Search

Your search keyword '"malware"' showing total 34,829 results
Start Over Descriptor "malware"

Refine your results

more »

more »

more »

more »

more »

more »

more »
34,829 results on '"malware"'

201. malC: A Novel Deep Learning Architecture for Malware Classification

Author

Varikuti, Harinadh, Vatsavayi, ValliKumari, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Roy, Nihar Ranjan, editor, Tanwar, Sudeep, editor, and Batra, Usha, editor

Published
2024
Full Text
View/download PDF

204. Collaboration of Intelligent Systems to Improve Information Security

Author

Diao, Lili, Xu, Honglan, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin, Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Wang, Bing, editor, Hu, Zuojin, editor, Jiang, Xianwei, editor, and Zhang, Yu-Dong, editor

Published
2024
Full Text
View/download PDF

205. Detecting IoT Malware Using Federated Learning

Author

Dang, Quang-Vinh, Pham, Thai-Ha, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Nanda, Satyasai Jagannath, editor, Yadav, Rajendra Prasad, editor, Gandomi, Amir H., editor, and Saraswat, Mukesh, editor

Published
2024
Full Text
View/download PDF

207. Analyzing and Detecting Malware Using Machine Learning and Deep Learning

Author

Ait Messaad, Badr, Chetioui, Kaouthar, Balboul, Younes, Rhachi, Hamza, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Farhaoui, Yousef, editor, Hussain, Amir, editor, Saba, Tanzila, editor, Taherdoost, Hamed, editor, and Verma, Anshul, editor

Published
2024
Full Text
View/download PDF

208. Using Page Offsets for Detecting Control-Flow Anomalies

Author

Varan, Engincan, Hanifi, Khadija, Erdemli, Aysegul Rana, Unal, Musa, Tat, Yunus Emre, Tekinoglu, Dilara, Cetin, Orcun, Fuladi, Ramin, Yilmaz, Cemal, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Manulis, Mark, editor, Maimuţ, Diana, editor, and Teşeleanu, George, editor

Published
2024
Full Text
View/download PDF

209. Study of Cyber Threats in IoT Systems

Author

Akhdar, Abir El, Baidada, Chafik, Kartit, Ali, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Swaroop, Abhishek, editor, Polkowski, Zdzislaw, editor, Correia, Sérgio Duarte, editor, and Virdee, Bal, editor

Published
2024
Full Text
View/download PDF

211. Android Malware Detection Using Artificial Intelligence

Author

Masele, Rebecca Kipanga, Khennou, Fadoua, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Lopata, Audrius, editor, Gudonienė, Daina, editor, and Butkienė, Rita, editor

Published
2024
Full Text
View/download PDF

212. Benchmark: Neural Network Malware Classification

Author

Robinette, Preston K., Lopez, Diego Manzanas, Johnson, Taylor T., Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, and Yung, Moti, Editorial Board Member

Published
2024
Full Text
View/download PDF

213. Machine Learning Techniques for Cyber Security: A Review

Author

Rajput, Deeksha, Sharma, Deepak Kumar, Gupta, Megha, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Hassanien, Aboul Ella, editor, Castillo, Oscar, editor, Anand, Sameer, editor, and Jaiswal, Ajay, editor

Published
2024
Full Text
View/download PDF

220. Comparative Study of the Effect of Datasets and Machine Learning Algorithms for PDF Malware Detection

Author

Salman Wiharja, Deden Pradeka, and Wirmanto Suteddy

Subjects
pembelajaran mesin, pdf, malware, random forest, random committee, Telecommunication, TK5101-6720, Computer engineering. Computer hardware, TK7885-7895
Abstract

This research presents an innovative approach to detecting malicious PDFs through machine learning algorithms, focusing on the expansion of the Evasive-PDFMal2022 dataset. The objective is to enhance the accuracy of detecting malicious PDFs by enriching the dataset, augmenting its representation and diversity, and developing a practical tool—a website—for extracting and detecting malicious PDFs. The methodology involves updating and enlarging the dataset with additional malicious PDFs sourced from CVE and Exploit-db, along with non-malicious PDFs from diverse origins. Features are then extracted using the PDFID tool, and these 20 features serve as the foundation for implementing K-Nearest Neighbor (KNN), Random Forest, and Random Committee algorithms. The outcomes demonstrate that the model trained with the expanded dataset achieves a remarkable 99% accuracy, surpassing the performance of models relying solely on the Evasive-PDFMal2022 dataset. Additionally, this research significantly enhances the representation and diversity of the dataset while delivering a practical solution in the form of a website tailored for the extraction and detection of malicious PDFs.

