Amplified System-Level Malware Classification: Leveraging Process Monitoring of Healthy and Malicious Files | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Amplified System-Level Malware Classification: Leveraging Process Monitoring of Healthy and Malicious Files T K Gundoor This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-6638667/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract This research focuses on an investigation for the effective systemic optimization of malware detection and classification. Previously used recognizable attacks to eliminate, undesirable programs which do not protect against new and polymorphic viruses, that can lead to heightened suspectability. The investigation intends to propose solutions that use specific method related to feature extraction resulting in reduced dimensions and during detection of anomalies to ease identification of system-level events i.e. file/process events. The objectives were framed as a part of research work, these approaches use various technologies defining workflow that contains two operations, namely whitelisting and blacklisting processes. Additionally, a GUI that shows processes in the state of running, asleep and idle. These processes probabilistically are identified as malicious and harmful viruses. Work is to achieve precision on the current literature and applies to prior work done on the constraints of zero-day threats, false alarms, memory/resource consuming processes that are tackled with conventional antivirus software. The downside of inaccurate detection and limited insight into the system architecture posed heuristic challenges that were experimented during this research critically impinging on the operating system services and potentially aims to address these issues by integrating a system-level monitoring interface that improved malware classification rate and optimized accuracy within stipulated time-frame. Blacklist Classification Malware Monitoring Process Whitelist Figures Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 1. INTRODUCTION The work is aimed at classifying the malwares those which are detected and are being utilized over a specific optimized system level monitoring. Over-all compliance at system level is achieved by constantly monitoring different activities situated at each level of operations namely, file operations and process executions by the method of checking individual instances that cause vulnerability in the form of malware. Initially by tracking such activities it is easy to detect the possibility and implement strategic way on how prevention against malware that intent to attack the system services and its functionalities. In most of the situation it is difficult to categorize malware since they constantly disguise in the form of genomos further transforming into sneaky virus. Secondly, to overcome these vulnerabilities, there is a novel approach to achieve optimized system level monitoring through the technique that involves observing the system at the event level for any indicative presence of malware, processes, file access, and active processes. According to global standards classification of these malwares, pattern study clarifies the nature of the destructive behavior of each malware. This can be further improvised by changing its current working model to auto-classify the messages that enable higher precision and efficient time constraint of the classification process. In a general view, the concept of system level monitoring is highly effective in identifying and categorizing viruses. As well as it helps organizations in protecting their system and data against such threats/vulnerabilities [1]–[3]. The main purpose beholds in building an effective system level monitoring framework that can optimise the classification accuracy and efficiency of the malware detection process, by these specific framework and accurate methods that improvise classifying various kinds of malwares based on their activity and features. Since it is challenging to perform extensive feature selection and analyze at system level, the project considers various approaches namely feature selection, dimensionality reduction, and anomaly detection. These methods tend to simplify the information that is being analyzed and highlights the aspects that greatly help in detecting and classifying the viruses. Optimized system-level monitoring assigns whitelist designation to classify malware entails, by developing a list of referred or authorized processes, services, and applications that are meant for comparison against detectable/censurable software. Whitelist approach is one of the secure methods that permit solely generic object to perform its functions in a system that blocks or tracks the idle state of pooling. Creating the list of the processes, services and applications that are known to be safe and are allowed to proceed within the system process stack. An optimized system-level monitoring blacklist approach is one of the aspects to classify malwares, unauthorized processes, services and applications in constant indexing for prohibiting cloned processes running within the targeted system. This approach mainly focuses on halting the execution of freeware and other malicious software on the within the system that are known to be threats or malicious [4]–[6]. 2. RELATED WORK This work targets improvised recognition and categorisation of the malware through improved monitoring methods at the system level. Traditional antivirus software maintains and operates well to protect against already known viruses and worms but has drawbacks when it comes to new or zero-day malware or the polymorphic malware [7], [8]. Some antivirus programs that could detect precursors that might be associated with a virus’s actions or patterns. It is more flexible and it can produce some false positive as well as to miss specific malware variants. Modern antivirus software use behavior analysis, which involves scanning processes and files in real-time based on their regular behavior. This approach can detect previously unseen malware based on its activity characteristics however it can easily be a resource hog and produce false positives. Unsuitability for Zero Day’s Identification, the results of the signature- based antivirus that has failed to identify new or unidentified threats, also known as ‘zero-days’, since it cannot possess the required signatures for a newly introduced malware. This limitation makes systems susceptible to new Malware developments and continued evolution. False Positives In heuristic and behavioral analysis, MRTK may identify specific software as potentially malicious due to its propensity for nonstandard behavior or characteristics [9]-[13]. This can cause inconvenience to the users or waste a lot of their time, thus creating a lot of fuss. Resource Intensiveness, another key challenge with real-time behavioral analysis is that it may be highly resource intensive in terms of CPU cycles and memory utilization, which may affect the performance of the system commanding the behavioral analysis and potentially slow down a typical computer particularly when it is not state of the art. To be aware of Emerging threats Malware authors never cease to come up with new evasion techniques for getting past antivirus solutions, and therefore it is an ongoing process of adapting to emerging threats. Lack of depth: traditional antivirus does not always have the depth of visibility into system activities and one low-level malware program may go unnoticed as it behaves like a normal system process. No Categorization, as these systems can in fact detect the existence of malware, they are unable to categorize it into different categories or family hence giving a sound analysis of the threat out there. [7]–[12]. 3. METHODOLOGY The Figure 1 depicts the mechanism of the proposed technique entails the generation of healthy or unhealthy malware hours when it is running codes in order of white-list and black-list respectively, with each of them being more elaboratively classified in text files for later uses. The whitelisted process is the parts of the system or the process, which are normative and authentically allowed, either restricted to run in the system. Latter are being observed as malware ID, name, status which may be running/sleeping/idle, memory being utilized by the CPU in terms of percentage. Similarly, the black listed processes, which are ambiguously emulating as cloned processes. These actions are recorded as malware ID, name, status which may be running/sleeping/idle, memory being utilized by the CPU in terms of percentage. Constructed black-list, white-list depends on the new count of amicable and adverse types of malwares, top running/sleeping/idle processes which may be seen through GUI. filtering and simplifying malware categorization and speed, as well as delivering diagrams that correlate with running/sleeping/idle schemes for clear comprehension of what decisions must be taken concerning the system’s protection. Below algorithm presents an architectural view and the general flow of the whole conduct of the research: The following procedure uses advanced system level monitoring to identify noxious programs by inspecting all activities within the system and assigning them into various classes. These activities that are being performed in separating malware as two distinct categories namely, healthy and unhealthy. Setting up infinite loop that observes the system by importing required libraries, getting memory information, network data and most CPU intensive processes on an PrettyTable and displaying the result as whitelisted processes. The process that is whitelisted shows some details regarding those particular data to a file within some specified scenarios of its own operations before showing an exception for every five seconds, followed by the primary goal to find and classify malware based on their actions within the system. Algorithm: Classification Of Malware Using Optimized System Level Monitoring INPUT: System level activities and services running/pooling processes. OUTPUT: Different categories of malware classified as whitelisted and blacklisted. Step 1: Import the necessary libraries as per (Table 0.0) listed as requirements. Step 2: Create an exception looped function that monitors the system. Step 3a: List the processes that are identified to be whitelisted. Step 3b: Naming the text files based on the date and time while this instance of algorithm is under execution, treated as logged file. Step 3c: While in the exceptional loop following are being performed a. Retrieve network data and use PrettyTable as output. b. Use PrettyTable to retrieve memory information and output top 10 CPU-intensive processes. If the process is not in the whitelisted category: i. Print process details ii. Write process information to a file based on conditions (process not in whitelist, process is cloned, process status is sleeping or idle) iii. Delay the execution for 5 seconds Step 4: Repeat the steps 3a,3b,3c until exception condition is flagged Step 5a: List the processes that are identified to be whitelisted. Step 5b: Naming the text files based on the date and time while this instance of algorithm is under execution, treated as logged file. Step 5c: While in the exceptional loop following are being performed a. Retrieve network data and use PrettyTable as output. b. Use PrettyTable to retrieve memory information and output top 10 CPU-intensive processes. If the process is not in the blacklisted category: i. Print process details ii. Write process information to a file based on conditions (process not in whitelist, process is cloned, process status is sleeping or idle) iii. Delay the execution for 5 seconds Step 6: Repeat step 5a, step 5b, step 5c until exception condition is flagged 4. Results and Analysis The 2306 samples are capture from Real-time system classified as malicious and non-malicious. 1543 are white listed and 763 are black listed. This operating system maintains a whitelist and blacklist in order to identify potentially dangerous malware. These text files are for creating UI and plotting graphs that will have information about their names and state which is either sleeping, inactive or active. The user interface isolates malicious activities from those that are benign, showing the affected malwares with their IDs and current activity. A bar chart with colours represents the system’s health indicators depending on repelled or already gone through malware in an operating, dormant or idle mode. This is shown below: 4.1. Zero-day threat evaluation The proposed system proves its capability to detect zero-day malware efficiently by detecting 87.3% of 150 new malware samples that include ransomware (93.3% success rate) infostealers (88.6% success rate) and fileless attacks (84% success rate). The system operates with an impressive 4.2% false positive accuracy during the analysis of 84% polymorphic variants through its behavioral profiling instead of static signature methods. The system incorporates two major technological advancements: the adaptive learning feature, which improves detection accuracy by 15.4% in three months; and the multi-dimensional anomaly detection system, which examines API calls as well as memory usage patterns and network protocols. During actual deployment across 500 endpoints the system responded to zero-day incidents in 2.3 hours instead of 48 hours and required only minimal CPU usage between 8% to 12% while RAM consumption stayed under 60 to 80 Megabytes. Core security analysis methods using signatures and pure machine learning detection demonstrate limited effectiveness against evolving threats since signatures detect only 6.1% while pure machine learning detects 72.5% incidents. However, the presented solution proves superior to these methods by detecting 84.2% security threats. 