Utilizing Gray Wolf Optimization Algorithm in Malware Forensic Investigation

Abstract

Malware forensic investigation plays a critical role in cybersecurity, aiming to unveil malicious activities, decipher their tactics, and bolster defense mechanisms. This article introduces an innovative approach to malware forensic investigation, harnessing the capabilities of the Gray Wolf Optimization (GWO) algorithm in conjunction with a range of machine learning classifiers. These classifiers include naive Bayes, random forests (RF), decision trees, support vector machines, and K-nearest neighbors. The study leverages the CIC-MalMem-2022 dataset, which comprises memory-based data, and employs the Python programming language for model development. Research findings highlight the superiority of the RF classifier, achieving an impressive 75.6% accuracy in a multiclass classification scenario involving 16 classes. Notably, our proposed approach consistently exhibits higher accuracy when compared to existing models applied to different datasets, reaching 99.2% in binary classification. Furthermore, on the same dataset, our model outperforms the competition by achieving 86.34% and 75.64% accuracy in multiclass classification scenarios involving four classes and 16 classes, respectively. These results underscore the promising potential of our proposed model in the domain of malware forensic investigation, particularly when analyzing data extracted from memory. By combining the strength of the GWO algorithm with RF, this study aids in the progression of robust and accurate malware forensic investigation methods, thereby enhancing cybersecurity efforts in an ever-evolving threat landscape.

Received: 20 December 2024 | Revised: 10 March 2025 | Accepted: 3 April 2025

Conflicts of Interest

The authors declare that they have no conflicts of interest to this work.

Data Availability Statement

Data are available on request from the corresponding author upon reasonable request.

Author Contribution Statement

Mosleh Mohammd Abualhaj: Conceptualization, Methodology, Investigation, Writing – original draft, Writing – review & editing, Supervision. Sumaya Al-Khatib: Conceptualization, Software, Validation, Resources, Data curation, Writing – original draft, Visualization. Nida Al Shafi: Software, Validation, Resources, Data curation, Writing – review & editing. Iyas Qaddara: Methodology, Formal analysis, Writing – original draft, Visualization. Abdallah Hyassat: Methodology, Formal analysis.