Published
2024
Full Text
View/download PDF

221. EXPERT ADVICE.

Subjects
COMPUTER passwords, USB flash drives, MALWARE, THIRD-party software
Abstract

This article from MacFormat offers expert advice on a variety of topics related to Mac and iOS devices. It covers Apple's efforts to combat malware, including recent actions against adware such as Adload, Pirrit, and Bundlore. The article also addresses questions about upgrading unsupported macOS, manual controls for iPhone cameras, refreshing Fusion Drives, upgrading older Mac Pro models, checking Time Machine backups, and the security of sending sensitive information through Messages. The advice provided is aimed at helping users make informed decisions about their devices. The article includes diagrams and color photos, suggesting a visually engaging format. [Extracted from the article]

Published
2024

222. ASK.

Author

Oakley, Howard

Subjects
PASSWORD software, COMPUTER passwords, MALWARE, USB technology, VIRTUAL machine systems, DATA encryption, IPHONE (Smartphone)
Abstract

The article discusses various tech support and tech explanations related to different topics. It mentions that USB 4 drives and enclosures are capable of higher speeds than Thunderbolt 3, which may lead to lower prices and increased availability. It also explains that deduplication may not be effective on APFS volumes due to the presence of clone files. Additionally, the article provides information on how to extend the battery life of an iPhone and addresses various Mac software issues and solutions. It concludes with quick-fire questions and answers related to file transfer speeds, cleaning iPhone ports, and other Mac-related topics. [Extracted from the article]

Published
2024

223. 7 ANTIVIRUS MYTHS THAT ARE DEAD WRONG.

Author

HOFFMAN, CHRIS

Subjects
*ANTIVIRUS software, *COMPUTER passwords, *PASSWORD software, *MALWARE, *UBUNTU (Operating system), *MYTH
Abstract

Antivirus software is essential for protecting Windows PCs from malware, but there are several myths surrounding it. One myth is that antivirus software needs to be installed on Windows, when in fact Windows already comes with built-in antivirus software called Microsoft Defender. Another myth is that only Windows is vulnerable to malware, but in reality, malware is a problem on all platforms, including Linux and macOS. Additionally, antivirus software does not significantly slow down PCs anymore, and it runs automatically in the background. It is also a myth that antivirus software needs to be manually run, as it scans files automatically. While antivirus software is important, it is not foolproof, and users should not solely rely on it for protection. Other security practices, such as browsing carefully and using strong passwords, are also necessary. There are free antivirus options available, but premium versions offer additional features and protection. [Extracted from the article]

Published
2024

224. Cyber epidemic spread forecasting based on the entropy-extremal dynamic interpretation of the SIR model

Author

Viacheslav Kovtun, Krzysztof Grochla, Mohammed Al-Maitah, Saad Aldosary, and Tetiana Gryshchuk

Subjects
Cyber epidemics, Malware, Forecasting, Small data, Machine learning, Entropy-extreme model, Electronic computers. Computer science, QA75.5-76.95
Abstract

The spread of a cyber epidemic at an early stage is an uncertain process characterized by a small amount of statistically unreliable data. Nonlinear dynamic models, most commonly the SIR model, are widely used to describe such processes. The description of the studied process obtained using this model is sensitive to the initial conditions set and the quality of tuning the controlled parameters based on the results of operational observations, which are inherently uncertain. This article proposes a transition to a stochastic interpretation of the controlled parameters of the SIR model and the introduction of additional stochastic parameters that represent the variability of operational data measurements. The process of estimating the probability density functions of these parameters and noises is implemented as a strict optimization problem. The resulting mathematical apparatus is generalized in the form of two versions of the entropy-extremal adaptation of the SIR model, which are applied to forecast the spread of a cyber epidemic. The first version is focused on estimating the SIR model parameters based on operational data. In contrast, the second version focuses on stochastic modelling of the transmission rate indicator and its impact on forecasting the studied process. The forecasting result represents the average trajectory from the set of trajectories obtained using the authors’ models, which characterize the dynamics of compartment I. The experimental part of the article compares the classical Least Squares method with the authors’ entropy-extremal approach for estimating the SIR model parameters based on etalon data on the spread of the most threatening categories of malware cyber epidemics. The empirical results are characterized by a significant reduction in the Mean Absolute Percentage Error regarding the etalon data over the prediction interval, which proves the adequacy of the proposed approach.