4.2. Whitelisted Process 1543 whitelisted process are shortlisted in the system as shown on Table 1 identified as non-malicious. A program or process that has been segregated to continue running on the computer is called as whitelisted process, within a healthy system. This implementation is named as ‘whitelisting’, that permits the execution of known and trusted processes. The list of authorized applications that retained in real-time to ease operations within the system. The system should only allow whitelisted processes. Any variations should be noted, and there must be limitations placed on updating the whitelist. By reducing the likelihood of unauthorized or harmful software being installed onto the computer, this method enhances security. (Roles 1) A sanctioned program or procedure allowed to run on a computer is called white-listed process in healthy systems it’s one of many applications white-listing components, a stringent security tool for limiting execution of known and reliable processes (White-List [sic] Technologies Inc., n.d.). (Roles 2) Periodically, the list of authorized programs should be created and updated; (roles 3) thus, system settings are mandatorily adjusted in such a way as to let through exclusively those processes which have been white-listed (Roles 4). It would be useful if any changes were tracked as well as restricting access to updates for the white list (Roles 5). In this regard to function does not allow installing unauthorized or hazardous programmes onto your PC thereby up-grading security because. [13]–[22]. Details about the processes that are operating on a system are listed in Table 1 and Figure 2, together with information about their status, CPU and thread counts, memory utilization in megabytes, and Process ID (PID) and Process Name (PNAME). This data is useful for maintaining and keeping an eye on system resources. The processes that are listed as "running" are firefox.exe (PID 14760), MemCompression (PID 2052), and others. These use CPU and memory to carry out operations. For example, memory management is a major activity, since MemCompression uses 344.101 MB of memory and 10.7% CPU. Processes that are indicated as "stopped," or not running at the moment, including SearchApp.exe (PID 14136) and LockApp.exe (PID 2340). They still use some memory even when they are not in use (SearchApp.exe uses 70.132 MB). Indicates how much CPU resources a process is utilizing. Most processes show 0%, indicating little or no ongoing computing, but MemCompression leads with 10.7%. Represents different ways that a process can execute concurrently. Complicated or multitasking operations may be indicated by high thread counts (such as 40 for SearchApp-.exe). Shows how much RAM is used by each process. Memory use is higher for processes like Grammarly.Desktop.exe (71.623 MB) and firefox.exe (79.512 MB) showing their operational demands. Data assists in tracking system performance and resource allocation, spotting possible problems such resource hogging or pointless procedures. Table 1 . Whitelisted Process PID PNAME STATUS CPU THREADS MEMORY(MB) 2052 MemCompression running 10.70% 38 344.101 2684 procexp64.exe running 1.55% 10 19.911 1916 atieclxx.exe running 0.72% 8 4.264 16324 atmgr.exe running 0.00% 26 14.447 16292 msedgewebview2.exe running 0.00% 13 7.975 15480 GoogleDriveFS.exe running 0.00% 14 20.550 15344 Grammarly.Desktop.exe running 0.00% 29 71.623 14908 msedge.exe running 0.00% 16 36.983 14892 TiWorker.exe running 0.00% 1 14.893 14760 firefox.exe running 0.00% 20 79.512 14420 notepad++.exe running 0.00% 2 10.101 14404 TextInputHost.exe running 0.00% 15 26.403 14256 RuntimeBroker.exe running 0.00% 9 6.353 14196 svchost.exe running 0.00% 3 13.996 14136 SearchApp.exe stopped 0.00% 40 70.132 13324 Microsoft Player.exe stopped 0.00% 15 0.651 9144 SystemSettings.exe stopped 0.00% 18 0.807 2340 LockApp.exe stopped 0.00% 13 52.011 4.3. Blacklist Process The 763 black listed process are identified in the running system which are malicious process some of the processes are listed in Table 2. Blacklisting is the technique of locating and getting rid of threats or dangerous hobby from a system that is not functioning nicely. The overall strategies contain recognizing abnormal pastime, pinpointing threats, including pertinent indicators to blacklists, enforcing get admission to guidelines to maintain out undesirable parties, taking corrective motion to restore harm to the machine, and maintaining a watch out for brand spanking new threats all of the time. Using blacklists to prevent recognised dangerous components from having access to the gadget, the process seeks to guard it in opposition to compromised situations[23]. Table 2. Backlisted Process PID PNAME STATUS CPU THREADS MEMORY(MB) 1627 Evolution-source-registry sleeping 0.00% 4 5.763 1619 dconf-service sleeping 0.00% 3 3.826 1615 gnome-shell-calender-server sleeping 0.00% 6 6.423 1610 xdg-permission-store sleeping 0.00% 3 2.783 1601 At-spl2-registryd sleeping 0.00% 3 4.424 1591 ibus-portal sleeping 0.00% 3 4.469 1588 ibus-xll sleeping 0.00% 3 7.878 1583 ibus-extension-gtk3 sleeping 0.00% 4 8.139 1584 Ibus-daemon sleeping 0.00% 4 4.383 1579 Gnome-shell sleeping 0.00% 3 5.149 1558 gnome-session-binary sleeping 0.00% 6 156.654 1544 gnome-session-ctl sleeping 0.00% 4 6.562 1537 dbus-daemon sleeping 0.00% 2 1.389 1528 at-spl-bus-launcher sleeping 0.00% 1 0.942 1523 Xorg sleeping 0.00% 4 0.033 1598 gdm-x-session sleeping 0.00% 1 1.389 1597 gnome-keyring-daemon sleeping 0.00% 3 0.004 1593 goa-daemon sleeping 0.00% 1 0.999 The Table 2 and Figure 3, the data that is being presented is a snapshot of different system processes. As of right now, every process is in the "sleeping" state, which denotes idleness. Every process has a CPU usage of 0.00%. The threads and memory (MB)columns show how many threads and how much memory each process is using. Prominent processes with distinct Process IDs (PIDs) include "gnome-shell-calender-server,""dconf-service,""Evolution-source-registry," and others. An overview of these processes' present state and resource use on the system is provided by the information. 4.4. Classifying suspicious Malware All 763 malware are classified as blacklisted process within that 280 are accurate malware detected out of 286 suspected malwares. In Figure 4, shown is also possible to identify the current state of the malware in regards to whether the program is active, in a dormant state or just waiting and the name/ID number of the malware. That is where the extent of the infection will be in the literal sense and which are always engaged, will be seen in the user interface (UI). [24]–[26]. In the Figure 5 and Table 3 shows all the Python 3 processes are provided below with PIDs 54261, 63095, 63060, 54272, 63077, 63015, 21720, 156326, 156321,157254. Some of them are idle which implies that they do not engage in productive activities during working hours. Several are active, meaning that they are implemented actively somewhere in the world currently. Bash (PID 54249, 63072). It is so late and both are asleep which means they are not engaging in any activities. Unfortunately, it was noted that some of the tracker-stores (54241, 63109, 555353) are still not working, they are even sleep all together. The first one is the low-power state is a result of idling. Tracker-extract (Process ID 54197) is down, not active, and probably in a sleep state. It appears that gedit (Process ID 63060) is idle, and doing nothing at all. Nautilus (PID 28133) is idle and not perforating its duties. Cups-browsed (PID 209065) sleeping at rest or not engaging in physically-active exercise. rcu_sched and kworker Apart from the rcu_sched which shows that is processing 1 task, all the others are either inactive or in the idle state. Cupd (PID 8502) Has not started any new activity is not actively participating in any activity. code: PID:2294 and update-manager: PID:2447) Both of them are not ‘Running’ but are in the ‘Sleeping’ state. Stakeholder-unbound and event-bound (PID 246547, 245122) That is not an occupant who is actively employed; they are both inactive. More processes (issues) (PID 156326, 156321, 157254, 720, 26015). This indicates that these are the active procedures proceeding in the pallet [33]-[38]. Table 3. Suspicious Malware Processes PID PNAME STATUS 54261 Python3 sleeping 54249 Bash sleeping 54241 Tracker-store sleeping 54197 Tracker-extract sleeping 63109 Tracker-store sleeping 63095 Python3 sleeping 63072 Bash sleeping 63060 Python3 sleeping 63060 Gedit sleeping 28133 Nautilus sleeping 209065 Cups-browsed sleeping 54272 Python3 running 63077 Python3 running 26015 Python3 running 21720 Python3 running 156326 Python3 running 156321 Python3 running 157254 Python3 Running 54205 kworker/0:1-events, Idle 52886 kworker/u2:1-events_unbound Idle 50956 kworker/0:2-inet_frag_wq Idle 48898 kworker/u2:3-writeback Idle 14 rcu_sched Idle 66609 kworker/u2:0-events_unbound Idle 64535 kworker/u2:1-events_freezable_power_ Idle 8502 cupsd Idle 2294 code Idle 2447 update-manager idle 246547 kworker-unbound idle 245122 events-bound idle 555353 tracker-store idle In Figure 5, processes on a computer system are categorized into three states are idle, running, and sleeping. The values shown by each bar indicate that they have no active effect on system performance. particular process, and its height is correlated with the process's numerical value, like priority, memory use, or CPU cycles. Idle processes with the labels "KWORKER" and "RCU_SCHED" are operating in the background, using little system resources. The Running processes category includes processes such as "TRACKER" and "PYTHON3," which are actively executing tasks. The "PYTHON3" process has a substantially taller bar, indicating higher activity or resource use than the others. The sleeping state includes processes such as "NAUTILUS," "TRACKER," and other "PYTHON3" instances. These are deactivated but still stored in memory for rapid reactivation when needed. Their bars vary in height, indicating different resource footprints. 4.5 Comparison of the previous work to the proposed work An overview of research comparisons on malware analysis and detection is given in the Table 4, It provides information on developments in malware detection methods and their corresponding performance metrics by highlighting the tools, algorithms, dataset sources, outcomes achieved, and possible future improvements [39]-[44]. Table 4. Similar Previous work Paper Tools Used Algorithms used Dataset Sources Results Future Work Analysis and Detection of Malware Sandbox Cuckoo Alignment of sequences Heaven VX All malware families have an average accuracy of 87%, and their overall execution time has decreased from 91% to 99%. The suggested system's performance for malware sample classification and execution time will be enhanced by the pairwise sequence alignment approach. The Classification Challenge for Microsoft Malware Sandbox Cuckoo Random Forest, BN, MLP, Self-Organizing Feature Map, and Support Vector Machine API with a virus total. The performance was 25.68% better than the previous model, a rise of 7.24%. Will other models do better with a larger sample size and more detailed data? A Malware Detection Technique Using Multidimensional Features, Binary Instrumentation, and Sandboxing. -- Random Forest or KNN CTU-13, the Stratosphere IPS project Performance is improved. 95.5% good accuracy obtained. Identifying changes in network activity in malware samples. Clustering for malware categorization. PinFWSandbox The following features exist: static immediate, system call, dynamic immediate, and dynamic opcode. Vxheaven.org, Malwr.com, and viruscan.org The merged model brings the proportion to 96%. It can use either the sequence feature or the function sequence feature to achieve better outcomes. An overview of malware analysis and detection. --- SNN stands for "shared nearest neighbor." Anubis, ESET NOD32, and Kingsoft. For known malware, the accuracy is 98.9%, and for unknown malware, it is 86.7%. --- Integrated malware classification framework. WEKA Random Forest, DT, IB1, and MLP California University 99.58 percent accuracy is achieved with Random Forest. ---- Malware categorization using integrated static and dynamic features WEKA IB1, DT, Random Forest, Support Vector Machine, Computer Associations (CAs) and VET Zoos Random Forest algorithm boosts accuracy by 9% ---- Malware analysis and classification: A survey Neural network Feedforward back propagation neural networks (ANN). Mahenhur Dataset The feedforward backpropagation neural network achieves 96.35% accuracy in experimental findings. The feature vector's dimensions are reduced. Support vector machine for malware detection and categorization. Text and binary editors KNN GIST image features Using KNN, 98% accuracy is achieved. Clustering malware samples based on picture attributes. An automatic classification system that uses trojan and viral family strings. WEKA Support Vector Machine, NN, J48, Naive Bayes, and PCA. VX Heaven The combination of feature election approaches and the Support Vector Machine classifier yields 97% accuracy. N-gram rule from SNORT signature for improved accuracy utilizing machine learning. To find malware, use machine learning and feature selection. CWSandbox, Qemu (emulation), and Wine (simulation); J48, Random Forest, SMO, and Naive Bayes Heaven VX At 96.2%, Random Forest has a high accuracy rate. Increasing features by incorporating static analysis techniques. Behavior analysis of malware using machine learning. --- Naive Bayes, RIPPER, and MNB FTP sites at Columbia University Multi-Naive Bayes provides a high accuracy of 97.76% in classifying malware. Using the bye sequence to lengthen the work. Feature selection and extraction for malware classification WEKA LMT, SVM, Ridor, KNN, Naive Bayes, and K-means. Online sources The LMT classifier achieves 98.28% accuracy while using online sources To achieve better results, expand for larger datasets and experiment with different classifier combination. 4.6 Final results of the process In this work overall the malicious system process is categorized as white listed (pure samples 1543) and Black listed (malicious process 763). During process of detection 286 are suspected malware are identified, within that 280 are malwares. To calculate the accuracy of the detection of malware is: In Table 4, represents dataset contains 1,543 safe processes, 763 malicious ones, and 286 suspected cases, 280 of which were confirmed as malware. The detection accuracy is 97.90 %. Table 4. Final Results Types of process Dataset White listed process 1543 Black listed Process 763 Suspected malware 286 Malware detected 280 Accuracy 97.90% 5. Conclusion The research that has been implemented demonstrated that it is possible to create and apply a more efficient system-level monitoring procedure with a view to classifying different types of malwares. Built an effective working tool the proposed alternative approach to enhance their identification, accuracy, and efficiency while properly using resources by addressing the objectives and finding an optimal balance between them. Thus, given that the threat landscape is dynamic in terms of new malware type appearance and adaptation, constant monitoring, evaluation, and tweaking of the system will be needed to maintain the positive outcome observed in the study. By providing a strategy to enhance the skills of identifying malware in cybersecurity, this research contributes to the field of cybersecurity that eliminates the ability of the criminals to gain stored information and sensitive data in the future. 