Independent malware detection architecture

What is claimed is: 1. A non-transitory computer-readable medium having stored thereon a plurality of software instructions that, when executed by a processor, causes: training, by a training device, a rule-based model, a functional-based model, or a deep learning-based model from a memory snapshot of a malware free operating state of a monitored device; extracting, by an extractor device, a feature set from a second memory snapshot captured from an operating state of the monitored device, wherein the feature set is stored in a feature vector; processing, by an evaluator device, the feature set by the rule-based model, the functional-based model, or the deep learning-based model; and identifying, by a detector device based on a malware classification, a malware on the monitored device, without processing data identifying an operating system of the monitored device or data associated with a prior identification of the malware or data identifying a source of the malware or data identifying a location of the malware on the monitored device; wherein the processing of the feature set comprises executing a principal component analysis that identifies a plurality of features in the feature vector that are most significant to the malware classification. 2. The non-transitory computer-readable medium of claim 1 where the monitored device comprises a cluster that comprises a group of independent computers that operate and appear to a client device as if they are a single computer. 3. The non-transitory computer-readable medium of claim 1 where the memory snapshot of the malware free operating state of the monitored device is generated from one or more non-malicious software applications running in a normal operating state. 4. The non-transitory computer-readable medium of claim 1 where the software that causes the system to train causes the system to train the rule-based model, the functional based model, and the deep learning-based model from the memory snapshot of the malware free operating state of the monitored device. 5. The non-transitory computer-readable medium of claim 1 where the software that causes the system to process the feature set processes the rule-based model, the functional-based model, and the deep learning-based model. 6. The non-transitory computer-readable medium of claim 1 where the plurality of software instructions further causes the processor to remove a null byte from the memory snapshot of the malware free operating state of the monitored device. 7. The non-transitory computer-readable medium of claim 1 where the plurality of software instructions further causes the processor to remove a null byte from the memory snapshot of the malware free operating state of the monitored device before the training device trains the rule-based model, the functional based model, or the deep learning-based model from the memory snapshot of the malware free operating state of the monitored device. 8. The non-transitory computer-readable medium of claim 7 where the plurality of software instructions further causes the processor to remove a plurality of redundant pages from the memory snapshot of the malware free operating state of the monitored device before the training device trains the rule-based model, the functional based model, or the deep learning-based model from the memory snapshot of the malware free operating state of the monitored device. 9. The non-transitory computer-readable medium of claim 1 where the memory snapshot of the malware free operating state of the monitored device comprises a plurality of extracted images form the monitored device comprising a plurality of dimensions. 10. The non-transitory computer-readable medium of claim 1 where the rule-based model comprises a classifier that minimize a loss function of a plurality of preceding classification stages when an output of a subsequent classifier is added to the preceding classification stages. 11. The non-transitory computer-readable medium of claim 1 further comprising remediating the monitored device by monitoring a computing session of the monitored device and quarantining the monitored device from a network when the computing session expires. 12. The non-transitory computer-readable medium of claim 1 further comprising generating training data indicative of a potential infectious state of the monitored device without identifying the malware. 13. The non-transitory computer-readable medium of claim 1 where the identifying, by a detector device, occurs in real-time and the extracting, by the extractor device, a feature set from the memory snapshot occurs after a malware infection occurs but before the malware forces the monitored device into a noticeable compromised state. 14. A method of detecting malware, comprising: training, by a training device, a rule-based model, a functional-based model, or a deep learning-based model from a memory snapshot of a malware free operating state of a monitored device; extracting, by an extractor device, a feature set from a second memory snapshot captured from an operating state of the monitored device, wherein the feature set is stored in a feature vector; processing, by an evaluator device, the feature set by the rule-based model, the functional-based model, or the deep learning-based model; and identifying, by a detector device based on a malware classification, a malware on the monitored device, without processing data identifying an operating system of the monitored device or data associated with a prior identification of the malware or data identifying a source of the malware or data identifying a location of the malware on the monitored device; wherein the processing of the feature set comprises executing a principal component analysis that identifies a plurality of features in the feature vector that are most significant to the malware classification. 15. The method of claim 14 where the monitored device comprises a cluster that comprises a group of independent servers that operate and appear to a client device as if they are a single computer. 16. The method of claim 14 where the memory snapshot of the malware free operating state of the monitored device is generated from one or more non-malicious software applications running in a normal operating state. 17. A method of detecting malware, comprising: training, by a training device, a rule-based model, a functional-based model, or a deep learning-based model from a memory snapshot of a malware free operating state of a monitored device; extracting, by an extractor device, a feature set from a second memory snapshot captured from an operating state of the monitored device; processing, by an evaluator device, the feature set by the rule-based model, the functional-based model, or the deep learning-based model; and identifying, by a detector device, a malware on the monitored device, without processing data identifying an operating system of the monitored device or data associated with a prior identification of the malware or data identifying a source of the malware or data identifying a location of the malware on the monitored device; where the method trains the rule-based model, the functional based model, and the deep learning-based model from the memory snapshot of the malware comprise free operating states of the monitored device and the deep learning model's hyperparameters are tuned by a Bayes rule. 18. A system that detects malware, comprising: a training device that trains a rule-based model, a functional-based model, and a deep learning-based model from a me