VADViT:Vision Transformer-Driven Memory Forensics for Malicious Process Detection and Explainable Threat Attribution

Simple item page
dc.contributor.advisorArash Habibi Lashkari
dc.contributor.authorDehfouli, Yasin
dc.date.accessioned2025-07-23T15:21:16Z
dc.date.available2025-07-23T15:21:16Z
dc.date.copyright2025-05-02
dc.date.issued2025-07-23
dc.date.updated2025-07-23T15:21:15Z
dc.degree.disciplineComputer Science
dc.degree.levelMaster's
dc.degree.nameMSc - Master of Science
dc.description.abstractModern malware's increasing complexity limits traditional signature and heuristic-based detection, necessitating advanced memory forensic techniques. Machine learning offers potential but struggles with outdated feature sets, large memory data handling, and forensic explainability. To address these challenges, we propose VADViT, a vision-based transformer model that detects malicious processes by analyzing Virtual Address Descriptor (VAD) memory regions. VADViT converts these structures into Markov, entropy, and intensity-based images, classifying them using a Vision Transformer (ViT) with self-attention to enhance detection accuracy. We also introduce BCCC-MalMem-SnapLog-2025, a dataset logging process identifier (PID) for precise VAD extraction without dynamic analysis. Experimental results show 99% accuracy in binary classification and a 93% macro-average F1 score in multi-class detection. Additionally, attention-based sorting improves forensic analysis by ranking the most relevant malicious VAD regions, narrowing down the search space for forensic investigators.
dc.identifier.urihttps://hdl.handle.net/10315/43048
dc.languageen
dc.rightsAuthor owns copyright, except where explicitly noted. Please contact the author directly with licensing requests.
dc.subjectArtificial intelligence
dc.subjectComputer science
dc.subjectComputer engineering
dc.subject.keywordsMalware Detection
dc.subject.keywordsMemory Forensics
dc.subject.keywordsVirtual Address Descriptors
dc.subject.keywordsProcess Memory Internals
dc.subject.keywordsVision Transformers
dc.subject.keywordsAttention Visualization
dc.titleVADViT:Vision Transformer-Driven Memory Forensics for Malicious Process Detection and Explainable Threat Attribution
dc.typeElectronic Thesis or Dissertation

Files

Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
Dehfouli_Yasin_2025_MSc.pdf
Size:
6.8 MB
Format:
Adobe Portable Document Format
Download

Collections

ETD SWORD Deposit

All items in the YorkSpace institutional repository are protected by copyright, with all rights reserved except where explicitly noted.