{"id":"https://openalex.org/W4415818549","doi":"https://doi.org/10.3390/computers14110467","title":"Efficient Image-Based Memory Forensics for Fileless Malware Detection Using Texture Descriptors and LIME-Guided Deep Learning","display_name":"Efficient Image-Based Memory Forensics for Fileless Malware Detection Using Texture Descriptors and LIME-Guided Deep Learning","publication_year":2025,"publication_date":"2025-11-01","ids":{"openalex":"https://openalex.org/W4415818549","doi":"https://doi.org/10.3390/computers14110467"},"language":"en","primary_location":{"id":"doi:10.3390/computers14110467","is_oa":true,"landing_page_url":"https://doi.org/10.3390/computers14110467","pdf_url":"https://www.mdpi.com/2073-431X/14/11/467/pdf?version=1761964429","source":{"id":"https://openalex.org/S4210228075","display_name":"Computers","issn_l":"2073-431X","issn":["2073-431X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2073-431X/14/11/467/pdf?version=1761964429","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5066389287","display_name":"Qussai Yaseen","orcid":"https://orcid.org/0000-0003-0777-1871"},"institutions":[{"id":"https://openalex.org/I156983542","display_name":"Jordan University of Science and Technology","ror":"https://ror.org/03y8mtb59","country_code":"JO","type":"education","lineage":["https://openalex.org/I156983542"]},{"id":"https://openalex.org/I182000528","display_name":"Ajman University","ror":"https://ror.org/01j1rma10","country_code":"AE","type":"education","lineage":["https://openalex.org/I182000528"]}],"countries":["AE","JO"],"is_corresponding":true,"raw_author_name":"Qussai M. Yaseen","raw_affiliation_strings":["Department of Information Technology, College of Engineering and Information Technology, Ajman University, Ajman 346, United Arab Emirates","Faculty of Computer and Information Technology, Jordan University of Science and Technology, Irbid 22110, Jordan"],"affiliations":[{"raw_affiliation_string":"Department of Information Technology, College of Engineering and Information Technology, Ajman University, Ajman 346, United Arab Emirates","institution_ids":["https://openalex.org/I182000528"]},{"raw_affiliation_string":"Faculty of Computer and Information Technology, Jordan University of Science and Technology, Irbid 22110, Jordan","institution_ids":["https://openalex.org/I156983542"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5120234826","display_name":"Esraa Oudat","orcid":null},"institutions":[{"id":"https://openalex.org/I156983542","display_name":"Jordan University of Science and Technology","ror":"https://ror.org/03y8mtb59","country_code":"JO","type":"education","lineage":["https://openalex.org/I156983542"]}],"countries":["JO"],"is_corresponding":false,"raw_author_name":"Esraa Oudat","raw_affiliation_strings":["Faculty of Computer and Information Technology, Jordan University of Science and Technology, Irbid 22110, Jordan"],"affiliations":[{"raw_affiliation_string":"Faculty of Computer and Information Technology, Jordan University of Science and Technology, Irbid 22110, Jordan","institution_ids":["https://openalex.org/I156983542"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028958422","display_name":"Monther Aldwairi","orcid":"https://orcid.org/0000-0003-1150-2404"},"institutions":[{"id":"https://openalex.org/I91044093","display_name":"Zayed University","ror":"https://ror.org/03snqfa66","country_code":"AE","type":"education","lineage":["https://openalex.org/I91044093"]}],"countries":["AE"],"is_corresponding":false,"raw_author_name":"Monther Aldwairi","raw_affiliation_strings":["College of Technological Innovation, Zayed University, Abu Dhabi 144534, United Arab Emirates"],"affiliations":[{"raw_affiliation_string":"College of Technological Innovation, Zayed University, Abu Dhabi 144534, United Arab Emirates","institution_ids":["https://openalex.org/I91044093"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5004065267","display_name":"F.M.A. Salam","orcid":"https://orcid.org/0000-0002-1025-7868"},"institutions":[{"id":"https://openalex.org/I182000528","display_name":"Ajman University","ror":"https://ror.org/01j1rma10","country_code":"AE","type":"education","lineage":["https://openalex.org/I182000528"]}],"countries":["AE"],"is_corresponding":false,"raw_author_name":"Salam Fraihat","raw_affiliation_strings":["Department of Information Technology, College of Engineering and Information Technology, Ajman University, Ajman 346, United Arab Emirates"],"affiliations":[{"raw_affiliation_string":"Department of Information Technology, College of Engineering and Information Technology, Ajman University, Ajman 346, United Arab Emirates","institution_ids":["https://openalex.org/I182000528"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5066389287"],"corresponding_institution_ids":["https://openalex.org/I156983542","https://openalex.org/I182000528"],"apc_list":{"value":1600,"currency":"CHF","value_usd":1732},"apc_paid":{"value":1600,"currency":"CHF","value_usd":1732},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.46477345,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"14","issue":"11","first_page":"467","last_page":"467"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.4927000105381012,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.4927000105381012,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.4077000021934509,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12357","display_name":"Digital