Published
2024
Full Text
View/download PDF

225. Investigation of cyber attacks using post-installation app detection method

Author

Kiran Kumar Mamidi, Kireet Muppavaram, Karuna Gotlur, Sudeepthi Govathoti, Khristina Maksudovna Vafaeva, Anil Kumar Saxena, and Ammar Hameed Shnain

Subjects
Cyber-attacks, malware, post-installation app attacks, fake apps, MITD attacks, smartphones, Engineering (General). Civil engineering (General), TA1-2040
Abstract

The widespread use of smartphones worldwide in recent years has led to a corresponding rise in the number of mobile applications available for Android devices. These apps offer users convenient ways to perform various daily tasks but their proliferation has also created an environment in which attackers can steal sensitive information from smartphones. Insecure options employed by many app developers to create vulnerabilities that can be exploited by the attackers to gain access smartphones’ data. While existing methods can detect malware during an app installation but they do not sufficiently address the post-installation attacks such as fake apps or Man-in-the-Disk (MITD) attacks. The proposed method provide solution to address the post-installation attacks includes data leakage, malware injection, repackaging, reverse engineering, privilege escalation, and UI spoofing. To mitigate this risk, the Post-Installation App Detection Method is proposed to monitor and regulate sensitive information flow and prevent MITD attacks and is achieved 97% accuracy in detection of MITD attacks.

Published
2024
Full Text
View/download PDF

226. Variance of the Infection Number of Heterogeneous Malware Spread in Network.

Author

Guo, Dongchao, Jiao, Libo, Jiao, Jian, and Meng, Kun

Subjects
BIPARTITE graphs, VIRAL transmission, MALWARE, INFECTION, POISSON processes, APPROXIMATION algorithms
Abstract

The Susceptible–Infected–Susceptible (SIS) model in complex networks is one of the critical models employed in the modeling of virus spread. The study of the heterogeneous SIS model with a non-homogeneous nodal infection rate in finite-size networks has attracted little attention. Investigating the statistical properties of heterogeneous SIS epidemic dynamics in finite networks is thus intriguing. In this paper, we focus on the measure of variability in the number of infected nodes for the heterogeneous SIS epidemic dynamics in finite-size bipartite graphs and star graphs. Specifically, we investigate the metastable-state variance of the number of infected nodes for the SIS epidemic process in finite-size bipartite graphs and star graphs with heterogeneous nodal infection rates. We employ an extended individual-based mean-field approximation to analyze the heterogeneous SIS epidemic process in finite-size bipartite networks and star graphs. We derive the approximation solutions of the variance of the infected number. We verify the proposed theory by simulations. The proposed theory has the potential to help us better understand the fluctuations of SIS models like epidemic dynamics with a non-homogeneous infection rate. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

227. PermDroid a framework developed using proposed feature selection approach and machine learning techniques for Android malware detection.

Author

Mahindru, Arvind, Arora, Himani, Kumar, Abhinav, Gupta, Sachin Kumar, Mahajan, Shubham, Kadry, Seifedine, and Kim, Jungeun

Subjects
*FEATURE selection, *MACHINE learning, *MALWARE, *RESEARCH personnel
Abstract

The challenge of developing an Android malware detection framework that can identify malware in real-world apps is difficult for academicians and researchers. The vulnerability lies in the permission model of Android. Therefore, it has attracted the attention of various researchers to develop an Android malware detection model using permission or a set of permissions. Academicians and researchers have used all extracted features in previous studies, resulting in overburdening while creating malware detection models. But, the effectiveness of the machine learning model depends on the relevant features, which help in reducing the value of misclassification errors and have excellent discriminative power. A feature selection framework is proposed in this research paper that helps in selecting the relevant features. In the first stage of the proposed framework, t-test, and univariate logistic regression are implemented on our collected feature data set to classify their capacity for detecting malware. Multivariate linear regression stepwise forward selection and correlation analysis are implemented in the second stage to evaluate the correctness of the features selected in the first stage. Furthermore, the resulting features are used as input in the development of malware detection models using three ensemble methods and a neural network with six different machine-learning algorithms. The developed models' performance is compared using two performance parameters: F-measure and Accuracy. The experiment is performed by using half a million different Android apps. The empirical findings reveal that malware detection model developed using features selected by implementing proposed feature selection framework achieved higher detection rate as compared to the model developed using all extracted features data set. Further, when compared to previously developed frameworks or methodologies, the experimental results indicates that model developed in this study achieved an accuracy of 98.8%. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