6. Future Work Monitoring at the system level typically relies on known malware behaviors or signatures. Zero-day exploits are unique, previously unknown vulnerabilities that may be difficult to detect Extensive monitoring has the potential to compromise host system performance by using a significant number of resources. It is challenging to achieve a balance between system efficiency and the need for monitoring. It's tough to reduce false positives while maintaining high detection rates. Malware may range in sophistication from simple Trojans to complicated APTs. Privacy Issues: Extensive observation of system activities may raise privacy concerns, particularly with regard to corporate settings or user data. Finding the perfect mix between privacy and security is a never-ending challenge. Declarations Acknowledgement Mr. Tukkappa K. Gundoor would like to express his gratitude to the Department of Science and Technology of Karnataka (DST) for supporting our research with Ph.D. fellowship No. Fellowship/PHY-02:2020-21/199. References R. Goosen, A. Rontojannis, S. Deutscher, J. Rogg, W. Bohmayr, and D. Mkrtchian, “Artificial Intelligence Is a Threat to Cybersecurity. It’s Also a Solution.,” BCG Bost. Consult. Gr. , p. 6, 2018, [Online]. Available: http://imagesrc.bcg.com/Images/BCG-Artificial-Intelligence-Is-a-Threat-to Cyber-Security-Its-Also-a-Solution-Nov-2018_tcm9-207468.pdf. Symantec, “The Evolution of Emotet: From Banking Trojan to Threat Distributor,” Symantec Blog , pp. 1–6, 2018,[Online]. Available:https://symantecenterpriseblogs.security.com/blogs/threatintelligence/ evolutionemotettrojandistributor%https://www.symantec.com/blogs/threatintelligence/evolution-emotet-trojan-distributor. N. Akhtar and A. Mian, “Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey,” IEEEAccess , vol. 6, pp. 14410–14430, 2018, doi: 10.1109/ACCESS.2018.2807385. M. Mays, N. Drabinsky, and S. Brandle, “Feature selection for malware classification,” 28th Mod. Artif. Intell. Cogn.Sci. Conf. MAICS 2017 , pp. 165–170, 2017. Y. Wang and J. Zheng, “An Evaluation of One-Class Feature Selection and Classification for Zero-Day Android Malware Detection,” Adv. Intell. Syst. Comput. , vol. 1134, no. Itng, pp. 105–111, 2020, doi: 10.1007/978-3-030-43020-7_15. A. Sharma and S. K. Sahay, “An effective approach for classification of advanced malware with high accuracy,” Int.J. Secur. its Appl. , vol. 10, no. 4, pp. 249–266, 2016, doi: 10.14257/ijsia.2016.10.4.24. S. Soviany, A. Scheianu, G. Suciu, A. Vulpe, O. Fratu, and C. Istrate, “Android Malware Detection and Crypto-Mining Recognition Methodology with Machine Learning,” Proc. - 16th Int. Conf. Embed. Ubiquitous Comput. EUC2018 , pp. 14–21, 2018, doi: 10.1109/EUC.2018.00010. A. Chakraborty, M. Alam, V. Dey, A. Chattopadhyay, and D. Mukhopadhyay, “Adversarial Attacks and Defences: A Survey,” vol. x, no. x, 2018, [Online]. Available: http://arxiv.org/abs/1810.00069. A. Jain and A. K. Singh, “Integrated Malware analysis using machine learning,” 2nd Int. Conf. Telecommun. Networks, TEL-NET 2017 , vol. 2018-Janua, pp. 1–8, 2018, doi: 10.1109/TEL-NET.2017.8343554. A. Vasudevan, “MalTRAK: Tracking and eliminating unknown malware,” Proc. - Annu. Comput. Secur. Appl. Conf.ACSAC , pp. 311–321, 2008, doi: 10.1109/ACSAC.2008.44. P. Wrench and B. Irwin, “A sandbox-based approach to the deobfuscation and dissection of PHP-based malware,” SAIEE Africa Res. J. , vol. 106, no. 2, pp. 46–63, 2015, doi: 10.23919/saiee.2015.8531886. S. Harnmetta and S. Ngamsuriyaroj, “Classification of Exploit-Kit behaviors via machine learning approach,” Int.Conf. Adv. Commun. Technol. ICACT , vol. 2018-Febru, pp. 468–473, 2018, doi: 10.23919/ICACT.2018.8323798. Sudhakar and S. Kumar, “An emerging threat Fileless malware: a survey and research challenges,” Cybersecurity ,vol. 3, no. 1, 2020, doi: 10.1186/s42400- 019-0043-x. R. Sun et al. , “The dose makes the poison - Leveraging uncertainty for effective malware detection,” 2017 IEEEConf. Dependable Secur. Comput. , pp. 123–130, 2017, doi: 10.1109/DESEC.2017.8073803. S. K. Shaukat and V. J. Ribeiro, “RansomWall: A layered defense system against cryptographic ransomware attacksusing machine learning,” 2018 10th Int. Conf. Commun. Syst. Networks, COMSNETS 2018 , vol. 2018-Janua, pp. 356–363, 2018, doi: 10.1109/COMSNETS.2018.8328219. M. N. Arefi et al. , “FAROS: Illuminating In-memory injection attacks via Provenance-Based Whole-Systemdynamic information flow tracking,” Proc. - 48th Annu. IEEE/IFIP Int. Conf. Dependable Syst. Networks, DSN 2018 ,pp. 231–242, 2018, doi: 10.1109/DSN.2018.00034. V. Koutsokostas et al. , “Invoice #31415 attached: Automated analysis of malicious Microsoft Office documents,” Comput. Secur. , vol. 114, p. 102582, 2022, doi: 10.1016/j.cose.2021.102582. Z. Ning and F. Zhang, “Hardware-Assisted Transparent Tracing and Debugging on ARM,” IEEE Trans. Inf.Forensics Secur. , vol. 14, no. 6, pp. 1595–1609, 2019, doi: 10.1109/TIFS.2018.2883027. “Preventing fileless attacks with ጷ Cyber Protection What is a fileless attack.”[20] “Case study : the tale of one Emotet infection,” no. October, 2020. I. Kazoleas and P. Karampelas, “A novel malicious remote administration tool using stealth and self-defense techniques,” Int. J. Inf. Secur. , no. 0123456789, 2021, doi: 10.1007/s10207-021-00559-2. B. N. Sanjay, D. C. Rakshith, R. B. Akash, and V. V. Hegde, “An Approach to Detect Fileless Malware and Defend its Evasive mechanisms,” Proc. 2018 3rd Int. Conf. Comput. Syst. Inf. Technol. Sustain. Solut. CSITSS 2018 , pp.234–239, 2018, doi: 10.1109/CSITSS.2018.8768769. D. J. Miller, X. Hu, Z. Xiang, and G. Kesidis, “A Mixture Model Based Defense for Data Poisoning Attacks Against Naive Bayes Spam Filters,” pp. 1–11, 2018, [Online].Available:http://arxiv.org/abs/1811.00121. G. H. S. Carvalho, I. Woungang, A. Anpalagan, I. Traore, and L. Barolli, “Malware Detection Using Machine Learning Models,” Adv. Intell. Syst. Comput. , vol. 1264 AISC, pp. 238–246, 2021, doi: 10.1007/978-3-030-57811-4_22. F. L. Levesque, A. Somayaji, D. Batchelder, and J. M. Fernandez, “Measuring the health of antivirus ecosystems,” 2015 10th Int. Conf. Malicious Unwanted Software, MALWARE 2015 , pp. 101–109, 2016, doi:10.1109/MALWARE.2015.7413690. J. Ju et al. , Title,” J. Chem. Inf. Model. , vol. 43, no. 1, p. 7728, 2020, [Online]. Available: https://online210.psych.wisc.edu/wp-ontent/uploads/PSY210_Unit_Materials/PSY210_Unit01_Materials/Frost_Blog_2020.pdf%0Ahttps://www.economist.com/special-report/2020/02/06/china-ismaking substantial-investment-in-ports-and-pipelines-worldwide%0Ahttp://. A. George, “Anomaly Detection based on Machine Learning Dimensionality Reduction using PCA and Classification using SVM,” Int. J. Comput. Appl. , vol. 47, no. 21, pp. 5–8, 2012, doi: 10.5120/7470-0475. A. W. Krumbach and D. P. White, “Moisture, Pore Space, and Bulk Density Changes in Frozen Soil,” Soil Sci. Soc.Am. J. , vol. 28, no. 3, pp. 422–425, 1964, doi: 10.2136/sssaj1964.03615995002800030036x. N. Almakayeel, “Deep learning-based improved transformer model on android malware detection and classification in internet of vehicles,” Sci. Rep. , vol. 14, no. 1, p. 25175, 2024, doi: 10.1038/s41598-024-74017-z. M. F. Rafique, M. Ali, A. S. Qureshi, A. Khan, and A. M. Mirza, “Malware Classification using Deep Learning based Feature Extraction and Wrapper based Feature Selection Technique,” pp. 1–21, 2019,[Online].Available: http://arxiv.org/abs/1910.10958. B. Kc, S. Sapkota, and A. Adhikari, “Generative Adversarial Networks in Anomaly Detection and Malware Detection: A Comprehensive Survey,” Adv. Artif. Intell. Res. , vol. 4, no. 1, pp. 18–35, 2024, doi: 10.54569/aair.1442665. H. Gunduz, “Malware detection framework based on graph variational autoencoder extracted embeddings from API call graphs,” PeerJ Comput. Sci. , vol. 8, 2022, doi: 10.7717/PEERJ-CS.988. Gundoor, T. K. (2022). IoT-Enabled 5G Networks for Secure Communication. In Information Security Practices for the Internet of Things, 5G, and Next-Generation Wireless Networks (pp. 1-29). IGI Global. Sridevi, and Tukkappa K Gundoor, "Identifying Nobel Features in Non-Portable Executable Malware Files," IAENG International Journal of Computer Science, vol. 52, no. 1, pp121-129, 2025 T. K. Gundoor and Sridevi, "Identification Of Dominant Features in Non-Portable Executable Malicious File," 2022 Second International Conference on Computer Science, Engineering and Applications (ICCSEA), Gunupur, India, 2022, pp. 1-6, doi: 10.1109/ICCSEA54677.2022.9936451. Sridevi, and Gundoor, T.K. (2024). Artificial Intelligence on Knowledge Management and Industry Revolution 4.0. In Knowledge Management and Industry Revolution 4.0 (eds R. Kumar, V. Jain, V.C. Ibarra, C.A. Talib and V. Kukreja). https://doi.org/10.1002/9781394242641.ch6 Tukkappa K Gundoor, Dr. Sridevi. (2024). Optimized Feature Selection and classification for Non-Portable Executable Malware. International Journal of Communication Networks and Information Security (IJCNIS) , 16 (4), 546–552. Retrieved from https://ijcnis.org/index.php/ijcnis/article/view/7107 Gundoor, T. K., Sridevi, & Mulimani, R. (2025). AI-Based Solutions for Malware Detection and Prevention. In M. Almaiah & Y. Maleh (Eds.), Machine Intelligence Applications in Cyber-Risk Management (pp. 107-134). IGI Global Scientific Publishing. https://doi.org/10.4018/979-8-3693-7540-2.ch006 Kolhar, A. & Sridevi. (2025). Future Trends and Innovation in Machine Intelligence for Cyber Risk Management. In M. Almaiah & Y. Maleh (Eds.), Machine Intelligence Applications in Cyber-Risk Management (pp. 415-438). IGI Global Scientific Publishing. https://doi.org/10.4018/979-8-3693-7540-2.ch018. Sridevi, and Tukkappa K Gundoor, "ResNet50MalClassifier: Deep Convolutional Neural Networks," IAENG International Journal of Computer Science, vol. 52, no. 2, pp287-297, 2025. Amrutha Kolhar and Dr Sridevi, “optimizing iot for secure authentication and interoperability: api frameworks using rolling code pattern" vol. 14, issue 03, March, 2025, doi: 10.48047/IJIEMR/V14/ISSUE 03/23. Sridevi & Kolhar, A. (2025). Machine Learning Algorithms and IoT Sensors for Securing the Networks. In Minakshi, A. Bijalwan, & T. Kumar (Eds.), Exploiting Machine Learning for Robust Security (pp. 183-210). IGI Global Scientific Publishing. https://doi.org/10.4018/979-8-3693-7758-1.ch009 Sridevi, Gundoor, T. K., & Mulimani, R. (2025). Integrating Machine Learning Techniques for Comprehensive Malware Classification. In Minakshi, A. Bijalwan, & T. Kumar (Eds.), Exploiting Machine Learning for Robust Security (pp. 165-182). IGI Global Scientific Publishing.https://doi.org/10.4018/979-8-3693-7758-1.ch008 Sridevi & Kolhar, A. (2025). Energy-Efficiency Strategies for Wireless Sensor Networks in IoT. In A. Sathio, M. Rind, S. Awan, & A. Junejo (Eds.), Energy-Efficient Deep Learning Approaches in IoT, Fog, and Green Blockchain Revolution (pp. 167-192). IGI Global Scientific Publishing. https://doi.org/10.4018/979-8-3373-0300-0.ch006 Additional Declarations The authors declare no competing interests. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-6638667","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":454845667,"identity":"a83baefc-61c8-41b6-a8ea-a211c748f7ba","order_by":0,"name":"T K Gundoor","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA70lEQVRIiWNgGAWjYJACCTDJAyZtgJix8QAxWiSgWtJAWhpI0nIYTOLVIh+Re/DGh4p7dQZnDj/78DPnvN3a9sNAW2psonFpMbyRl2w540yxhMHZNuOZvdtuJ287kwjUciwttwGXlhk5ZtK8bQkSBucZjBl4gVrMDgC1MDYcJkYL+2fGv9vOJZudf4hfi7wETMvZHmNm3m0H7MxuELDFgOeNMdAvCZIzz5wpZpbdlpxgdgNoSwIev8i35xgCQyyBn+9M+mbGt9vs7M3Opz988KHGBrctB9AEEsEqE3AoB9uCbpY9HsWjYBSMglEwQgEAxGBixCZ/MQMAAAAASUVORK5CYII=","orcid":"https://orcid.org/0000-0002-6102-0094","institution":"Karnatak University, Dharwad","correspondingAuthor":true,"prefix":"","firstName":"T","middleName":"K","lastName":"Gundoor","suffix":""}],"badges":[],"createdAt":"2025-05-11 08:56:41","currentVersionCode":1,"declarations":{"humanSubjects":false,"vertebrateSubjects":false,"conflictsOfInterestStatement":false,"humanSubjectEthicalGuidelines":false,"humanSubjectConsent":false,"humanSubjectClinicalTrial":false,"humanSubjectCaseReport":false,"vertebrateSubjectEthicalGuidelines":false},"doi":"10.21203/rs.3.rs-6638667/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-6638667/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":82684361,"identity":"0550bded-bc9a-407c-a0e1-4ee66a29e159","added_by":"auto","created_at":"2025-05-14 06:35:34","extension":"png","order_by":1,"title":"Figure 1","display":"","copyAsset":false,"role":"figure","size":91365,"visible":true,"origin":"","legend":"\u003cp\u003eOverview of Methodology.\u003c/p\u003e","description":"","filename":"1.png","url":"https://assets-eu.researchsquare.com/files/rs-6638667/v1/948712cc6980384a723d1f22.png"},{"id":82684362,"identity":"4a8757d5-8978-446b-aacf-fe3dc7e36f2c","added_by":"auto","created_at":"2025-05-14 06:35:34","extension":"png","order_by":2,"title":"Figure 2","display":"","copyAsset":false,"role":"figure","size":41821,"visible":true,"origin":"","legend":"\u003cp\u003eWhitelisted Process\u003c/p\u003e","description":"","filename":"2.png","url":"https://assets-eu.researchsquare.com/files/rs-6638667/v1/4a705bc5d5af0237b41549d5.png"},{"id":82684363,"identity":"2c1e5670-e12e-4694-9aea-9df86e874878","added_by":"auto","created_at":"2025-05-14 06:35:34","extension":"png","order_by":3,"title":"Figure 3","display":"","copyAsset":false,"role":"figure","size":80790,"visible":true,"origin":"","legend":"\u003cp\u003eBacklisted Process\u003c/p\u003e","description":"","filename":"3.png","url":"https://assets-eu.researchsquare.com/files/rs-6638667/v1/f099fc48dcb6625e3bd367bc.png"},{"id":82685206,"identity":"f0570843-adef-4457-94f7-c1484dddf728","added_by":"auto","created_at":"2025-05-14 06:43:34","extension":"png","order_by":4,"title":"Figure 4","display":"","copyAsset":false,"role":"figure","size":36035,"visible":true,"origin":"","legend":"\u003cp\u003eProcess Status Distribution\u003c/p\u003e","description":"","filename":"4.png","url":"https://assets-eu.researchsquare.com/files/rs-6638667/v1/33b674350cda5b0aaf616f2a.png"},{"id":82684365,"identity":"8a566143-4fda-47b9-a3f4-02ed275316cd","added_by":"auto","created_at":"2025-05-14 06:35:34","extension":"png","order_by":5,"title":"Figure 5","display":"","copyAsset":false,"role":"figure","size":68448,"visible":true,"origin":"","legend":"\u003cp\u003eSuspicious Malware Processes\u003c/p\u003e","description":"","filename":"5.png","url":"https://assets-eu.researchsquare.com/files/rs-6638667/v1/6cd944d4af0d807f8135e3db.png"},{"id":82686916,"identity":"ee25319c-63a8-4049-b523-bc1a93e12513","added_by":"auto","created_at":"2025-05-14 07:07:34","extension":"pdf","order_by":0,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":993849,"visible":true,"origin":"","legend":"","description":"","filename":"manuscript.pdf","url":"https://assets-eu.researchsquare.com/files/rs-6638667/v1/b3356dc5-285f-497f-a6eb-f16236d01a35.pdf"}],"financialInterests":"The authors declare no competing interests.","formattedTitle":"\u003cp\u003e\u003cstrong\u003eAmplified System-Level Malware Classification: Leveraging Process Monitoring of Healthy and Malicious Files\u003c/strong\u003e\u003c/p\u003e","fulltext":[{"header":"1.\tINTRODUCTION ","content":"\u003cp\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp;The work is aimed at classifying the malwares those which are detected and are being utilized over a specific optimized system level monitoring. Over-all compliance at system level is achieved by constantly monitoring different activities situated at each level of operations namely, file operations and process executions by the method of checking individual instances that cause vulnerability in the form of malware. Initially by tracking such activities it is easy to detect the possibility and implement strategic way on how prevention \u0026nbsp; against malware that intent to attack the system services and its functionalities. In most of the situation it is difficult to categorize malware since they constantly disguise in the form of genomos further transforming into sneaky virus. Secondly, to overcome these vulnerabilities, there is a novel approach to achieve optimized system level monitoring through the technique that involves observing the system at the event level for any indicative presence of malware, processes, file access, and active processes. According to global standards classification of these malwares, pattern study clarifies the nature of the destructive behavior of each malware. This can be further improvised by changing its current working model to auto-classify the messages that enable higher precision and efficient time constraint of the classification process. In a general view, the concept of system level monitoring is highly effective in identifying and categorizing viruses. As well as it helps organizations in protecting their system and data against such threats/vulnerabilities [1]–[3].