Media Forensic Detection","score":0.02889999933540821,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/discriminative-model","display_name":"Discriminative model","score":0.6017000079154968},{"id":"https://openalex.org/keywords/histogram-of-oriented-gradients","display_name":"Histogram of oriented gradients","score":0.585099995136261},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.5841000080108643},{"id":"https://openalex.org/keywords/feature-extraction","display_name":"Feature extraction","score":0.5268999934196472},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.5049999952316284},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.4794999957084656},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.46950000524520874},{"id":"https://openalex.org/keywords/histogram","display_name":"Histogram","score":0.46869999170303345},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.40310001373291016}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8084999918937683},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.777400016784668},{"id":"https://openalex.org/C97931131","wikidata":"https://www.wikidata.org/wiki/Q5282087","display_name":"Discriminative model","level":2,"score":0.6017000079154968},{"id":"https://openalex.org/C17426736","wikidata":"https://www.wikidata.org/wiki/Q419918","display_name":"Histogram of oriented gradients","level":4,"score":0.585099995136261},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.5841000080108643},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.5268999934196472},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.5049999952316284},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.4794999957084656},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.46950000524520874},{"id":"https://openalex.org/C53533937","wikidata":"https://www.wikidata.org/wiki/Q185020","display_name":"Histogram","level":3,"score":0.46869999170303345},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.4088999927043915},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.40310001373291016},{"id":"https://openalex.org/C47432892","wikidata":"https://www.wikidata.org/wiki/Q831390","display_name":"Wavelet","level":2,"score":0.38029998540878296},{"id":"https://openalex.org/C196216189","wikidata":"https://www.wikidata.org/wiki/Q2867","display_name":"Wavelet transform","level":3,"score":0.3531000018119812},{"id":"https://openalex.org/C46286280","wikidata":"https://www.wikidata.org/wiki/Q2414958","display_name":"Discrete wavelet transform","level":4,"score":0.35019999742507935},{"id":"https://openalex.org/C9417928","wikidata":"https://www.wikidata.org/wiki/Q1070689","display_name":"Image processing","level":3,"score":0.3467999994754791},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.33500000834465027},{"id":"https://openalex.org/C2776151529","wikidata":"https://www.wikidata.org/wiki/Q3045304","display_name":"Object detection","level":3,"score":0.3337000012397766},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3260999917984009},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.32269999384880066},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.31459999084472656},{"id":"https://openalex.org/C75294576","wikidata":"https://www.wikidata.org/wiki/Q5165192","display_name":"Contextual image classification","level":3,"score":0.3091000020503998},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.299699991941452},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.29840001463890076},{"id":"https://openalex.org/C4679612","wikidata":"https://www.wikidata.org/wiki/Q866298","display_name":"Aggregate (composite)","level":2,"score":0.2955000102519989},{"id":"https://openalex.org/C205372480","wikidata":"https://www.wikidata.org/wiki/Q210521","display_name":"Image resolution","level":2,"score":0.29409998655319214},{"id":"https://openalex.org/C59404180","wikidata":"https://www.wikidata.org/wiki/Q17013334","display_name":"Feature learning","level":2,"score":0.2865999937057495},{"id":"https://openalex.org/C87335442","wikidata":"https://www.wikidata.org/wiki/Q2494345","display_name":"Local binary patterns","level":4,"score":0.28349998593330383},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.2833000123500824},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.26429998874664307},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.2500999867916107}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.3390/computers14110467","is_oa":true,"landing_page_url":"https://doi.org/10.3390/computers14110467","pdf_url":"https://www.mdpi.com/2073-431X/14/11/467/pdf?version=1761964429","source":{"id":"https://openalex.org/S4210228075","display_name":"Computers","issn_l":"2073-431X","issn":["2073-431X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:fe9796b590164317959ddf240e32893a","is_oa":true,"landing_page_url":"https://doaj.org/article/fe9796b590164317959ddf240e32893a","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Computers, Vol 14, Iss 11, p 467 