Unveiling the Efficacy of BERT’s Attention in Memory Obfuscated Malware Detection

Md Mashrur Arifin; Troy Suyehara Tolman; Jyh Haw Yeh

doi:10.1007/978-981-97-9053-1_16

Unveiling the Efficacy of BERT’s Attention in Memory Obfuscated Malware Detection

Md Mashrur Arifin, Troy Suyehara Tolman, Jyh Haw Yeh

Computer Science Department

Boise State University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The study addresses the challenge of detecting obfuscated malware, particularly memory-obfuscated variants, which evade conventional detection methods by targeting a system’s volatile memory. By leveraging transformer-based models, notably BERT, the research demonstrates promising advancements in malware detection. Through data augmentation and rigorous feature selection processes, the study enhances the CIC-MlMem-2022 dataset, improving its quality for training classification models. Comparative analysis with conventional machine learning techniques highlights the superior performance of BERT and DistilBERT, achieving approximately 74% accuracy in classifying malware families. Notably, BERT exhibits exceptional capability in generalizing to unseen malware, achieving a remarkable 100% success rate in categorizing new families. These findings underscore the potential of transformer-based models for effectively detecting obfuscated malware, emphasizing the need for intelligent detection mechanisms in cybersecurity.

Original language	English
Title of host publication	Information Security Practice and Experience - 19th International Conference, ISPEC 2024, Proceedings
Editors	Zhe Xia, Jiageng Chen
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	273-291
Number of pages	19
ISBN (Print)	9789819790524
DOIs	https://doi.org/10.1007/978-981-97-9053-1_16
State	Published - 2025
Event	19th International Conference on Information Security Practice and Experience, ISPEC 2024 - Wuhan, China Duration: 25 Oct 2024 → 27 Oct 2024

Publication series

Name	Lecture Notes in Computer Science
Volume	15053 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	19th International Conference on Information Security Practice and Experience, ISPEC 2024
Country/Territory	China
City	Wuhan
Period	25/10/24 → 27/10/24

Keywords

BERT-based Models
Malware Detection
Memory Obfuscated Malware

Access to Document

10.1007/978-981-97-9053-1_16

Cite this

Arifin, M. M., Tolman, T. S., & Yeh, J. H. (2025). Unveiling the Efficacy of BERT’s Attention in Memory Obfuscated Malware Detection. In Z. Xia, & J. Chen (Eds.), Information Security Practice and Experience - 19th International Conference, ISPEC 2024, Proceedings (pp. 273-291). (Lecture Notes in Computer Science; Vol. 15053 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-97-9053-1_16

Arifin, Md Mashrur ; Tolman, Troy Suyehara ; Yeh, Jyh Haw. / Unveiling the Efficacy of BERT’s Attention in Memory Obfuscated Malware Detection. Information Security Practice and Experience - 19th International Conference, ISPEC 2024, Proceedings. editor / Zhe Xia ; Jiageng Chen. Springer Science and Business Media Deutschland GmbH, 2025. pp. 273-291 (Lecture Notes in Computer Science).

@inproceedings{68878a50c7e447e780f357860b7cfa2a,

title = "Unveiling the Efficacy of BERT{\textquoteright}s Attention in Memory Obfuscated Malware Detection",

abstract = "The study addresses the challenge of detecting obfuscated malware, particularly memory-obfuscated variants, which evade conventional detection methods by targeting a system{\textquoteright}s volatile memory. By leveraging transformer-based models, notably BERT, the research demonstrates promising advancements in malware detection. Through data augmentation and rigorous feature selection processes, the study enhances the CIC-MlMem-2022 dataset, improving its quality for training classification models. Comparative analysis with conventional machine learning techniques highlights the superior performance of BERT and DistilBERT, achieving approximately 74% accuracy in classifying malware families. Notably, BERT exhibits exceptional capability in generalizing to unseen malware, achieving a remarkable 100% success rate in categorizing new families. These findings underscore the potential of transformer-based models for effectively detecting obfuscated malware, emphasizing the need for intelligent detection mechanisms in cybersecurity.",

keywords = "BERT-based Models, Malware Detection, Memory Obfuscated Malware",

author = "Arifin, {Md Mashrur} and Tolman, {Troy Suyehara} and Yeh, {Jyh Haw}",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.; 19th International Conference on Information Security Practice and Experience, ISPEC 2024 ; Conference date: 25-10-2024 Through 27-10-2024",

