Privacy-Preserving Federated Malware Detection Using Memory and Behavioral Features
Ammar Odeh*, Osama Alhaj Hassan, Anas Abu Taleb
Department of Computer Science, Princess Sumaya University of Technology, Amman, Jordan
* Corresponding Author: Ammar Odeh. Email: 
Computers, Materials & Continua https://doi.org/10.32604/cmc.2026.080940
Received 19 February 2026; Accepted 13 April 2026; Published online 30 April 2026
Abstract
The rapid growth of sophisticated malware and the increasing diversity of computing environments have exposed critical limitations in traditional centralized malware detection systems, particularly in data privacy, scalability, and adaptability. This study proposes a privacy-preserving, collaborative malware-detection framework that leverages federated learning to improve detection accuracy while keeping sensitive data local to participating devices. The objective is to address emerging malware threats by combining behavioral and memory-based analysis within a decentralized learning paradigm. The proposed framework employs federated learning to train a global malware detection model without transferring raw data. Each client locally extracts discriminative features derived from system behavior and memory artifacts, including process activity patterns, memory access characteristics, and runtime indicators. Local deep learning models are trained independently, and only model parameters are shared with a central aggregator, which constructs an optimized global model through iterative parameter aggregation. This approach significantly reduces privacy risks and communication overhead compared to centralized training. Experimental evaluations on benchmark malware datasets demonstrate that the proposed federated approach achieves detection performance comparable to, and in some cases exceeding, that of centralized deep learning models. The results indicate improved robustness against previously unseen malware variants, with high detection accuracy and reduced false positive rates. Furthermore, privacy is preserved throughout the learning process, making the framework suitable for real-world distributed, resource-constrained environments. The findings confirm that federated learning, combined with memory and behavioral feature analysis, provides an effective, privacy-aware solution for modern malware detection. This work contributes to recent advances in cybersecurity by offering a scalable, secure, and practical detection framework that can be deployed across distributed systems, including enterprise networks and edge computing environments.
Keywords
Malware detection; federated learning; privacy-preserving machine learning; memory forensics; behavioral analysis; deep learning; distributed cybersecurity; threat intelligence
Open Access
Login
Register
Submit a Paper
Propose a Special lssue
Download PDF
Downloads
Citation Tools