228. Malware traffic detection based on type II fuzzy recognition.

Author

Zhang, Weisha, Liu, Jiajia, Peng, Jimin, Liu, Qiang, Yu, Kun, He, Peilin, and Liu, Xiaolei

Subjects
TRAFFIC monitoring, COMPUTER networks, INFORMATION networks, NETWORK PC (Computer), FALSE alarms, MALWARE
Abstract

In recent years, a surge in malicious network incidents and instances of network information theft has taken place, with malware identified as the primary culprit. The primary objective of malware is to disrupt the normal functioning of computers and networks, all the while surreptitiously gathering users' private and sensitive information. The formidable concealment and latency capabilities of malware pose significant challenges to its detection. In light of the operational characteristics of malware, this paper conducts an initial analysis of prevailing malware detection schemes. Subsequently, it extracts fuzzy features based on the distinct characteristics of malware traffic. The approach then integrates traffic detection techniques with Type II fuzzy recognition theory to effectively monitor malware-related traffic. Finally, the paper classifies the identified malware instances according to fuzzy association rules. Experimental results showcase that the proposed method achieves a detection accuracy exceeding 90%, with a remarkably low false alarm rate of approximately 5%. This method adeptly addresses the challenges associated with malware detection, thereby making a meaningful contribution to enhancing our country's cybersecurity. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

229. Multi-variants vision transformer-based malware image classification model using multi-criteria decision-making.

Author

Belal, Mohamad Mulham and Sundaram, Divya Meena

Subjects
*CONVOLUTIONAL neural networks, *TRANSFORMER models, *IMAGE recognition (Computer vision), *VISUAL memory, *MALWARE
Abstract

Visualization-based malware detection gets more and more attention for detecting sophisticated malware that traditional antivirus software may miss. The approach involves creating a visual representation of the memory or portable executable files (PEs). However, most current visualization-based malware classification models focus on convolution neural networks instead of Vision transformers (ViT) even though ViT has a higher performance and captures the spatial representation of malware. Therefore, more research should be performed on malware classification using vision transformers. This paper proposes a multi-variants vision transformer-based malware image classification model using multi-criteria decision-making. The proposed method employs Multi-variants transformer encoders to show different visual representation embeddings sets of one malware image. The proposed architecture contains five steps: (1) patch extraction and embeddings, (2) positional encoding, (3) multi-variants transformer encoders, (4) classification, and (5) decision-making. The variants of transformer encoders are transfer learning-based models i.e., it was originally trained on ImageNet dataset. Moreover, the proposed malware classifier employs MEREC-VIKOR, a hybrid standard evaluation approach, which combines multi-inconsistent performance metrics. The performance of the transformer encoder variants is assessed both on individual malware families and across the entire set of malware families within two datasets i.e., MalImg and Microsoft BIG datasets achieving overall accuracy 97.64 and 98.92 respectively. Although the proposed method achieves high performance, the metrics exhibit inconsistency across some malware families. The results of standard evaluation metrics i.e., Q, R, and U show that TE3 outperform the TE1, TE2, and TE4 variants achieving minimal values equal to 0. Finally, the proposed architecture demonstrates a comparable performance to the state-of-the-art that use CNNs. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

230. Backdoor Attacks Prediction in IIoT Network using Optimal Double Mask Region Convolution Model.

Author

Subramanian, Nalini, Nikkath Bushra, S., Shobana, G., and Radhika, S.