year = "2025",

doi = "10.1007/978-981-97-9053-1_16",

language = "English",

isbn = "9789819790524",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "273--291",

editor = "Zhe Xia and Jiageng Chen",

booktitle = "Information Security Practice and Experience - 19th International Conference, ISPEC 2024, Proceedings",

address = "Germany",

}

Arifin, MM, Tolman, TS & Yeh, JH 2025, Unveiling the Efficacy of BERT’s Attention in Memory Obfuscated Malware Detection. in Z Xia & J Chen (eds), Information Security Practice and Experience - 19th International Conference, ISPEC 2024, Proceedings. Lecture Notes in Computer Science, vol. 15053 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 273-291, 19th International Conference on Information Security Practice and Experience, ISPEC 2024, Wuhan, China, 25/10/24. https://doi.org/10.1007/978-981-97-9053-1_16

Unveiling the Efficacy of BERT’s Attention in Memory Obfuscated Malware Detection. / Arifin, Md Mashrur; Tolman, Troy Suyehara; Yeh, Jyh Haw.
Information Security Practice and Experience - 19th International Conference, ISPEC 2024, Proceedings. ed. / Zhe Xia; Jiageng Chen. Springer Science and Business Media Deutschland GmbH, 2025. p. 273-291 (Lecture Notes in Computer Science; Vol. 15053 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Unveiling the Efficacy of BERT’s Attention in Memory Obfuscated Malware Detection

AU - Arifin, Md Mashrur

AU - Tolman, Troy Suyehara

AU - Yeh, Jyh Haw

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

PY - 2025

Y1 - 2025

N2 - The study addresses the challenge of detecting obfuscated malware, particularly memory-obfuscated variants, which evade conventional detection methods by targeting a system’s volatile memory. By leveraging transformer-based models, notably BERT, the research demonstrates promising advancements in malware detection. Through data augmentation and rigorous feature selection processes, the study enhances the CIC-MlMem-2022 dataset, improving its quality for training classification models. Comparative analysis with conventional machine learning techniques highlights the superior performance of BERT and DistilBERT, achieving approximately 74% accuracy in classifying malware families. Notably, BERT exhibits exceptional capability in generalizing to unseen malware, achieving a remarkable 100% success rate in categorizing new families. These findings underscore the potential of transformer-based models for effectively detecting obfuscated malware, emphasizing the need for intelligent detection mechanisms in cybersecurity.

AB - The study addresses the challenge of detecting obfuscated malware, particularly memory-obfuscated variants, which evade conventional detection methods by targeting a system’s volatile memory. By leveraging transformer-based models, notably BERT, the research demonstrates promising advancements in malware detection. Through data augmentation and rigorous feature selection processes, the study enhances the CIC-MlMem-2022 dataset, improving its quality for training classification models. Comparative analysis with conventional machine learning techniques highlights the superior performance of BERT and DistilBERT, achieving approximately 74% accuracy in classifying malware families. Notably, BERT exhibits exceptional capability in generalizing to unseen malware, achieving a remarkable 100% success rate in categorizing new families. These findings underscore the potential of transformer-based models for effectively detecting obfuscated malware, emphasizing the need for intelligent detection mechanisms in cybersecurity.

KW - BERT-based Models

KW - Malware Detection

KW - Memory Obfuscated Malware

UR - http://www.scopus.com/inward/record.url?scp=105000434077&partnerID=8YFLogxK

U2 - 10.1007/978-981-97-9053-1_16

DO - 10.1007/978-981-97-9053-1_16

M3 - Conference contribution

AN - SCOPUS:105000434077

SN - 9789819790524

T3 - Lecture Notes in Computer Science

SP - 273

EP - 291

BT - Information Security Practice and Experience - 19th International Conference, ISPEC 2024, Proceedings

A2 - Xia, Zhe

A2 - Chen, Jiageng

PB - Springer Science and Business Media Deutschland GmbH

T2 - 19th International Conference on Information Security Practice and Experience, ISPEC 2024

Y2 - 25 October 2024 through 27 October 2024

ER -

Arifin MM, Tolman TS, Yeh JH. Unveiling the Efficacy of BERT’s Attention in Memory Obfuscated Malware Detection. In Xia Z, Chen J, editors, Information Security Practice and Experience - 19th International Conference, ISPEC 2024, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 273-291. (Lecture Notes in Computer Science). doi: 10.1007/978-981-97-9053-1_16

Unveiling the Efficacy of BERT’s Attention in Memory Obfuscated Malware Detection

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this