To tackle the challenge posed by the extensive use of obfuscation, packing, encryption, and other means by current malware, which results in numerous variants and decreased identification accuracy alongside increased false negatives and false positives in current detection methods, this paper proposes an intelligent malware detection method utilizing memory opcode genes. This method integrates memory forensics and deep learning technologies. It captures the opcode sequences left in memory during software execution as key behavioral features, referred to as “memory opcode genes” and develops a model based on a Transformer-enhanced Graph Convolutional Network (TFGCN) to extract deep semantic and structural relationships within the opcode sequences. Experimental results on a public dataset indicate that the proposed method achieves a detection accuracy of 98.09%, a precision of 98.16%, and an F1-score of 0.9809, significantly surpassing traditional baseline methods like N-gram. This research confirms the efficacy of combining memory opcode genes as features with deep learning in malware detection, offering a novel technical approach for the intelligent forensics of highly evasive malware.
Li et al. (Mon,) studied this question.