Subjects
*INTERNET of things, *MALWARE, *FORECASTING, *ALGORITHMS, *PERCENTILES
Abstract

The evolution of Industrial Internet of Things (IIoT) applications provides intelligent microservices to process the generated massive data. However, the open and interconnected structure of IIoT makes the network model more vulnerable to malware attacks. Among different kinds of threats, the backdoor attack is considered the main imperceptible attack due to its unobservable and opaque characteristics. Therefore, to accurately predict backdoor attacks in the network model and to mitigate them efficiently, this paper proposes a novel concept named "novel binary knowledge gaining based double mask region convolution (NBG-DRC) model". The main objective of the proposed concept is two-fold: backdoor attack prediction and trigger identification. The backdoor attack prediction module uses a double mask region convolution (DRC) network to predict whether the data is malicious or normal. Subsequently, in the trigger identification phase, the structure and positions of backdoor triggers are identified accurately using the NBG-DRC model. The proposed model uses four different datasets namely CIFAR-10, MNIST, CIFAR-100, and GTSRB for analysis. The efficiency of the proposed NBG-DRC model is examined by comparing its performance rate with other compared techniques in terms of evaluation metrics namely false negative rate, false positive rate, computational overhead, execution time, accuracy, and success rate. The proposed NBG-DRC technique achieves a greater accuracy percentage of about 94% for the CIFAR-10 dataset, 98.7% for the MNIST dataset, 91% for the CIFAR-100 dataset, and 97.23% for the GTSRB dataset. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

231. IPAttributor: Cyber Attacker Attribution with Threat Intelligence-Enriched Intrusion Data.

Author

Xiang, Xiayu, Liu, Hao, Zeng, Liyi, Zhang, Huan, and Gu, Zhaoquan

Subjects
*CYBER intelligence (Computer security), *CYBERTERRORISM, *INTRUSION detection systems (Computer security), *CYBERSPACE, *MALWARE, *ALGORITHMS
Abstract

In the dynamic landscape of cyberspace, organizations face a myriad of coordinated advanced threats that challenge the traditional defense paradigm. Cyber Threat Intelligence (CTI) plays a crucial role, providing in-depth insights into adversary groups and enhancing the detection and neutralization of complex cyber attacks. However, attributing attacks poses significant challenges due to over-reliance on malware samples or network detection data alone, which falls short of comprehensively profiling attackers. This paper proposes an IPv4-based threat attribution model, IPAttributor, that improves attack characterization by merging a real-world network behavior dataset comprising 39,707 intrusion entries with commercial threat intelligence from three distinct sources, offering a more nuanced context. A total of 30 features were utilized from the enriched dataset for each IP to create a feature matrix to assess the similarities and linkage of associated IPs, and a dynamic weighted threat segmentation algorithm was employed to discern attacker communities. The experiments affirm the efficacy of our method in pinpointing attackers sharing a common origin, achieving the highest accuracy of 88.89%. Our study advances the relatively underexplored line of work of cyber attacker attribution, with a specific interest in IP-based attribution strategies, thereby enhancing the overall understanding of the attacker's group regarding their capabilities and intentions. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

232. Towards a semi-automatic classifier of malware through tweets for early warning threat detection.

Author

Lanza, Claudia and Lodi, Lorenzo

Subjects
*MICROBLOGS, *MALWARE, *NATURAL language processing, *DATABASES, *INFORMATION retrieval
Abstract

This paper presents a method for developing a malware ontology structure by detecting malware instances on Twitter. The ontology represents a semi-automatic classifier fed by the data extracted from tweets. In particular, the automatic part of the presented methodology relies on a pattern-based approach to detect trigger expressions leading to new information about malware, whilst the manual one covers the evaluation of the results by domain-experts, who also validate the reliability of the semantic relationships within the ontology framework. We present preliminary results on the application of our methodology to tweets extracted from MalwareBazaar database showing how the documents’ collection analysis, through Natural Language Processing (NLP) tasks, can support the knowledge retrieval and documents’ classification procedures for building early warning system of detected malware. Results obtained from this research paper within the time framework of 2023 are referred to the previous version of the current social network X. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

233. Modern Mobile Malware Detection Framework Using Machine Learning and Random Forest Algorithm.

Author

Ababneh, Mohammad, Al-Droos, Ayat, and El-Hassan, Ammar

Abstract

With the high level of proliferation of connected mobile devices, the risk of intrusion becomes higher. Artificial Intelligence (AI) and Machine Learning (ML) algorithms started to feature in protection software and showed effective results. These algorithms are nonetheless hindered by the lack of rich datasets and compounded by the appearance of new categories of malware such that the race between attackers' malware, especially with the assistance of Artificial Intelligence tools and protection solutions makes these systems and frameworks lose effectiveness quickly. In this article, we present a framework for mobile malware detection based on a new dataset containing new categories of mobile malware. We focus on categories of malware that were not tested before by Machine Learning algorithms proven effective in malware detection. We carefully select an optimal number of features, do necessary preprocessing, and then apply Machine Learning algorithms to discover malicious code effectively. From our experiments, we have found that the Random Forest algorithm is the best-performing algorithm with such mobile malware with detection rates of around 99%. We compared our results from this work and found that they are aligned well with our previous work. We also compared our work with State-of-the-Art works of others and found that the results are very close and competitive. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

