This work addresses malware classification from memory dump data. We systematically evaluate traditional machine learning models (LR, KNN, SVM, DT, RF, XGB), deep learning architectures (RNN, Transformer), and large language models (Gemini in zero-shot and few-shot settings) across diverse feature sets. Our key contribution is the identification—via random forest-based feature selection—of a compact, interpretable set of 45 structured features that achieves an optimal trade-off between accuracy and computational efficiency. Experimental results show that XGB (87.42% accuracy) and RF (87.23%) significantly outperform RNN (66.71%), Transformer (71.59%), and Gemini in both zero-shot (40.65%) and few-shot (48.65%) configurations. These findings demonstrate that, for memory analysis—a high-noise, low-semantic domain—lightweight tree-based models paired with domain-informed, interpretable structured features remain uniquely effective. This provides a practical, resource-efficient pathway for real-time memory forensics in constrained environments.

This study investigates the performance of various classification models for a malware classification task using different feature sets and data configurations. Six models-Logistic Regression, K-Nearest Neighbors (KNN), Support Vector Machines (SVM), Decision Trees, Random Forest (RF), and Extreme Gradient Boosting (XGB)-were evaluated alongside two deep learning models, Recurrent Neural Networks (RNN) and Transformers, as well as the Gemini zero-shot and few-shot learning methods. Four feature sets were tested including All Features, Literature Review Features, the Top 45 Features from RF, and Down-Sampled with Top 45 Features. XGB achieved the highest accuracy of 87.42% using the Top 45 Features, outperforming all other models. RF followed closely with 87.23% accuracy on the same feature set. In contrast, deep learning models underperformed, with RNN achieving 66.71% accuracy and Transformers reaching 71.59%. Down-sampling reduced performance across all models, with XGB dropping to 81.31%. Gemini zero-shot and few-shot learning approaches showed the lowest performance, with accuracies of 40.65% and 48.65%, respectively. The results highlight the importance of feature selection in improving model performance while reducing computational complexity. Traditional models like XGB and RF demonstrated superior performance, while deep learning and few-shot methods struggled to match their accuracy. This study underscores the effectiveness of traditional machine learning models for structured datasets and provides a foundation for future research into hybrid approaches and larger datasets.