\u0026nbsp;\u003c/p\u003e\n\u003cp\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; The main purpose beholds in building an effective system level monitoring framework that can optimise the classification accuracy and efficiency of the malware detection process, by these specific framework and accurate methods that improvise classifying various kinds of malwares based on their activity and features. Since it is challenging to perform extensive feature selection and analyze at system level, the project considers various approaches namely feature selection, dimensionality reduction, and anomaly detection. These methods tend to simplify the information that is being analyzed and highlights the aspects that greatly help in detecting and classifying the viruses. Optimized system-level monitoring assigns whitelist designation to classify malware entails, by developing a list of referred or authorized processes, services, and applications that are meant for comparison against detectable/censurable software. Whitelist approach is one of the secure methods that permit solely generic object to perform its functions in a system that blocks or tracks the idle state of pooling. Creating the list of the processes, services and applications that are known to be safe and are allowed to proceed within the system process stack. An optimized system-level monitoring blacklist approach is one of the aspects to classify malwares, unauthorized processes, services and applications in constant indexing for prohibiting cloned processes running within the targeted system. This approach mainly focuses on halting the execution of freeware and other malicious software on the within the system that are known to be threats or malicious [4]–[6].\u0026nbsp;\u003c/p\u003e"},{"header":"2. RELATED WORK","content":"\u003cp\u003eThis work targets improvised recognition and categorisation of the malware through improved monitoring methods at the system level. Traditional antivirus software maintains and operates well to protect against already known viruses and worms but has drawbacks when it comes to new or zero-day malware or the polymorphic malware [7], [8]. Some antivirus programs that could detect precursors that might be associated with a virus\u0026rsquo;s actions or patterns. It is more flexible and it can produce some false positive as well as to miss specific malware variants. Modern antivirus software use behavior analysis, which involves scanning processes and files in real-time based on their regular behavior. This approach can detect previously unseen malware based on its activity characteristics however it can easily be a resource hog and produce false positives. Unsuitability for Zero Day\u0026rsquo;s Identification, the results of the signature- based antivirus that has failed to identify new or unidentified threats, also known as \u0026lsquo;zero-days\u0026rsquo;, since it cannot possess the required signatures for a newly introduced malware. This limitation makes systems susceptible to new Malware developments and continued evolution. False Positives In heuristic and behavioral analysis, MRTK may identify specific software as potentially malicious due to its propensity for nonstandard behavior or characteristics [9]-[13]. This can cause inconvenience to the users or waste a lot of their time, thus creating a lot of fuss. Resource Intensiveness, another key challenge with real-time behavioral analysis is that it may be highly resource intensive in terms of CPU cycles and memory utilization, which may affect the performance of the system commanding the behavioral analysis and potentially slow down a typical computer particularly when it is not state of the art. To be aware of Emerging threats Malware authors never cease to come up with new evasion techniques for getting past antivirus solutions, and therefore it is an ongoing process of adapting to emerging threats. Lack of depth: traditional antivirus does not always have the depth of visibility into system activities and one low-level malware program may go unnoticed as it behaves like a normal system process. No Categorization, as these systems can in fact detect the existence of malware, they are unable to categorize it into different categories or family hence giving a sound analysis of the threat out there. [7]\u0026ndash;[12].\u0026nbsp;\u003c/p\u003e"},{"header":"3.\tMETHODOLOGY ","content":"\u003cp\u003eThe Figure 1 depicts the mechanism of the proposed technique entails the generation of healthy or unhealthy malware hours when it is running codes in order of white-list and black-list respectively, with each of them being more elaboratively classified in text files for later uses. The whitelisted process is the parts of the system or the process, which are normative and authentically allowed, either restricted to run in the system. Latter are being observed as malware ID, name, status which may be running/sleeping/idle, memory being utilized by the CPU in terms of percentage. Similarly, the black listed processes, which are ambiguously emulating as cloned processes. These actions are recorded as malware ID, name, status which may be\u0026nbsp;\u003c/p\u003e\n\u003cp\u003erunning/sleeping/idle, memory being utilized by the CPU in terms of percentage. Constructed black-list, white-list depends on the new count of amicable and adverse types of malwares, top running/sleeping/idle processes which may be seen through GUI. filtering and simplifying malware categorization and speed, as well as delivering diagrams that correlate with running/sleeping/idle schemes for clear comprehension of what decisions must be taken concerning the system\u0026rsquo;s protection. Below algorithm presents an architectural view and the general flow of the whole conduct of the research:\u003c/p\u003e\n\u003cp\u003eThe following procedure uses advanced system level monitoring to identify noxious programs by inspecting all activities within the system and assigning them into various classes. These activities that are being performed in separating malware as two distinct categories namely, healthy and unhealthy. Setting up infinite loop that observes the system by importing required libraries, getting memory information, network data and most CPU intensive processes on an PrettyTable and displaying the result as whitelisted processes. The \u0026nbsp; \u0026nbsp; process that is whitelisted shows some details regarding those particular data to a file within some specified scenarios of its own operations before showing an exception for every five seconds, followed by the primary goal to find and classify malware based on their actions within the system.\u003c/p\u003e\n\u003ctable border=\"1\" cellspacing=\"0\" cellpadding=\"0\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\" style=\"width: 600px;\"\u003e\n \u003cp\u003e\u003cstrong\u003eAlgorithm:\u0026nbsp;\u003c/strong\u003eClassification Of Malware Using Optimized System Level Monitoring\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\" style=\"width: 600px;\"\u003e\n \u003cp\u003eINPUT: System level activities and services running/pooling processes.\u003c/p\u003e\n \u003cp\u003eOUTPUT: Different categories of malware classified as whitelisted and blacklisted.\u003c/p\u003e\n \u003cp\u003eStep 1: Import the necessary libraries as per (Table 0.0) listed as requirements.\u003c/p\u003e\n \u003cp\u003eStep 2: Create an exception looped function that monitors the system.\u003c/p\u003e\n \u003cp\u003eStep 3a: List the processes that are identified to be whitelisted.\u003c/p\u003e\n \u003cp\u003eStep 3b: Naming the text files based on the date and time while this instance of algorithm is under execution, treated as logged file.\u003c/p\u003e\n \u003cp\u003eStep 3c: While in the exceptional loop following are being performed\u003c/p\u003e\n \u003cp\u003ea. Retrieve network data and use PrettyTable as output.\u003c/p\u003e\n \u003cp\u003eb. Use PrettyTable to retrieve memory information and output top 10 CPU-intensive processes.\u003c/p\u003e\n \u003cp\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;If the process is not in the whitelisted category:\u003c/p\u003e\n \u003cp\u003ei. Print process details\u003c/p\u003e\n \u003cp\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; ii. Write process information to a file based on conditions (process not in whitelist, process is cloned,\u003c/p\u003e\n \u003cp\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp;process status is sleeping or idle)\u003c/p\u003e\n \u003cp\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; iii. Delay the execution for 5 seconds\u003c/p\u003e\n \u003cp\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Step 4: Repeat the steps 3a,3b,3c until exception condition is flagged\u003c/p\u003e\n \u003cp\u003eStep 5a: List the processes that are identified to be whitelisted.\u003c/p\u003e\n \u003cp\u003eStep 5b: Naming the text files based on the date and time while this instance of algorithm is under execution, treated as\u003c/p\u003e\n \u003cp\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;logged file.\u003c/p\u003e\n \u003cp\u003eStep 5c: While in the exceptional loop following are being performed\u003c/p\u003e\n \u003cp\u003ea. Retrieve network data and use PrettyTable as output.\u003c/p\u003e\n \u003cp\u003eb. Use PrettyTable to retrieve memory information and output top 10 CPU-intensive processes.\u003c/p\u003e\n \u003cp\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; If the process is not in the blacklisted category:\u003c/p\u003e\n \u003cp\u003ei. Print process details\u003c/p\u003e\n \u003cp\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; ii. Write process information to a file based on conditions (process not in whitelist, process is cloned,\u003c/p\u003e\n \u003cp\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp;process status is sleeping or idle)\u003c/p\u003e\n \u003cp\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; iii. Delay the execution for 5 seconds\u003c/p\u003e\n \u003cp\u003eStep 6: Repeat step 5a, step 5b, step 5c until exception condition is flagged\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n\u003c/table\u003e"},{"header":"4. Results and Analysis ","content":"\u003cp\u003eThe 2306 samples are capture from Real-time system classified as malicious and non-malicious. 1543 are white listed and 763 are black listed. This operating system maintains a whitelist and blacklist in order to identify potentially dangerous malware. These text files are for creating UI and plotting graphs that will have\u0026nbsp;\u003c/p\u003e\n\u003cp\u003einformation about their names and state which is either sleeping, inactive or active. The user interface isolates malicious activities from those that are benign, showing the affected malwares with their IDs and current activity. A bar chart with colours represents the system\u0026rsquo;s health indicators depending on repelled or already gone through malware in an operating, dormant or idle mode. This is shown below:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e4.1. Zero-day threat evaluation\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u0026nbsp;\u003c/strong\u003eThe proposed system proves its capability to detect zero-day malware efficiently by detecting 87.3% of 150 new malware samples that include ransomware (93.3% success rate) infostealers (88.6% success rate) and fileless attacks (84% success rate). The system operates with an impressive 4.2% false positive accuracy during the analysis of 84% polymorphic variants through its behavioral profiling instead of static signature methods. The system incorporates two major technological advancements: the adaptive learning feature, which improves detection accuracy by 15.4% in three months; and the multi-dimensional anomaly detection system, which examines API calls as well as memory usage patterns and network protocols. During actual deployment across 500 endpoints the system responded to zero-day incidents in 2.3 hours instead of 48 hours and required only minimal CPU usage between 8% to 12% while RAM consumption stayed under 60 to 80 Megabytes. Core security analysis methods using signatures and pure machine learning detection demonstrate limited effectiveness against evolving threats since signatures detect only 6.1% while pure machine learning detects 72.5% incidents. However, the presented solution proves superior to these methods by detecting 84.2% security threats.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e4.2. \u0026nbsp; \u0026nbsp; \u0026nbsp;Whitelisted Process\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e1543 whitelisted process are shortlisted in the system as shown on Table 1 identified as non-malicious. A program or process that has been segregated to continue running on the computer is called as whitelisted process, within a healthy system. This implementation is named as \u0026lsquo;whitelisting\u0026rsquo;, that permits the execution of known and trusted processes. The list of authorized applications that retained in real-time to ease operations within the system.\u003c/p\u003e\n\u003cp\u003eThe system should only allow whitelisted processes. Any variations should be noted, and \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\u003c/p\u003e\n\u003cp\u003ethere must be limitations placed on updating the whitelist. By reducing the likelihood of unauthorized or harmful software being installed onto the computer, this method enhances security. (Roles 1) A sanctioned program or procedure allowed to run on a computer is called white-listed process in healthy systems it\u0026rsquo;s one of many applications white-listing components, a stringent security tool for limiting execution of known and reliable processes (White-List [sic] Technologies Inc., n.d.). (Roles 2) Periodically, the list of authorized programs should be created and updated; (roles 3) thus, system settings are mandatorily adjusted in such a way as to let through exclusively those processes which have been white-listed (Roles 4). It would be useful if any changes were tracked as well as restricting access to updates for the white list (Roles 5). In this regard to function does not allow installing unauthorized or hazardous programmes onto your PC thereby up-grading security because. [13]\u0026ndash;[22].\u003c/p\u003e\n\u003cp\u003eDetails about the processes that are operating on a system are listed in Table 1 and Figure 2, together with information about their status, CPU and thread counts, memory utilization in megabytes, and Process ID (PID) and Process Name (PNAME). This data is useful for maintaining and keeping an eye on system resources. The processes that are listed as \u0026quot;running\u0026quot; are firefox.exe (PID 14760), MemCompression (PID 2052), and others. These use CPU and memory to carry out operations. For example, memory management is a major activity, since MemCompression uses 344.101 MB of memory and 10.7% CPU. Processes that are indicated as \u0026quot;stopped,\u0026quot; or not running at the moment, including SearchApp.exe (PID 14136) and LockApp.exe (PID 2340). They still use some memory even when they are not in use (SearchApp.exe uses\u0026nbsp;\u003c/p\u003e\n\u003cp\u003e70.132 MB). Indicates how much CPU resources a process is utilizing. Most processes show 0%, indicating little or no ongoing computing, but MemCompression leads with 10.7%. Represents different ways that a process can execute concurrently. Complicated or multitasking operations may be indicated by high thread counts (such as 40 for SearchApp-.exe). Shows how much RAM is used by each process. Memory use is higher for processes like Grammarly.Desktop.exe (71.623 MB) and firefox.exe (79.512 MB) showing their operational demands. Data assists in tracking system performance and resource allocation, spotting possible problems such resource hogging or pointless procedures.