234. Optimizing android program malware classification using GridSearchCV optimized random forest.

Author

Hakim, Luqman, Sari, Zamah, Aristyo, Ananda Rizaldy, and Pangestu, Syahrul

Subjects
MALWARE, RANDOM forest algorithms, INTERNET security, SMARTPHONES
Abstract

The growing number of smartphones, particularly Android powered ones, has increased public awareness of the security concerns posed by malware and viruses. While machine learning models have been studied for malware prediction in this field, methods for precise identification and classification still require improvement for the perfect detection of malwares and minimizing the cracks on machine learning based classification. Detection accuracy that ranges from 93% to 95% has been observed in prior research, indicates room for improvement. In order to maximize the hyperparameters, this paper suggests improving the Random Forest method by introducing the grid search algorithm which isn't present in previous studies. A significant increase in classification accuracy is the main aim of the research. We exhibit an outstanding 99% accuracy rate in detecting malware contaminated programs, demonstrating the significance of our technique. The proposed method can be seen as a huge improvement over existing models, achieving near perfection in detection, in contrast to which typically obtained by previous models with the accuracy rate of 95% max on the same dataset. Our approach achieves such high accuracy and provides a novel remedy for the limits of the Android based platforms, particularly when program processing resources are limited. This study confirms the effectiveness of our improved Random Forest algorithm, points to a paradigm shift in malware detection, and heightened cybersecurity measures for the rapidly growing smartphone market. [ABSTRACT FROM AUTHOR]

Published
2024

235. Artificial Intelligence-Driven Penetration Testing for Wireless Networks: Enhancing Security Vulnerability Detection Using CNN Models.

Author

Mohammed Al-Saudi, Mustafa Salim and Hamze, Kassem

Subjects
ARTIFICIAL intelligence, CONVOLUTIONAL neural networks, MALWARE, COMPUTER security, MACHINE learning
Abstract

Adware, spyware, viruses, and other forms of malware are serious risks to people, companies, governments, and military activities. Advanced methods for vulnerability detection are required since traditional security measures frequently fall short in the face of complex and dynamic cyberthreats. In order to increase accuracy, adaptability, and scalability in discovering security vulnerabilities, this study investigates the incorporation of artificial intelligence (AI) in the design of a wireless network penetration testing system, utilizing machine learning. The dataset used was BoTNeTIoT-L01, which has over 7 million records of IoT botnet attacks. Using the Keras library, a convolutional neural network (CNN) model with layers for convolution, max pooling, and dense was created. The Adam algorithm was then used to optimize the CNN model's training process. The model's remarkable 99.46% accuracy rate in categorizing assaults indicates how well it can detect security holes and adjusts to emerging threats. The results also confirm the capabilities of artificial intelligence in enhancing cybersecurity measures and ensuring strong protection in increasingly complex wireless network environments. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

236. Perception of the risks inherent in new AI technologies.

Author

Machleidt, Petr, Mráčková, Jitka, and Mráček, Karel

Subjects
RISK perception, GENERATIVE artificial intelligence, EDUCATIONAL technology, MALWARE, CRITICAL analysis
Abstract

Copyright of Journal for Technology in Theory & Practice / Zeitschrift für Technikfolgenabschätzung in Theorie und Praxis (TATuP) is the property of Oekom Verlag GmbH and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published
2024
Full Text
View/download PDF

237. Use case generation, variation, and anticipation in innovation projects: Analysis of current industry practices based on interviews with international innovation experts.

