Aptisi Transactions on Management
Vol 10 No 2 (2026): ATM (APTISI Transactions on Management: May)

Audit Driven Evaluation of Carrier Style Memory Malware Detection Under Obfuscation and Adversarial Attacks

Syamsu Hidayat (University of Amikom Yogyakarta)
Kusrini Kusrini (University of Amikom Yogyakarta)
Ema Utami (University of Amikom Yogyakarta)
Arief Setyanto (University of Amikom Yogyakarta)
Kristina Vaher (Ilearning Incorporation)

Article Info

Publish Date
30 May 2026

Abstract

This study evaluates Carrier-style memory malware detection under obfuscation using a reproducible, audit-driven protocol for verifiable reporting. We reproduce a stacking pipeline (Naive Bayes, Random Forest, Decision Tree with a Logistic Regression meta-learner) and benchmark it against strong single-model baselines. To limit leakage, we apply exact deduplication, train-only preprocessing, and group-disjoint splitting with explicit overlap checks, and we report dataset difficulty diagnostics to interpret near-ceiling results. Transfer is tested via cross-collection evaluation on the shared feature intersection between Obfuscated MalMem2022 and MemMalDet 2024, separating a low-shift validation setting from a higher-shift stress setting to keep generalization claims bounded. Robustness is assessed under a feasibility-preserving feature-space threat model with empirical bounds, non-negativity, and integer rounding, using a coordinate-search attack on the clean-correct subset across L0 budgets B=1,3,5, and 10 with confidence intervals. On obfuscated MalMem2022, Random Forest achieves 99.99% Accuracy, 99.99% F1, and 1.00 AUC, while the Carrier-style stack reaches 99.92% Accuracy, 99.92% F1, and 1.00 AUC, with no meaningful improvement over the best single model. Cross-collection validation yields F1 = 99.98 and AUC = 1.0, consistent with low-shift stability under aligned features rather than broad domain generalization. At B=10, ASR is 0.03 (95% CI: 0.0138–0.0639), and baseline defenses show clean-versus-robust trade-offs without consistent ASR reduction. We release four reusable artifacts an audit table, a leakage ablation matrix, a shift-aware cross-collection report, and robustness curves with confidence intervals.

Copyrights © 2026




Citation Download
RIS
EndNote, Reference Manager, ProCite
BibTex
Latex, Jabref
Original Source
Download Original
Google Scholar
Check in Google Scholar
Journal Info
Aptisi Transactions on Management
Website

Abbrev

ATM

Publisher

Pandawan Sejahtera Indonesia

Subject

Computer Science & IT Decision Sciences, Operations Research & Management

Description

Aptisi Transactions on Management (ATM) adalah jurnal ilmiah yang diterbitkan oleh APTISI (Asosiasi Perguruan Tinggi Swasta Indonesia), guna memfasilitasi hasil jurnal ilmiah Civitas Akademika dalam bidang teknologi informasi, komunikasi, dan manajemen dalam menghadapi era digital di Indonesia. ATM ...