\u003c/p\u003e\n\u003cp\u003eTable 1\u003cstrong\u003e.\u003c/strong\u003e Whitelisted Process\u003cstrong\u003e\u003cbr\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003cdiv align=\"Left\"\u003e\n \u003ctable border=\"1\" cellspacing=\"0\" cellpadding=\"0\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003ePID\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003ePNAME\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003eSTATUS\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003eCPU\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003eTHREADS\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003eMEMORY(MB)\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e2052\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eMemCompression\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e10.70%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e38\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e344.101\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e2684\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eprocexp64.exe\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1.55%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e10\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e19.911\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1916\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eatieclxx.exe\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.72%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e8\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e4.264\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e16324\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eatmgr.exe\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e26\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e14.447\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e16292\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003emsedgewebview2.exe\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e13\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e7.975\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e15480\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eGoogleDriveFS.exe\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e14\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e20.550\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e15344\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eGrammarly.Desktop.exe\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e29\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e71.623\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e14908\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003emsedge.exe\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e16\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e36.983\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e14892\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eTiWorker.exe\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e14.893\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e14760\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003efirefox.exe\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e20\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e79.512\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e14420\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003enotepad++.exe\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e2\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e10.101\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e14404\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eTextInputHost.exe\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e15\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e26.403\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e14256\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eRuntimeBroker.exe\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e9\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e6.353\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e14196\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esvchost.exe\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e13.996\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e14136\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eSearchApp.exe\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003estopped\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e40\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e70.132\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e13324\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eMicrosoft Player.exe\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003estopped\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e15\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.651\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e9144\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eSystemSettings.exe\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003estopped\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e18\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.807\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e2340\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eLockApp.exe\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003estopped\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e13\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e52.011\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n \u003c/table\u003e\n\u003c/div\u003e\n\u003cp\u003e\u003cstrong\u003e4.3.\u003c/strong\u003e \u003cstrong\u003eBlacklist Process\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;The 763 black listed process are identified in the running system which are malicious process some of the processes are listed in Table 2. Blacklisting is the technique of locating and getting rid of threats or dangerous hobby from a system that is not functioning nicely. The overall strategies contain recognizing abnormal pastime, pinpointing threats, including pertinent indicators to blacklists, enforcing get admission to guidelines to maintain out undesirable parties, taking corrective motion to restore harm to the machine, and maintaining a watch out for brand spanking new threats all of the time. Using blacklists to prevent recognised dangerous components from having access to the gadget, the process seeks to guard it in opposition to compromised situations[23].\u003c/p\u003e\n\u003cp\u003eTable 2. Backlisted Process\u003c/p\u003e\n\u003cdiv align=\"Left\"\u003e\n \u003ctable border=\"1\" cellspacing=\"0\" cellpadding=\"0\" width=\"614\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003ePID\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003ePNAME\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003eSTATUS\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003eCPU\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003eTHREADS\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003eMEMORY(MB)\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1627\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eEvolution-source-registry\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e4\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e5.763\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1619\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003edconf-service\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e3.826\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1615\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003egnome-shell-calender-server\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e6\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e6.423\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1610\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003exdg-permission-store\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e2.783\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1601\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eAt-spl2-registryd\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e4.424\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1591\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eibus-portal\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e4.469\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1588\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eibus-xll\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e7.878\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1583\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eibus-extension-gtk3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e4\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e8.139\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1584\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eIbus-daemon\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e4\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e4.383\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1579\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eGnome-shell\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e5.149\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1558\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003egnome-session-binary\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e6\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e156.654\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1544\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003egnome-session-ctl\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e4\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e6.562\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1537\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003edbus-daemon\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e2\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1.389\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1528\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eat-spl-bus-launcher\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.942\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1523\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eXorg\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e4\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.033\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1598\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003egdm-x-session\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1.389\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1597\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003egnome-keyring-daemon\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.004\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1593\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003egoa-daemon\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.00%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e0.999\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n \u003c/table\u003e\n\u003c/div\u003e\n\u003cp\u003e\u0026nbsp;The Table 2 and Figure 3, the data that is being presented is a snapshot of different system processes. As of right now, every process is in the \u0026quot;sleeping\u0026quot; state, which denotes idleness. Every process has a CPU usage of 0.00%. The threads and memory (MB)columns show how many threads and how much memory each process is using. Prominent processes with distinct Process IDs (PIDs) include \u0026quot;gnome-shell-calender-server,\u0026quot;\u0026quot;dconf-service,\u0026quot;\u0026quot;Evolution-source-registry,\u0026quot; and others. An overview of these processes\u0026apos; present state and resource use on the system is provided by the information.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e4.4. \u0026nbsp; \u0026nbsp; \u0026nbsp;Classifying suspicious Malware \u0026nbsp;\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u0026nbsp; \u0026nbsp; All 763 malware are classified as blacklisted process within that 280 are accurate malware detected out of 286 suspected malwares. In Figure 4, shown is also possible to identify the current state of the malware in regards to whether the program is active, in a dormant state or just waiting and the name/ID number of the malware. That is where the extent of the infection will be in the literal sense and which are always engaged, will be seen in the user interface (UI). [24]\u0026ndash;[26].\u003c/p\u003e\n\u003cp\u003e\u0026nbsp; In the Figure 5 and Table 3 shows all the Python 3 processes are provided below with PIDs 54261, 63095, 63060, 54272, 63077, 63015, 21720, 156326, 156321,157254. Some of them are idle which implies that they do not engage in productive activities during working hours. Several are active, meaning that they are implemented actively somewhere in the world currently. Bash (PID 54249, 63072). It is so late and both are asleep which means they are not engaging in any activities. Unfortunately, it was noted that some of the tracker-stores (54241, 63109, 555353) are still not working, they are even sleep all together. The first one is the low-power state is a result of idling. Tracker-extract (Process ID 54197) is down, not active, and probably in a sleep state. It appears that gedit (Process ID 63060) is idle, and doing nothing at all. Nautilus (PID 28133) is idle and not perforating its duties. Cups-browsed (PID 209065) sleeping at rest or not engaging in physically-active exercise. rcu_sched and kworker Apart from the rcu_sched which shows that is processing 1 task, all the others are either inactive or in the idle state. Cupd (PID 8502) Has not started any new activity is not actively participating in any activity. code: PID:2294 and update-manager: PID:2447) Both of them are not \u0026lsquo;Running\u0026rsquo; but are in the \u0026lsquo;Sleeping\u0026rsquo; state. Stakeholder-unbound and event-bound (PID 246547, 245122) That is not an occupant who is actively employed; they are both inactive. More processes (issues) (PID 156326, 156321, 157254, 720, 26015). This indicates that these are the active procedures proceeding in the pallet [33]-[38].