Using decision tree classifier to detect Trojan Horse based on memory data
Mosleh M. Abualhaj, Sumaya N. Al-Khatib
Abstract
Trojan Horse is a major threat that has grown with the spread of the digital world. Data gathered through the study of memory can provide valuable insights into the Trojan Horse’s behavior patterns. Because of this, memory analysis techniques are one of the topics that should be investigated in Trojan Horse detection. This study proposes the use of memory data in Trojan Horse detection. Trojan Horse detection used a decision tree (DT) classifier with memory data. Experiments were performed on the Trojan Horse samples from the CIC-MalMem-2022 dataset. The binary classification was made using DT, gradient boosted tree, Naive Bayes (NB), linear vector support machine, K-nearest neighbors (KNN), and machine learning (ML) classifiers. The comparison of the various classification methods was performed utilizing the accuracy, recall, precision, and F1-score metrics. As a result, the most successful Trojan Horse detection was gained with the DT classifier, which achieved accuracy of 99.96% using memory data. The NB classifier showed the lowest achievement in Trojan Horse detection using memory data, which achieved accuracy of 98.41%. In addition, numerous of the classifiers utilized have attained very high results. Based on the achieved results, the data from memory analysis is very valuable in detecting Trojan Horse.
Keywords
decision tree; machine learning; malware; trojan horse; obfuscated-malMem2022;
DOI:
http://doi.org/10.12928/telkomnika.v22i2.25753
Refbacks
There are currently no refbacks.
This work is licensed under a
Creative Commons Attribution-ShareAlike 4.0 International License .
TELKOMNIKA Telecommunication, Computing, Electronics and Control ISSN: 1693-6930, e-ISSN: 2302-9293Universitas Ahmad Dahlan , 4th Campus Jl. Ringroad Selatan, Kragilan, Tamanan, Banguntapan, Bantul, Yogyakarta, Indonesia 55191 Phone: +62 (274) 563515, 511830, 379418, 371120 Fax: +62 274 564604
<div class="statcounter"><a title="Web Analytics" href="http://statcounter.com/" target="_blank"><img class="statcounter" src="//c.statcounter.com/10241713/0/0b6069be/0/" alt="Web Analytics"></a></div> View TELKOMNIKA Stats