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.3390/computers14110467","is_oa":true,"landing_page_url":"https://doi.org/10.3390/computers14110467","pdf_url":"https://www.mdpi.com/2073-431X/14/11/467/pdf?version=1761964429","source":{"id":"https://openalex.org/S4210228075","display_name":"Computers","issn_l":"2073-431X","issn":["2073-431X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320330328","display_name":"Ajman University","ror":"https://ror.org/01j1rma10"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4415818549.pdf"},"referenced_works_count":26,"referenced_works":["https://openalex.org/W2010065958","https://openalex.org/W2282821441","https://openalex.org/W2579276500","https://openalex.org/W2752801770","https://openalex.org/W2769312722","https://openalex.org/W2784097977","https://openalex.org/W2894211014","https://openalex.org/W2900633536","https://openalex.org/W3013896538","https://openalex.org/W3118382796","https://openalex.org/W3155521256","https://openalex.org/W3169281546","https://openalex.org/W3204051164","https://openalex.org/W4205473597","https://openalex.org/W4293414950","https://openalex.org/W4303982438","https://openalex.org/W4307570965","https://openalex.org/W4311045424","https://openalex.org/W4321021238","https://openalex.org/W4327952342","https://openalex.org/W4327967182","https://openalex.org/W4366150221","https://openalex.org/W4385481489","https://openalex.org/W4396718820","https://openalex.org/W4409985226","https://openalex.org/W4411341475"],"related_works":[],"abstract_inverted_index":{"Memory":[0],"forensics":[1],"is":[2],"an":[3],"essential":[4],"cybersecurity":[5],"tool":[6],"that":[7,20,93,153,187,298],"comprehensively":[8],"examines":[9],"volatile":[10],"memory":[11,34,208],"to":[12,38,198,227,238,250,281,286],"detect":[13],"the":[14,52,68,86,203,223,232,246,262,266,282,288,291,299,305,308],"malicious":[15],"activity":[16],"of":[17,54,70,131,172,207,245,255,290,307,318],"fileless":[18,79],"malware":[19,80,96],"can":[21],"bypass":[22],"disk":[23],"analysis.":[24],"Image-based":[25],"detection":[26,58],"techniques":[27],"provide":[28],"a":[29,184,315],"promising":[30],"solution":[31],"by":[32,43,310],"visualizing":[33],"data":[35,56],"into":[36,97],"images":[37,224,247,252,274],"be":[39],"used":[40],"and":[41,47,59,75,91,100,112,121,129,135,144,174,201,218,231,265,277],"analyzed":[42],"image":[44,83,155],"processing":[45,175],"tools":[46],"machine":[48],"learning":[49,196],"methods.":[50],"However,":[51],"effectiveness":[53,289],"image-based":[55],"for":[57],"classification":[60,316],"requires":[61],"high":[62],"computational":[63,168],"efforts.":[64],"This":[65],"paper":[66,108,182],"investigates":[67],"efficacy":[69],"texture-based":[71],"methods":[72],"in":[73,170,259],"detecting":[74],"classifying":[76],"memory-resident":[77],"or":[78],"using":[81,275],"different":[82],"resolutions,":[84],"identifying":[85],"best":[87],"feature":[88,159],"descriptors,":[89,114],"classifiers,":[90],"resolutions":[92],"accurately":[94],"classify":[95],"specific":[98],"families":[99],"differentiate":[101],"them":[102],"from":[103],"benign":[104],"software.":[105],"Moreover,":[106],"this":[107,179,181],"uses":[109],"both":[110],"local":[111,116],"global":[113,136],"where":[115],"descriptors":[117,137,160],"include":[118,138],"Oriented":[119,132],"FAST":[120],"Rotated":[122],"BRIEF":[123],"(ORB),":[124],"Scale-Invariant":[125],"Feature":[126],"Transform":[127,141],"(SIFT),":[128],"Histogram":[130],"Gradients":[133],"(HOG)":[134],"Discrete":[139],"Wavelet":[140],"(DWT),":[142],"GIST,":[143],"Gray":[145],"Level":[146],"Co-occurrence":[147],"Matrix":[148],"(GLCM).":[149],"The":[150,210,243,269,295],"results":[151,296],"indicate":[152],"as":[154],"resolution":[156],"increases,":[157],"most":[158,204],"yield":[161],"more":[162],"discriminative":[163],"features":[164,313],"but":[165],"require":[166],"higher":[167],"efforts":[169],"terms":[171],"time":[173],"resources.":[176],"To":[177],"address":[178],"challenge,":[180],"proposes":[183],"novel":[185],"approach":[186],"integrates":[188],"Local":[189],"Interpretable":[190],"Model-agnostic":[191],"Explanations":[192],"(LIME)":[193],"with":[194,253,314],"deep":[195],"models":[197],"automatically":[199],"identify":[200],"crop":[202],"important":[205,312],"regions":[206],"images.":[209],"LIME\u2019s":[211],"ROI":[212],"was":[213,235],"extracted":[214],"based":[215],"on":[216,320],"ResNet50":[217,276],"MobileNet":[219,278,301],"models\u2019":[220],"predictions":[221],"separately,":[222],"were":[225],"resized":[226],"128":[228],"\u00d7":[229,257],"128,":[230],"sampling":[233],"process":[234],"performed":[236],"dynamically":[237],"speed":[239],"up":[240],"LIME":[241],"computation.":[242],"ROIs":[244],"are":[248,279],"cropped":[249,273],"new":[251],"sizes":[254],"(100":[256],"100)":[258],"two":[260,270],"stages:":[261],"coarse":[263],"stage":[264],"fine":[267],"stage.":[268],"generated":[271],"LIME-based":[272,292,300],"fed":[280],"lightweight":[283],"neural":[284],"network":[285],"evaluate":[287],"identified":[293],"regions.":[294],"demonstrate":[297],"model\u2019s":[302],"prediction":[303],"improves":[304],"efficiency":[306],"model":[309],"preserving":[311],"accuracy":[317],"85%":[319],"multi-class":[321],"classification.":[322]},"counts_by_year":[],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-11-03T00:00:00"}