WinMal25 Dataset

Obfuscated malware detection is a complex task where classification performance is seriously affected due to the evasion techniques presented in the input software samples. This research follows the novel memory analysis technique to examine features extracted from different RAM snapshots over compromised Windows Virtual Machines. For this, we use the CIC-MalMem-2022 dataset and create a new collection of data that we call WinMal25, which is based on fileless malware. Moreover, we apply the Self-Supervised Learning paradigm directly in the tabular data domain, leveraging the representation learning of massive amounts of unlabeled information to provide a strong generalization capacity to our models. To the best of our knowledge, this is the first work implementing Self-Supervised Tabular Learning for the malware detection problem. The results exhibit proven evidence that Self-Supervised Learning using Tabular Networks outperforms, in terms of detection rate and inference time performance, popular baselines like Multi-layer Perceptron and Random Forest, by 0.36% in accuracy and 1.85% in macro F1 score. The original experimentation detailed herein, encompassing Explainable Artificial Intelligence, yields relevant insights toward a simpler characterization of obfuscated malware and the considerations behind deploying a memory-based antivirus.