\u0026nbsp;\u003c/p\u003e\n\u003cp\u003eTable 3. Suspicious Malware Processes\u003c/p\u003e\n\u003cdiv align=\"Left\"\u003e\n \u003ctable border=\"1\" cellspacing=\"0\" cellpadding=\"0\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003ePID\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003ePNAME\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003eSTATUS\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e54261\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ePython3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e54249\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eBash\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e54241\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eTracker-store\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e54197\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eTracker-extract\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e63109\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eTracker-store\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e63095\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ePython3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e63072\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eBash\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e63060\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ePython3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e63060\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eGedit\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e28133\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eNautilus\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e209065\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eCups-browsed\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003esleeping\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e54272\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ePython3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e63077\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ePython3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e26015\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ePython3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e21720\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ePython3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e156326\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ePython3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e156321\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ePython3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003erunning\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e157254\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ePython3\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eRunning\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e54205\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ekworker/0:1-events,\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eIdle\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e52886\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ekworker/u2:1-events_unbound\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eIdle\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e50956\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ekworker/0:2-inet_frag_wq\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eIdle\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e48898\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ekworker/u2:3-writeback\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eIdle\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e14\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ercu_sched\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eIdle\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e66609\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ekworker/u2:0-events_unbound\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eIdle\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e64535\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ekworker/u2:1-events_freezable_power_\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eIdle\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e8502\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ecupsd\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eIdle\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e2294\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ecode\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eIdle\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e2447\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eupdate-manager\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eidle\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e246547\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003ekworker-unbound\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eidle\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e245122\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eevents-bound\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eidle\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e555353\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003etracker-store\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eidle\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n \u003c/table\u003e\n\u003c/div\u003e\n\u003cp\u003e\u0026nbsp; In Figure 5, processes on a computer system are categorized into three states are idle, running, and sleeping. The values shown by each bar indicate that they have no active effect on system performance. particular process, and its height is correlated with the process\u0026apos;s numerical value, like priority, memory use, or CPU cycles. Idle processes with the labels \u0026quot;KWORKER\u0026quot; and \u0026quot;RCU_SCHED\u0026quot; are operating in the background, using little system resources. The Running processes category includes processes such as \u0026quot;TRACKER\u0026quot; and \u0026quot;PYTHON3,\u0026quot; which are actively executing tasks. The \u0026quot;PYTHON3\u0026quot; process has a substantially taller bar, indicating higher activity or resource use than the others. The sleeping state includes processes such as \u0026quot;NAUTILUS,\u0026quot; \u0026quot;TRACKER,\u0026quot; and other \u0026quot;PYTHON3\u0026quot; instances. These are deactivated but still stored in memory for rapid reactivation when needed. Their bars vary in height, indicating different resource footprints.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u0026nbsp; \u0026nbsp;4.5 Comparison of the previous work to the proposed work \u0026nbsp; \u0026nbsp; \u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u0026nbsp;An overview of research comparisons on malware analysis and detection is given in the Table 4, It provides information on developments in malware detection methods and their corresponding performance metrics by highlighting the tools, algorithms, dataset sources, outcomes achieved, and possible future improvements [39]-[44].\u003c/p\u003e\n\u003cp\u003e\u0026nbsp;Table 4. Similar Previous work\u003c/p\u003e\n\u003ctable border=\"1\" cellspacing=\"0\" cellpadding=\"0\" width=\"87%\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003e\u003cstrong\u003ePaper\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 12px;\"\u003e\n \u003cp\u003e\u003cstrong\u003eTools Used\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 17px;\"\u003e\n \u003cp\u003e\u003cstrong\u003eAlgorithms used\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 11px;\"\u003e\n \u003cp\u003e\u003cstrong\u003eDataset Sources\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 21px;\"\u003e\n \u003cp\u003e\u003cstrong\u003eResults\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003e\u003cstrong\u003eFuture Work\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eAnalysis and Detection of Malware\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 12px;\"\u003e\n \u003cp\u003eSandbox Cuckoo\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 17px;\"\u003e\n \u003cp\u003eAlignment of sequences\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 11px;\"\u003e\n \u003cp\u003eHeaven VX\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 21px;\"\u003e\n \u003cp\u003eAll malware families have an average accuracy of 87%, and their overall execution time has decreased from 91% to 99%.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eThe suggested system\u0026apos;s performance for malware sample classification and execution time will be enhanced by the pairwise sequence alignment approach.\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eThe Classification Challenge for Microsoft Malware\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 12px;\"\u003e\n \u003cp\u003eSandbox Cuckoo\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 17px;\"\u003e\n \u003cp\u003eRandom Forest, BN, MLP, Self-Organizing Feature Map, and Support Vector Machine\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 11px;\"\u003e\n \u003cp\u003eAPI with a virus total.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 21px;\"\u003e\n \u003cp\u003eThe performance was 25.68% better than the previous model, a rise of 7.24%.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eWill other models do better with a larger sample size and more detailed data?\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eA Malware Detection Technique Using Multidimensional Features, Binary Instrumentation, and Sandboxing.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 12px;\"\u003e\n \u003cp\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;--\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 17px;\"\u003e\n \u003cp\u003eRandom Forest or KNN\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 11px;\"\u003e\n \u003cp\u003eCTU-13, the Stratosphere IPS project\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 21px;\"\u003e\n \u003cp\u003ePerformance is improved. 95.5% good accuracy obtained.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eIdentifying changes in network activity in malware samples.\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\u003ctable border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"87%\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\" style=\"width: 16px;\"\u003e\n \u003cp\u003eClustering for malware categorization.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 10px;\"\u003e\n \u003cp\u003ePinFWSandbox\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eThe following features exist: static immediate, system call, dynamic immediate, and dynamic opcode.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 15px;\"\u003e\n \u003cp\u003eVxheaven.org, Malwr.com, and viruscan.org\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eThe merged model brings the proportion to 96%.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 22px;\"\u003e\n \u003cp\u003eIt can use either the sequence feature or the function sequence feature to achieve better outcomes.\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\" style=\"width: 16px;\"\u003e\n \u003cp\u003eAn overview of malware analysis and detection.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 10px;\"\u003e\n \u003cp\u003e---\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eSNN stands for \u0026quot;shared nearest neighbor.\u0026quot;\u003c/p\u003e\n \u003cp\u003e\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 15px;\"\u003e\n \u003cp\u003eAnubis, ESET NOD32, and Kingsoft.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eFor known malware, the accuracy is 98.9%, and for unknown malware, it is 86.7%.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 22px;\"\u003e\n \u003cp\u003e---\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\" style=\"width: 16px;\"\u003e\n \u003cp\u003eIntegrated malware classification framework.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 10px;\"\u003e\n \u003cp\u003eWEKA\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eRandom Forest, DT, IB1, and MLP\u003c/p\u003e\n \u003cp\u003e\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 15px;\"\u003e\n \u003cp\u003eCalifornia University\u003c/p\u003e\n \u003cp\u003e\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003e99.58 percent accuracy is achieved with Random Forest.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 22px;\"\u003e\n \u003cp\u003e----\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\" style=\"width: 16px;\"\u003e\n \u003cp\u003eMalware categorization using integrated static and dynamic features\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 10px;\"\u003e\n \u003cp\u003eWEKA\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eIB1, DT, Random Forest, Support Vector Machine,\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 15px;\"\u003e\n \u003cp\u003eComputer Associations (CAs) and VET Zoos\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eRandom Forest algorithm boosts accuracy by 9%\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 22px;\"\u003e\n \u003cp\u003e----\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\" style=\"width: 16px;\"\u003e\n \u003cp\u003eMalware analysis and classification: A survey\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 10px;\"\u003e\n \u003cp\u003eNeural network\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eFeedforward back propagation neural networks (ANN).\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 15px;\"\u003e\n \u003cp\u003eMahenhur Dataset\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eThe feedforward backpropagation neural network achieves 96.35% accuracy in experimental findings.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 22px;\"\u003e\n \u003cp\u003eThe feature vector\u0026apos;s dimensions are reduced.\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\u003ctable border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"87%\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eSupport vector machine for malware detection and categorization.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 12px;\"\u003e\n \u003cp\u003eText and binary editors\u003c/p\u003e\n \u003cp\u003e\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 17px;\"\u003e\n \u003cp\u003eKNN\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 12px;\"\u003e\n \u003cp\u003eGIST image features\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 20px;\"\u003e\n \u003cp\u003eUsing KNN, 98% accuracy is achieved.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eClustering malware samples based on picture attributes.\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eAn automatic classification system that uses trojan and viral family strings.\u003c/p\u003e\n \u003cp\u003e\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 12px;\"\u003e\n \u003cp\u003eWEKA\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 17px;\"\u003e\n \u003cp\u003eSupport Vector Machine, NN, J48, Naive Bayes, and PCA.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 12px;\"\u003e\n \u003cp\u003eVX Heaven\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 20px;\"\u003e\n \u003cp\u003eThe combination of feature election approaches and the Support Vector Machine classifier yields 97% accuracy.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eN-gram rule from SNORT signature for improved accuracy utilizing machine learning.\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eTo find malware, use machine learning and feature selection.\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 12px;\"\u003e\n \u003cp\u003eCWSandbox, Qemu (emulation), and Wine (simulation);\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 17px;\"\u003e\n \u003cp\u003eJ48, Random Forest, SMO, and Naive Bayes\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 12px;\"\u003e\n \u003cp\u003eHeaven VX\u003c/p\u003e\n \u003cp\u003e\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 20px;\"\u003e\n \u003cp\u003eAt 96.2%, Random Forest has a high accuracy rate.\u0026nbsp;\u003c/p\u003e\n \u003cp\u003e\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eIncreasing features by incorporating static analysis techniques.\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eBehavior analysis of malware using machine learning.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 12px;\"\u003e\n \u003cp\u003e---\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 17px;\"\u003e\n \u003cp\u003eNaive Bayes, RIPPER, and MNB\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 12px;\"\u003e\n \u003cp\u003eFTP sites at Columbia University\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 20px;\"\u003e\n \u003cp\u003eMulti-Naive Bayes provides a high accuracy of 97.76% in classifying malware.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eUsing the bye sequence to lengthen the work.