98.41%. In addition, numerous of the classifiers utilized have attained very high results. Based on the achieved results, the data from memory analysis is very valuable in detecting Trojan Horse.

decision tree; machine learning; malware; trojan horse; obfuscated-malMem2022;