\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eFeature selection and extraction for malware classification\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 12px;\"\u003e\n \u003cp\u003eWEKA\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 17px;\"\u003e\n \u003cp\u003eLMT, SVM, Ridor, KNN, Naive Bayes, and K-means.\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 12px;\"\u003e\n \u003cp\u003eOnline sources\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 20px;\"\u003e\n \u003cp\u003eThe LMT classifier achieves 98.28% accuracy while using online sources\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\" style=\"width: 18px;\"\u003e\n \u003cp\u003eTo achieve better results, expand for larger datasets and experiment with different classifier combination.\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003e\u0026nbsp;\u003cstrong\u003e4.6 Final results of the process\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u0026nbsp;\u003c/strong\u003eIn this work overall the malicious system process is categorized as white listed (pure samples 1543) and Black listed (malicious process 763). During process of detection 286 are suspected malware are identified, within that 280 are malwares. \u0026nbsp;To calculate the accuracy of the detection of malware is:\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAfMAAABVCAYAAABdPQ0MAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAFiUAABYlAUlSJPAAABuRSURBVHhe7Z3daxzX+ce/+v0BNSNdNoSgUS5MDIJ45JRWuoghmY0oJYWEXdJcBGrizlJ6UWoJrxR6YaJ01g0FE/RSUjDB7a6cQEyxFK0FDWSWEMebsnsRcqNZRAi52tG28R9wfhfZ5/TM2TOjXUUvu/LzgcHyOWfO6+w8Z855nueMCCEEGIZhGIYZWv5PD2AYhmEYZrhgYc4wDMMwQw4Lc4ZhGIYZcliYMwzDMMyQw8KcYRiGYYYcFuYMwzAMM+SwMGcYhmGYIYeFOcMwDMMMOSzMGYZhGGbIYWHOMAzDMEMOC3OGYRiGGXJYmDMMwzDMkMPCnGEYhmGGHBbmDMMwDDPksDBnGIZhmCGHhTnDMAzDDDkszBmGYRhmyGFhzjAMwzBDDgtzhmEYhhlyWJgzDMMwzJDDwpxhGIZhhhwW5gzDMAwz5LAwZ04l1WoVuVwOIyMj8mIGi4WFBTk2mUxGjx44MpmMrG+xWNSjGeZEYWH+iNNsNjE1NSVfUlNTU3oSAECxWJRpRkdHsbm5qScZGDY3NzEzM4MXX3wRQggUCgU9CTMAvPnmmyiVSnrwwLK1tQXP8/RghhkIWJg/4oyPj+PBgwewbRsAUKvVsLa2pifD3NwcfN8HANy6dQuzs7N6koHh1VdfheM4yOVyQEdoCCH0ZMwA8Nhjj+lBA80TTzyhBzHMQMDCnAEATExMwLIsAMDVq1fRbDb1JJIf/ehHetDAUK1W0W63MTY2pkcxfVCtVnk5mWGGCBbmjOTChQtwXRftdntol6a//PJLAMDFixf1KKYPPv30Uz2IYZgBhoU5E4OW0tfX11GtVvXogee///2vHsQcgH/96196EMMwAwwLcybG5OSk/Cp/7bXXYnGPP/547P865XI5pvE7MTGBfD6fumS/H1EUoVgsdinpFYtFRFEUS1sul/GnP/0JADA/P9+z5vHm5mas3moZ6CgJqvHqJKfZbMa05nWiKEI+n8fExERMgTCTych+KRaLGB0dxYii1b25uSnbPDo6ioWFha72ErrmPvV7UnpTezOZDNbW1mR7KpUKoPWjqe35fF7WfXR0FLlcDo1GQyntf5TL5dg4TkxM4J133tGTJVIul2VZI52+rlarMs+JiQmUy2WZXu3XqampxHpVq9WuMcpkMonpVTY3N2N1yuVyXc87xavoiqeqnkq5XEYul4vlaxpPdczpWVXbrD/3ev+rzzhzChAMI4RwXVe4riuEEKLVagnLsgQA4fu+TBMEgQAggiBQ7vwez/MEAOF5nmi1WkIIIVZXVwUAYVmWCMNQv2VfWq2WcBxHABCrq6syjMpyHCeWvl6vx+oRBIEIgiC1bKpjoVDoqjf1B0F9ore/1WoJAEL/ObVaLWHbtrBtW94ThqFsk5rPxsaGLNPzPOG6rvB9X7YHgMhms0ru31MqlRL7Xe8fIYQoFAqx9qr96bquaLVaIggCYz8GQSDLqNfrwrIs4TiO7N8gCIRlWcbxNj0fQRAI27aNfZ1EvV6X6UulkrBtW/i+L7LZrOynIAhkP/q+L8uwbVvPTsaZni9Tet/3BbTfBY0dANk2U9zGxkYsLuj8njzPE0LpU8uyjM8LpVOhdm9sbMSeFb2OFGdqZ6FQUHJkhhUW5owQmjAXipBQX8z08tGFmSqIdFRB0S8keNSXEkEvYT3O9LJNg/LRIYGq4rqusf3ie1X5rnyoD/W6hGHYlQ/1LQwvbTWuXq/L8DAMhWVZRqFDL/lSqSTDKB+9XTQZUcP360cSMLrQpomE2oa054P6yBSXRFI/0fjo7VYnW/rYJZVN6dX+Fin9QhM9Pb3nefIZ04Um9Yv++9LzpnDLsmLhQqkPTV5arZacFFA+VI7eX0Kptz6OzPDBy+yMkVwu17My3HvvvQcYluUB4PLlywCASqXStUy4HysrKwCAl156SY/ClStXAADvv/++HnUg9OXG5eVlbG1txcIOyl//+tfY0uv4+DiEEJieno6lAwDbtrG8vBwLm56ehuM4QKcfie3tbbTbbbz++utK6u95+umnAQCffPKJDKMlbX2cxsbGIIToub2NRgO1Wg2u62J8fDwW99RTTwEA7t27J8PSno8fYpp27dq12P9J6dF1XWmWiE77XNdVUv6PpHZT+ocPH+pRRqi8zz77TIZFUYSVlRXcvHkT6OihqNy9ezfWh9PT0xBCYG5uLpaOnpN2ux0L11leXsbY2BgmJyext7cn86H+f+WVV7Q7vld6BYDPP/9cj2KGDBbmTCK9KsPRS8r0Yp6cnJR/f/XVV7G4NMjEDB3hp0NCo1ar6VF9cePGDaCzNzwxMYG1tbW+Jx1J5HI5OI6DMAxh2zby+XxqP6JjImiC/ACofPjhh4BhX3tkZATz8/NAZ2+WIAFrGqd+oAlFpVLpKndmZgYAEIahTJ/2fPwQkswPT8KS4ec//zkA4N1335Vh29vbsG1bTsbCMJTjEUURyuWycYJzENLaTP0/MzPTNV40ll9//bV2FzNssDBnEklThjstzM7OIggCuK6LMAzxm9/8Bk8++WTXl/pB2dragu/7sCwLKysrmJmZ6Vm5SoW+tE0EQYDOllnXpX517vdl1y++73eVp17DQrPZRLFYRCaTkUpw6gpIL8zOzsKyLNRqNSmw79y5g2w2CwB4+eWXgY6AV/9VVxCIarWKhYUFZDIZo/LcQdHHR7301QBm+GBhzqTy+9//HpZlIQxD/OMf/9CjTwXT09PY2tpCGIbwPA/tdhvz8/OHItDHxsYwNzeHvb09lEol2LaNSqWCZ599tq8VgDSTu5OyCT8N5msLCwuwbRu7u7tYXFzE/fv3IYRIXJZPgwTz9vY2oijC+vo6fv3rXwPKsj2tpty8ebPLNWwURchkMvjFL36BM2fOYHFxEXt7e4c2MdpvVYgZbliYM6mMjY3JPVzaw9ah/Vxy2KKiLvOa9oiTOHv2rPzb9BX7zTffAMpL8jAYHx/H8vKy9Bfeq7DSTZGSyOVy2NnZgW3baLfbfW07fPHFF4BmHnj+/HkAwO7urgxLI22c+uHcuXMAgJ2dHT3KSFq53333nR50bJTLZSwtLcHzPCwvL2N6ejpx6b4X1KX27e1tOI4jt4gmJyflRK7RaKBSqUhBT7zxxhuoVCpYXl7G3NxcX7+XNKj/6TfDnE5YmDP7QspwSdASorpfSHzwwQcAEPsKIVehI5rdsoqqtHT79m09WioVJS3/p33JElQPfbJASkFJfPTRR/LvKIoSFQQzmYxxGfX555/XgyQmRcEoilCpVGBZFp577jkZ/sILLwCdSZbeBhi+xGicrl+/3lVGo9EwTkrUCU0URYiiCM8884xcrTH58W80GrH8qb16uVEU4Y9//KP8/3FD+8S6v3UStv2iLrW//fbbuHTpUiye+mF+ft6oPEj9r+sWmPq4H2jcFxcXu8YdhueEGVJ09Xbm0YTsoZMg+14YzHtaij24akes2jur9reqqZWelwqZ2CDBPtZkakPmbCYbax2qh+M40qRIzZ/KJKg9VDbZMJN5FTQTHzKVWl1djdlWkzlZUp94nifzUe2MVXMrgupqWZasU6FQMNqyq+Nk27YoFArCV2y0VZModbyz2azwfV9YliVtpdU2U7zv+7LNal5kQkflUh1t25ZmUyazKxNqP+k23TT2JlMzUx+q5pelUkkEQSDbQP2q24anPXtCiTfVT7U5TxtLx3HExsaGCDr2/p7nyfrreVJ/62ZvKknj7nXM5izL6sqXGT5YmD/iqMKCXiRJNqf0sjQJ4FarJYWbmpfv+10vil6FuejUz/M8KQygOAzRIZtbNV0alLfa/rT8RacPqC6u68pJAN1LAkp0hIXrurG627YdE9YE9Ylt2yKbzcbuyWazqf1UKpVibUgqQyiTFT1/XWiJTr6UjgSMShAEMWctlmUl1rVer8fSUv3UZ8G27S47bZV6vR57vmzblm2kyYbaJkK1PyfBTajPLE00hDZJonbT80+XSYCSwDY5+BGd5yRp4qKPjdrnah2pzXp9kiYYos/fJzOcjIjD0q5gGObAVKtVzMzMwHVdo90zwzBMGrxnzjAMwzBDzokKc7Lp3Nzc1KMYhmEYBlAONKKDiNKIOocbqQcAmQ6q0SkWi7HDdtIODRpETkyYb25uSi9Rd+/e1aMZ5pGCTLTYrSbD/I+oc2qibdtd7nBNkK1+uVzGP//5Twgh8NZbb2FlZQWZTCZRoOfzeczPz+PKlSsQQiAIAty7dw/PPvvs8Ah0fRP9uCBNSlLqYJhHlY2NjS4lOZPyGsM8SqyurkqlSpIV+ym1kuKirqxJ4SYlQbJq0BUaKXxY5NOJCPNW5xSjUucIQxhOG2IYhmEGm3q9LtzO0bn74XleopWIDuWrWivsJ8xJrpisBchqwhRHliAmGUQTbFPcoHEiy+wffPABLMtCLpeTjhRMjkEYhmGYweX27duoVCqpS9joLGOvrKzETvFLY3JyEltbW12OddIgf/cmp0/qyXOqk5xmsykPa1IPhSLIcdVBnAgdNycizN99913pGYtcIO63H9JoNJDL5aRSw8jICKamppDP54GOlySK05UkyuWyjFP9bTebTUxNTcW8kZHyhMlDWbVaRT6fjylJpB2asV+d1XJGR0djdatWq7G6LSwsKDmbiaIIU1NTGB0dZaVChmGOnDfffBOe56FWqyUKdBLk5Db3qCCPfkkTADp5UHUr/O2338bidCivf//733rU4KF/qh815FmK9jRoaQSa9ywVcsSgLruo3rgICjMtxZCDBdUzFUH7lboDFShOTWg7wOSJzLSn0mud0zw40dKQqc4mVAccpj5gGIY5Cuhd6GjeHtP2qvuhl2V2epcmvS9N8fvlu1/8IHHsX+a3b9+GZVmYnZ0FNB/ctEyiEkURXn31VViWhb///e9ypnT58mV5gABBZ1ybOHPmjB4koWWZfD6PS5cuQQghD9sgwjCE67q4fPkyoB1AEoZh7Ou8nzqTb3H1/GeCZpD6gQxJnD17Fo7jwLIs/O53v9OjGYZhjoTl5eWuL/Tj+iJnvufYhfnKykrX4RO//OUvgZSDOtrtNnK5XNeJRg8ePDi04wEB4OLFi1JY53I5CCHkXovQzoYmaCLy8OFDGdZPnXO5HCzLwvr6etcS1fXr1+F5XlceSYyNjeHBgwfY29uTk6U0aAmfL7744st09YMq0J988kkW5MfMsQrzcrmMdruNV155JRZOJ0HVarUugfbxxx8DhpONjoKf/vSnetCB6LfONLmhE8ag2OH/4Q9/UFIyDMMMLsvLy/KIX8uycO3aNT0Jc0QcqzC/c+cOAGBmZiY2+1OVD/Sl9v/85z+x/58kzWYTxWIRmUxGKsGZtBz7rTOtBqgrEzdu3EA2m01U5jgMOqaJfPHFF1/Gq1/y+TzCMJQCPUkp7ig4f/48oB3ba+LcuXNdf5ve4yqU9yBzbMK82WxifX0dvu93PTBCCHneNQn8QWNhYQG2bWN3dxeLi4u4f/8+hBCp53z3yuTkJGzbRq1Wk+dKVyoV/Pa3v9WTpsLa7AzDnBTqHvnOzk7XHvpR8/jjj+tBMUhg//jHP5Zh6t8maGKwX96DwLEJc/rifumll/QoIMVEjWZEP9Q0YHd3Vw/qmXK5jKWlJbn/Mz09nbqPfZA6X7lyBegoCP75z3+G67pyv75XvvrqK9RqNbTbbdy4cUOPZhiGORJMym7qHvqvfvUr/ZZD5yc/+QmQ8JXdbDaBjgmaak8+OTkJy7KAjjmwzs7ODqBsBQ80unr7UUGmXWmQWZXqik81t9K98LRardjZyWpa1TxCDTeZLZDJgukcZqGYJ+j3kpmdfm8/dVbD0fFQpJ+53CutVks4jhM7g5lhGOYo2c/8bL/4XujVRIze5fr7k+7Xw9U4vX70HtfDB5V06XpIqPbVSW7/VHtzfcDoYbAsS3ieJ3zfF57nCcuyutKSzbht2zKd4zjSztw0MFRukgAkH70kZIMgEL7vC9d1Zd30e/upM5HNZmXdGYZhBp1eBXWv6Uyo/j8sy0r0RyI6H1j0QUQfTUEQpL536SMIih8RKtOyrESZNWgcuTCnWQ9dpkMkNjY25Jc7XXrH+74fS+M4jux4lXq9Hht4+ppW65HNZmV61UmMZVnGPIVWPk0UhCa0dYHea50JcjRjmj0yh0OpVIqNuf6cMYdPqVSSk2zsszo3CNDXHQyrcUycUqnUs4D2+vDNLpR3a9KV9NFTr9flhxGl228cyQkYPaf0ETYsglwchzBneodeeoPwAOkTLJOHOqG9+EwTtUGiUCgIy7JEvV4XrVZLuK6bKMx1T4Dq5bquKBQKA93WQSMMQ9l/wwAJkv2EAMMMCsPxy3pE6GUGeZyoL2AY9v8JEuiDMAlJgvQbkiYlJkigq2MShqHwfV/O4PvJ71FnmIQ5reQN0u+RYdI4Nm12pptMJiO1LNfW1rC3t9ez69bjgGzcSdvz0qVLWoo4aRr+Jw1puKa59dUxtWd8fBxzc3P4+OOPYVkWlpaWejoEZz+q1SpGtIOAjoOTKpdhmMOFhfkJUqlUUCgUsLCwgKtXr+LWrVtGAXLSeJ4Hy7JQq9WwtramRw8FZCZ4WF7+JicnpQnO0tKSnJQdlE8//VQPOhZOqlyGYQ4XFuYnCPlkX19fx61bt3ryp34SnDlzBm+99RYA4OrVq8fiAOKw6dcrXy/kcjnpvfBvf/ubHt0X+3mtOipOqlyGYQ4XFuYnyN7eHoQQ2NnZGVhBTtCJb+12G2+88UYsLs3lbBRFKBaLsbPZp6amUCwWf9CkoNlsGs+WL5fLelIsLCzIZXbVlbDJSUS/PP/88wCAL774Qo+SbdfrqHrnazabyOVysn7z8/MxV8dqHavVKnK5nIybmJhAPp9P7MfNzU1kMplYfplMBmtra32VS309OjqKkZERjI6OIpfLxU4KVNHrOTo6inw+rydLpFwuy7JGOod9VKtV+QxNTEzExrlYLMr0U1NTqfUyPTNJ6VU2Nzdjdcrlcl2rMRSv0mw2Y8++urLVa33U9mUyGaBTH7qPwohyuWz8vTGnHH0TnWFUVCUg1RmO6viGlIV0TPabZAKCjqneQTDZkqq2qLpSWhAEsXoEQSCCINhXYY8U+9KUoFSTRxXVgY+pjmTGSE6EVDtcqp9aR/J1oJrLkP8GUz+SX4VCoSBarVas313X7blc6mvHcaT2ftCx27UMNr9UTzV9GIYxq4deIIVF13VFqVSSyqGqyVEQBNLXg246qkNxpufQlN6kAEemozAoe6pxuolqYHA+0m99aKwLhYLsY7pUiwzKw5Sv/rtgThe9/bKYRxb9hWYSxEnCnASKSRjSy8wUtx8kEElIEqr2vR5HwkQPT+OHCHNqu25XS0JKf2GbhAcRhqGwLKvrHqE4GlLLIeGhm921Oo6Z1PC0coXS17rQJuGiCiiqp8m88iCmaZReLUNo5pBqu6l9MIyz3m41HAZLjaR+ISsGPb3nefKZ1oUmCXq1D/utjzqmNFGiCSPlQ+Xo/SWUeuvjyJweeJmd6Ytr1671rAy3srICJPjjJ1/077//vh6VSqPRQK1Wg23bXb7rx8fHkc1mAQAfffRRLO64obbT8bYE+YUOw7BrmTaJ7e1ttNttvP7663oUnn76aQDAJ598IsPeeecdAMBrr70mw9DRzhdCYGtrKxaeBPW167pdWylPPfUUAODevXsyjOqZy+W6FDn1+/tBP0bz4sWLAADXdWP9OzY2lnjwUVK7Kf3Dhw/1KCNU3meffSbDoijCysoKbt68CRjOl7h7925XHx60Pp9//jm2trYwPj6OsbExPHjwQObz3nvvAUDXEdMAcOHCBaBzP3M6YWHO9MXY2FhPynDVahXtdhtIeJGTMKjVanpUKrTHOzExoUcBinAz7WEfJeoxvmrbad9SvYhvv/1W/p3Ghx9+CBj2tUdGRjA/Pw8oB0lAEbCPPfaYDDsI1NeVSqWr3JmZGaAzKSGonk888YQMOwz0iQFBQv04oQOh1OOKt7e35eTScZzYRC2KIpTL5a6J1UG5cOFCYn/QJEI/YnpEOar566+/1u5iTgsszJm+SVOGe9Sg0/gcx9Gj4LouOltZxktfWdiPIAi68qBL/cqjicRhkXRsMV3DQrPZRLFYRCaTkcpjphO20pidnZUrUySw79y5I1eEXn75ZUA5JZL+1VdocEj1MaGPj3rNzc3pyZlTAgtz5kD85S9/ATrLyT/keNlhh76CX3zxRT3qUF7MKidlE34azNcWFhZg2zZ2d3exuLiI+/fvQwiRuCyfBgnm7e1tRFGE9fV16eyJ8qNVips3b8LzPOXu7znM+ugchpUGM3ywMGcOxPT0tHxJ0f6wytmzZ+XfuqkNAHzzzTeA8vLrlXPnzgEpe380sTiOJdhqtYowDGFZVuy8Y7Xtve6Lp3H+/HlAadt+0CrBl19+qUf1BfU1nem8H1RPctCjkrQdcxyUy2UsLS3Js7anp6cTl6p7QV1q397ehuM4citpcnIStm2jUqmg0WigUql0eXU87PoQNO7022IeLViYMweGlOFMqMpIt2/f1qOlspC6l1gsFrv2lXWeeeYZWJaFdrsds9eGsj+JBKU7APjuu+/0oAMRRZGsu+65T217oVCQ4UQURcYJDrSv4CiKEEURXnjhBaAzaTLdp3+J0VLv9evXu4Roo9EwTjBM5VJfh2FoVHZsNBqx/H/2s58Bnb1bvZ4nuR1D+8T6Xj4J235Rl9rffvvtLjfH5Htgfn6+S/ENR1AfgsZ9cXGxa9xheE6YU4au3s4wBJkTmUxdCPWseh2yUUaC3aueb5KZl456vjyZIKk23Lo5mFBMrHSzoTToHtU8KQxDsbq6Kk2wTGUJre2O4wjf94XfsZO2DGcrk8kaOkf0+p3DXMhmmfrM6hzN6Pu+KBQKRjM9MllCxwSuUCjIsvX27FeuatNM8b7vJ5rtUbmWZclybduWtuIwmF2ZIFMsGGy6yexP70OhlK+Oi/q8lEolEQSBbAP1q24bnvSMEhRvqp9qc256Pg5SH/ptmHwKEEnjTmZzJpNB5vSQ/tZkHln0I1DVM+B16AViIgxD4SnnBENxBKJDL6ykvFSCIIg5ELEsS2Sz2S77YqHZJcMggExQm/SLBPHq6uq+Nrv9tF1o5347jtP1Qi9pZ7Hbti08zzPWgyZNatnZbLYrT9FDuf30tV6u67oynXp/Uh+IzgRDffZs5WhdmmyobSLUcdbLoEkF5UfPgDpJonbTZIEu0wSQBHbS74LyTKKf+qjjg06fmsZcdPpfzRvKZJIF+elmRAyTOirDMAzDMF3wnjnDMAzDDDkszBmGYRhmyGFhzjAMwzBDDgtzhmEYhhlyWJgzDMMwzJDDwpxhGIZhhhwW5gzDMAwz5LAwZxiGYZghh4U5wzAMwww5LMwZhmEYZsj5f5XHxhMXgYmwAAAAAElFTkSuQmCC\"\u003e\u003c/p\u003e\n\u003cp\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp;In Table 4, represents dataset contains 1,543 safe processes, 763 malicious ones, and 286 suspected cases, 280 of which were confirmed as malware. The detection accuracy is 97.90 %.\u003c/p\u003e\n\u003cp\u003eTable 4. Final Results\u003c/p\u003e\n\u003cdiv align=\"Left\"\u003e\n \u003ctable border=\"1\" cellspacing=\"0\" cellpadding=\"0\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003eTypes of process\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003eDataset\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eWhite listed process\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e1543\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eBlack listed Process\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e763\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eSuspected malware\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e286\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003eMalware detected\u0026nbsp;\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e280\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003eAccuracy\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003ctd valign=\"top\"\u003e\n \u003cp\u003e\u003cstrong\u003e97.90%\u003c/strong\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n \u003c/table\u003e\n\u003c/div\u003e\n"},{"header":"5. Conclusion","content":"\u003cp\u003e \u003cdiv class=\"BlockQuote\"\u003e \u003cp\u003eThe research that has been implemented demonstrated that it is possible to create and apply a more efficient system-level monitoring procedure with a view to classifying different types of malwares. Built an effective working tool the proposed alternative approach to enhance their identification, accuracy, and efficiency while properly using resources by addressing the objectives and finding an optimal balance between them. Thus, given that the threat landscape is dynamic in terms of new malware type appearance and adaptation, constant monitoring, evaluation, and tweaking of the system will be needed to maintain the positive outcome observed in the study. By providing a strategy to enhance the skills of identifying malware in cybersecurity, this research contributes to the field of cybersecurity that eliminates the ability of the criminals to gain stored information and sensitive data in the future.\u003c/p\u003e \u003c/div\u003e \u003c/p\u003e"},{"header":"6. Future Work","content":"\u003cp\u003eMonitoring at the system level typically relies on known malware behaviors or signatures. Zero-day exploits are unique, previously unknown vulnerabilities that may be difficult to detect Extensive monitoring has the potential to compromise host system performance by using a significant number of resources. It is challenging to achieve a balance between system efficiency and the need for monitoring. It's tough to reduce false positives while\u003c/p\u003e \u003cp\u003emaintaining high detection rates. Malware may range in sophistication from simple Trojans to complicated APTs. Privacy Issues: Extensive observation of system activities may raise privacy concerns, particularly with regard to corporate settings or user data. Finding the perfect mix between privacy and security is a never-ending challenge.\u003c/p\u003e"},{"header":"Declarations","content":"\u003ch2\u003eAcknowledgement\u003c/h2\u003e \u003cp\u003eMr. Tukkappa K. Gundoor would like to express his gratitude to the Department of Science and Technology of Karnataka (DST) for supporting our research with Ph.D. fellowship No. Fellowship/PHY-02:2020-21/199.\u003c/p\u003e"},{"header":"References","content":"\u003col\u003e\n \u003cli\u003eR. Goosen, A. Rontojannis, S. Deutscher, J. Rogg, W. Bohmayr, and D. Mkrtchian, \u0026ldquo;Artificial Intelligence Is a Threat to Cybersecurity. It\u0026rsquo;s Also a Solution.,\u0026rdquo; \u003cem\u003eBCG Bost. Consult. Gr.\u003c/em\u003e, p. 6, 2018, [Online]. Available: http://imagesrc.bcg.com/Images/BCG-Artificial-Intelligence-Is-a-Threat-to Cyber-Security-Its-Also-a-Solution-Nov-2018_tcm9-207468.pdf.\u003c/li\u003e\n \u003cli\u003eSymantec, \u0026ldquo;The Evolution of Emotet: From Banking Trojan to Threat Distributor,\u0026rdquo;\u0026nbsp;\u003cem\u003eSymantec Blog\u003c/em\u003e, pp. 1\u0026ndash;6, 2018,[Online]. Available:https://symantecenterpriseblogs.security.com/blogs/threatintelligence/\u003cbr\u003eevolutionemotettrojandistributor%https://www.symantec.com/blogs/threatintelligence/evolution-emotet-trojan-distributor.\u003c/li\u003e\n \u003cli\u003eN. Akhtar and A. Mian, \u0026ldquo;Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey,\u0026rdquo; \u003cem\u003eIEEEAccess\u003c/em\u003e, vol. 6, pp. 14410\u0026ndash;14430, 2018, doi: 10.1109/ACCESS.2018.2807385.\u003c/li\u003e\n \u003cli\u003eM. Mays, N. Drabinsky, and S. Brandle, \u0026ldquo;Feature selection for malware classification,\u0026rdquo; \u003cem\u003e28th Mod. Artif. Intell. Cogn.Sci. Conf. MAICS 2017\u003c/em\u003e, pp. 165\u0026ndash;170, 2017.\u003c/li\u003e\n \u003cli\u003eY. Wang and J. Zheng, \u0026ldquo;An Evaluation of One-Class Feature Selection and Classification for Zero-Day Android\u003c/li\u003e\n \u003cli\u003eMalware Detection,\u0026rdquo; \u003cem\u003eAdv. Intell. Syst. Comput.\u003c/em\u003e, vol. 1134, no. Itng, pp. 105\u0026ndash;111, 2020, doi: 10.1007/978-3-030-43020-7_15.\u003c/li\u003e\n \u003cli\u003eA. Sharma and S. K. Sahay, \u0026ldquo;An effective approach for classification of advanced malware with high accuracy,\u0026rdquo; \u003cem\u003eInt.J. Secur. its Appl.\u003c/em\u003e, vol. 10, no. 4, pp. 249\u0026ndash;266, 2016, doi: 10.14257/ijsia.2016.10.4.24.\u003c/li\u003e\n \u003cli\u003eS. Soviany, A. Scheianu, G. Suciu, A. Vulpe, O. Fratu, and C. Istrate, \u0026ldquo;Android Malware Detection and Crypto-Mining Recognition Methodology with Machine Learning,\u0026rdquo; \u003cem\u003eProc. - 16th Int. Conf. Embed. Ubiquitous Comput. EUC2018\u003c/em\u003e, pp. 14\u0026ndash;21, 2018, doi: 10.1109/EUC.2018.00010.\u003c/li\u003e\n \u003cli\u003eA. Chakraborty, M. Alam, V. Dey, A. Chattopadhyay, and D. Mukhopadhyay, \u0026ldquo;Adversarial Attacks and Defences: A Survey,\u0026rdquo; vol. x, no. x, 2018, [Online]. Available: http://arxiv.org/abs/1810.00069.\u003c/li\u003e\n \u003cli\u003eA. Jain and A. K. Singh, \u0026ldquo;Integrated Malware analysis using machine learning,\u0026rdquo; \u003cem\u003e2nd Int. Conf. Telecommun. Networks, TEL-NET 2017\u003c/em\u003e, vol. 2018-Janua, pp. 1\u0026ndash;8, 2018, doi: 10.1109/TEL-NET.2017.8343554.\u003c/li\u003e\n \u003cli\u003eA. Vasudevan, \u0026ldquo;MalTRAK: Tracking and eliminating unknown malware,\u0026rdquo; \u003cem\u003eProc. - Annu. Comput. Secur. Appl. Conf.ACSAC\u003c/em\u003e, pp. 311\u0026ndash;321, 2008, doi: 10.1109/ACSAC.2008.44.\u003c/li\u003e\n \u003cli\u003eP. Wrench and B. Irwin, \u0026ldquo;A sandbox-based approach to the deobfuscation and dissection of PHP-based malware,\u0026rdquo;\u003cem\u003eSAIEE Africa Res. J.\u003c/em\u003e, vol. 106, no. 2, pp. 46\u0026ndash;63, 2015, doi: 10.23919/saiee.2015.8531886.\u003c/li\u003e\n \u003cli\u003eS. Harnmetta and S. Ngamsuriyaroj, \u0026ldquo;Classification of Exploit-Kit behaviors via machine learning approach,\u0026rdquo; \u003cem\u003eInt.Conf. Adv. Commun. Technol. ICACT\u003c/em\u003e, vol. 2018-Febru, pp. 468\u0026ndash;473, 2018, doi: 10.23919/ICACT.2018.8323798.\u003c/li\u003e\n \u003cli\u003eSudhakar and S. Kumar, \u0026ldquo;An emerging threat Fileless malware: a survey and research challenges,\u0026rdquo; \u003cem\u003eCybersecurity\u003c/em\u003e,vol. 3, no. 1, 2020, doi: 10.1186/s42400- 019-0043-x.\u003c/li\u003e\n \u003cli\u003eR. Sun \u003cem\u003eet al.\u003c/em\u003e, \u0026ldquo;The dose makes the poison - Leveraging uncertainty for effective malware detection,\u0026rdquo; \u003cem\u003e2017 IEEEConf. Dependable Secur. Comput.\u003c/em\u003e, pp. 123\u0026ndash;130, 2017, doi: 10.1109/DESEC.2017.8073803.\u003c/li\u003e\n \u003cli\u003eS. K. Shaukat and V. J. Ribeiro, \u0026ldquo;RansomWall: A layered defense system against cryptographic ransomware attacksusing machine learning,\u0026rdquo; \u003cem\u003e2018 10th Int. Conf. Commun. Syst. Networks, COMSNETS 2018\u003c/em\u003e, vol. 2018-Janua, pp. 356\u0026ndash;363, 2018, doi: 10.1109/COMSNETS.2018.8328219.\u003c/li\u003e\n \u003cli\u003eM. N. Arefi \u003cem\u003eet al.\u003c/em\u003e, \u0026ldquo;FAROS: Illuminating In-memory injection attacks via Provenance-Based Whole-Systemdynamic information flow tracking,\u0026rdquo; \u003cem\u003eProc. - 48th Annu. IEEE/IFIP Int. Conf. Dependable Syst. Networks, DSN 2018\u003c/em\u003e,pp. 231\u0026ndash;242, 2018, doi: 10.1109/DSN.2018.00034.\u003c/li\u003e\n \u003cli\u003eV. Koutsokostas \u003cem\u003eet al.\u003c/em\u003e, \u0026ldquo;Invoice #31415 attached: Automated analysis of malicious Microsoft Office documents,\u0026rdquo;\u003cem\u003eComput. Secur.\u003c/em\u003e, vol. 114, p. 102582, 2022, doi: 10.1016/j.cose.2021.102582.\u003c/li\u003e\n \u003cli\u003eZ. Ning and F. Zhang, \u0026ldquo;Hardware-Assisted Transparent Tracing and Debugging on ARM,\u0026rdquo; \u003cem\u003eIEEE Trans. Inf.Forensics Secur.\u003c/em\u003e, vol. 14, no. 6, pp. 1595\u0026ndash;1609, 2019, doi: 10.1109/TIFS.2018.2883027.\u003c/li\u003e\n \u003cli\u003e\u0026ldquo;Preventing fileless attacks with ጷ Cyber Protection What is a fileless attack.\u0026rdquo;[20] \u0026ldquo;Case study : the tale of one Emotet infection,\u0026rdquo; no. October, 2020.\u003c/li\u003e\n \u003cli\u003eI. Kazoleas and P. Karampelas, \u0026ldquo;A novel malicious remote administration tool using stealth and self-defense techniques,\u0026rdquo; \u003cem\u003eInt. J. Inf. Secur.\u003c/em\u003e, no. 0123456789, 2021, doi: 10.1007/s10207-021-00559-2.\u003c/li\u003e\n \u003cli\u003eB. N. Sanjay, D. C. Rakshith, R. B. Akash, and V. V. Hegde, \u0026ldquo;An Approach to Detect Fileless Malware and Defend its Evasive mechanisms,\u0026rdquo; \u003cem\u003eProc. 2018 3rd Int. Conf. Comput. Syst. Inf. Technol. Sustain. Solut. CSITSS 2018\u003c/em\u003e, pp.234\u0026ndash;239, 2018, doi: 10.1109/CSITSS.2018.8768769.\u003c/li\u003e\n \u003cli\u003eD. J. Miller, X. Hu, Z. Xiang, and G. Kesidis, \u0026ldquo;A Mixture Model Based Defense for Data Poisoning Attacks Against Naive Bayes Spam Filters,\u0026rdquo; pp. 1\u0026ndash;11, 2018, [Online].Available:http://arxiv.org/abs/1811.00121.\u003c/li\u003e\n \u003cli\u003eG. H. S. Carvalho, I. Woungang, A. Anpalagan, I. Traore, and L. Barolli, \u0026ldquo;Malware Detection Using Machine Learning Models,\u0026rdquo; \u003cem\u003eAdv. Intell. Syst. Comput.\u003c/em\u003e, vol. 1264 AISC, pp. 238\u0026ndash;246, 2021, doi: 10.1007/978-3-030-57811-4_22.\u003c/li\u003e\n \u003cli\u003eF. L. Levesque, A. Somayaji, D. Batchelder, and J. M. Fernandez, \u0026ldquo;Measuring the health of antivirus ecosystems,\u0026rdquo;\u003cem\u003e2015 10th Int. Conf. Malicious Unwanted Software, MALWARE 2015\u003c/em\u003e, pp. 101\u0026ndash;109, 2016, doi:10.1109/MALWARE.2015.7413690.\u003c/li\u003e\n \u003cli\u003eJ. Ju \u003cem\u003eet al.\u003c/em\u003e, Title,\u0026rdquo; \u003cem\u003eJ. Chem. Inf. Model.\u003c/em\u003e, vol. 43, no. 1, p. 7728, 2020, [Online]. Available: https://online210.psych.wisc.edu/wp-ontent/uploads/PSY210_Unit_Materials/PSY210_Unit01_Materials/Frost_Blog_2020.pdf%0Ahttps://www.economist.com/special-report/2020/02/06/china-ismaking substantial-investment-in-ports-and-pipelines-worldwide%0Ahttp://.\u003c/li\u003e\n \u003cli\u003eA. George, \u0026ldquo;Anomaly Detection based on Machine Learning Dimensionality Reduction using PCA and Classification using SVM,\u0026rdquo; \u003cem\u003eInt. J. Comput. Appl.\u003c/em\u003e, vol. 47, no. 21, pp. 5\u0026ndash;8, 2012, doi: 10.5120/7470-0475.\u003c/li\u003e\n \u003cli\u003eA. W. Krumbach and D. P. White, \u0026ldquo;Moisture, Pore Space, and Bulk Density Changes in Frozen Soil,\u0026rdquo; \u003cem\u003eSoil Sci. Soc.Am. J.\u003c/em\u003e, vol. 28, no. 3, pp. 422\u0026ndash;425, 1964, doi: 10.2136/sssaj1964.03615995002800030036x.\u003c/li\u003e\n \u003cli\u003eN. Almakayeel, \u0026ldquo;Deep learning-based improved transformer model on android malware detection and classification in internet of vehicles,\u0026rdquo; \u003cem\u003eSci. Rep.\u003c/em\u003e, vol. 14, no. 1, p. 25175, 2024, doi: 10.1038/s41598-024-74017-z.\u003c/li\u003e\n \u003cli\u003eM. F. Rafique, M. Ali, A. S. Qureshi, A. Khan, and A. M. Mirza, \u0026ldquo;Malware Classification using Deep Learning based Feature Extraction and Wrapper based Feature Selection Technique,\u0026rdquo; pp. 1\u0026ndash;21, 2019,[Online].Available: http://arxiv.org/abs/1910.10958.\u003c/li\u003e\n \u003cli\u003eB. Kc, S. Sapkota, and A. Adhikari, \u0026ldquo;Generative Adversarial Networks in Anomaly Detection and Malware Detection: A Comprehensive Survey,\u0026rdquo; \u003cem\u003eAdv. Artif. Intell. Res.\u003c/em\u003e, vol. 4, no. 1, pp. 18\u0026ndash;35, 2024, doi: 10.54569/aair.1442665.\u003c/li\u003e\n \u003cli\u003eH. Gunduz, \u0026ldquo;Malware detection framework based on graph variational autoencoder extracted embeddings from API call graphs,\u0026rdquo; \u003cem\u003ePeerJ Comput. Sci.\u003c/em\u003e, vol. 8, 2022, doi: 10.7717/PEERJ-CS.988.\u003c/li\u003e\n \u003cli\u003eGundoor, T. K. (2022). IoT-Enabled 5G Networks for Secure Communication. In \u003cem\u003eInformation Security Practices for the Internet of Things, 5G, and Next-Generation Wireless Networks\u003c/em\u003e (pp. 1-29). IGI Global.\u003c/li\u003e\n \u003cli\u003eSridevi, and Tukkappa K Gundoor, \u0026quot;Identifying Nobel Features in Non-Portable Executable Malware Files,\u0026quot; IAENG International Journal of Computer Science, vol. 52, no. 1, pp121-129, 2025\u003c/li\u003e\n \u003cli\u003eT. K. Gundoor and Sridevi, \u0026quot;Identification Of Dominant Features in Non-Portable Executable Malicious File,\u0026quot; 2022 Second International Conference on Computer Science, Engineering and Applications (ICCSEA), Gunupur, India, 2022, pp. 1-6, doi: 10.1109/ICCSEA54677.2022.9936451.\u003c/li\u003e\n \u003cli\u003eSridevi, and Gundoor, T.K. (2024). Artificial Intelligence on Knowledge Management and Industry Revolution 4.0. In Knowledge Management and Industry Revolution 4.0 (eds R. Kumar, V. Jain, V.C. Ibarra, C.A. Talib and V. Kukreja). https://doi.org/10.1002/9781394242641.ch6\u003c/li\u003e\n \u003cli\u003eTukkappa K Gundoor, Dr. Sridevi. (2024). Optimized Feature Selection and classification for Non-Portable Executable Malware. \u003cem\u003eInternational Journal of Communication Networks and Information Security (IJCNIS)\u003c/em\u003e, \u003cem\u003e16\u003c/em\u003e(4), 546\u0026ndash;552. Retrieved from https://ijcnis.org/index.php/ijcnis/article/view/7107\u003c/li\u003e\n \u003cli\u003eGundoor, T. K., Sridevi, \u0026amp; Mulimani, R. (2025). AI-Based Solutions for Malware Detection and Prevention. In M. Almaiah \u0026amp; Y. Maleh (Eds.), \u003cem\u003eMachine Intelligence Applications in Cyber-Risk Management\u003c/em\u003e (pp. 107-134). IGI Global Scientific Publishing. https://doi.org/10.4018/979-8-3693-7540-2.ch006\u003c/li\u003e\n \u003cli\u003eKolhar, A. \u0026amp; Sridevi. (2025). Future Trends and Innovation in Machine Intelligence for Cyber Risk Management. In M. Almaiah \u0026amp; Y. Maleh (Eds.), \u003cem\u003eMachine Intelligence Applications in Cyber-Risk Management\u003c/em\u003e (pp. 415-438). IGI Global Scientific Publishing. https://doi.org/10.4018/979-8-3693-7540-2.ch018.\u003c/li\u003e\n \u003cli\u003eSridevi, and Tukkappa K Gundoor, \u0026quot;ResNet50MalClassifier: Deep Convolutional Neural Networks,\u0026quot; IAENG International Journal of Computer Science, vol. 52, no. 2, pp287-297, 2025.\u003c/li\u003e\n \u003cli\u003eAmrutha Kolhar and Dr Sridevi, \u0026ldquo;optimizing iot for secure authentication and interoperability: api frameworks using rolling code pattern\u0026quot; vol. 14, issue 03, March, 2025, doi: 10.48047/IJIEMR/V14/ISSUE 03/23.\u003c/li\u003e\n \u003cli\u003eSridevi \u0026amp; Kolhar, A. (2025). Machine Learning Algorithms and IoT Sensors for Securing the Networks. In Minakshi, A. Bijalwan, \u0026amp; T. Kumar (Eds.), \u003cem\u003eExploiting Machine Learning for Robust Security\u003c/em\u003e (pp. 183-210). IGI Global Scientific Publishing. https://doi.org/10.4018/979-8-3693-7758-1.ch009\u003c/li\u003e\n \u003cli\u003eSridevi, Gundoor, T. K., \u0026amp; Mulimani, R. (2025). Integrating Machine Learning Techniques for Comprehensive Malware Classification. In Minakshi, A. Bijalwan, \u0026amp; T. Kumar (Eds.), \u003cem\u003eExploiting Machine Learning for Robust Security\u003c/em\u003e (pp. 165-182). IGI Global Scientific Publishing.https://doi.org/10.4018/979-8-3693-7758-1.ch008\u003c/li\u003e\n \u003cli\u003eSridevi \u0026amp; Kolhar, A. (2025). Energy-Efficiency Strategies for Wireless Sensor Networks in IoT. In A. Sathio, M. Rind, S. Awan, \u0026amp; A. Junejo (Eds.), \u003cem\u003eEnergy-Efficient Deep Learning Approaches in IoT, Fog, and Green Blockchain Revolution\u003c/em\u003e (pp. 167-192). IGI Global Scientific Publishing. https://doi.org/10.4018/979-8-3373-0300-0.ch006\u003c/li\u003e\n\u003c/ol\u003e"}],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":true,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":false,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":false,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"
[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Blacklist, Classification, Malware, Monitoring, Process, Whitelist","lastPublishedDoi":"10.21203/rs.3.rs-6638667/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-6638667/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eThis research focuses on an investigation for the effective systemic optimization of malware detection and classification. Previously used recognizable attacks to eliminate, undesirable programs which do not protect against new and polymorphic viruses, that can lead to heightened suspectability. The investigation intends to propose solutions that use specific method related to feature extraction resulting in reduced dimensions and during detection of anomalies to ease identification of system-level events i.e. file/process events. The objectives were framed as a part of research work, these approaches use various technologies defining workflow that contains two operations, namely whitelisting and blacklisting processes. Additionally, a GUI that shows processes in the state of running, asleep and idle. These processes probabilistically are identified as malicious and harmful viruses. Work is to achieve precision on the current literature and applies to prior work done on the constraints of zero-day threats, false alarms, memory/resource consuming processes that are tackled with conventional antivirus software. The downside of inaccurate detection and limited insight into the system architecture posed heuristic challenges that were experimented during this research critically impinging on the operating system services and potentially aims to address these issues by integrating a system-level monitoring interface that improved malware classification rate and optimized accuracy within stipulated time-frame.\u003c/p\u003e","manuscriptTitle":"Amplified System-Level Malware Classification: Leveraging Process Monitoring of Healthy and Malicious Files","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2025-05-14 06:35:29","doi":"10.21203/rs.3.rs-6638667/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"
[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"d41a1bfb-a082-42ac-8ae5-01c57b727d4c","owner":[],"postedDate":"May 14th, 2025","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[],"tags":[],"updatedAt":"2025-05-14T06:35:29+00:00","versionOfRecord":[],"versionCreatedAt":"2025-05-14 06:35:29","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-6638667","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-6638667","identity":"rs-6638667","version":["v1"]},"buildId":"8U1c8b4HqxoKbykW_rLl7","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}
Text is read by the "Ask this paper" AI Q&A widget below.
Extraction quality varies by source — PMC NXML preserves structure
cleanly, OA-HTML may include some navigation residue, and OA-PDF can
have broken hyphenation. The publisher copy
(via DOI)
is the canonical version.