Author

Henke, Niklas Hermann

Subjects
MALWARE, ARTIFICIAL intelligence, TECHNOLOGY assessment, PROJECT management, CREATIVE ability
Abstract

Copyright of Journal for Technology in Theory & Practice / Zeitschrift für Technikfolgenabschätzung in Theorie und Praxis (TATuP) is the property of Oekom Verlag GmbH and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published
2024
Full Text
View/download PDF

238. Misuse of large language models: Exploiting weaknesses for target-specific outputs.

Author

Klinkhammer, Dennis

Subjects
LANGUAGE models, MISINFORMATION, PYTHON programming language, MALWARE, INFORMATION dissemination, HATE speech
Abstract

Copyright of Journal for Technology in Theory & Practice / Zeitschrift für Technikfolgenabschätzung in Theorie und Praxis (TATuP) is the property of Oekom Verlag GmbH and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published
2024
Full Text
View/download PDF

239. A Comprehensive Review of Machine Learning Approaches for Detecting Malicious Software.

Author

Liu Yuanming and Latih, Rodziah

Subjects
MACHINE learning, MALWARE, DEEP learning, FEATURE extraction, COMPUTER network security, RESEARCH personnel
Abstract

With the continuous development of technology, the types of malware and their variants continue to increase, which has become an enormous challenge to network security. These malware use a variety of technical means to deceive or evade traditional detection methods, making traditional signature-based rule-based malware identification methods no longer applicable. Many machine algorithms have attracted widespread academic attention as powerful malware detection and classification methods in recent years. After an in-depth study of rich literature and a comprehensive survey of the latest scientific research results, feature extraction is used as the basis for classification. By extracting meaningful features from malware samples, such as behavioral patterns, code structures, and file attributes, researchers can discern unique characteristics that distinguish malicious software from benign ones. This process is the foundation for developing effective detection models and understanding the underlying mechanisms of malware behavior. We divide feature engineering and learning-based methods into two categories for investigation. Feature engineering involves selecting and extracting relevant features from raw data, while learning-based methods leverage machine learning algorithms to analyze and classify malware based on these features. Supervised, unsupervised, and deep learning techniques have shown promise in accurately detecting and classifying malware, even in the face of evolving threats. On this basis, we further look into the current problems and challenges malware identification research faces. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

240. A New Approach of Botnet Activity Detection Models Using Combination of Univariate and ANOVA Feature Selection Techniques.

Author

Hostiadi, Dandy Pramana, Ahmad, Tohari, Putra, Muhammad Aidiel Rachman, Pradipta, Gede Angga, Ayu, Putu Desiana Wulaning, and Liandana, Made

Subjects
BOTNETS, FEATURE selection, MALWARE, COMPUTER networks, MACHINE learning, ANALYSIS of variance
Abstract

The number of cases in the cyber era has increased significantly, which are caused by malicious software known as malware. This malicious software penetrates the network, infects several computers, and forms a collection of zombie computer networks commonly known as Botnets. These botnet threats can gravely impact valuable system resources and stored data and cause severe financial losses if not handled appropriately. Several previous studies introduced a botnet detection model using algorithms from machine learning by optimizing the feature selection process and having high detection results. However, feature selection is carried out without determining the role of features in the mandatory and non-mandatory categories. In fact, not all features can be selected because they have an important role and influence detection performance. This paper proposes a detection model by optimizing feature selection techniques. The initial process is to categorize features into mandatory and non-mandatory features. The feature selection process is carried out on non-mandatory features using two approaches: Univariate and ANOVA. Then, the best features from the feature selection results are aggregated with the Mandatory features and processed in a classification model for detecting malware attacks. The aim is to obtain the best features used in the classification model to improve detection performance by measuring accuracy, precision, and recall. The classification model used is a Decision tree and was tested on three different datasets, namely CTU-13, NCC, and NCC-2. The experiment result obtained an accuracy of 99.27% on the CTU-13 dataset, 98.96% on the NCC dataset, and 98.87% on the NCC-2 dataset. The resulting average precision value is 98.68% in the CTU-13 dataset, 98.26% in the NCC dataset, and 97.90% in the NCC-2 dataset. Finally, the resulting average recall value was 99.27% on the CTU-13 dataset, 98.96% on the NCC dataset, and 98.87% on the NCC-2 dataset. The detection results showed better results than previous research. This model can make analyzing attacks easier and determine treatment when a malware attack occurs. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

241. Feature Selection Using Adaptive Weight Based Grey Wolf Optimization for Malware Detection in Android.

Author

Thakur, Arun Singh and Muppavaram, Kireet

Subjects
FEATURE selection, SUPPORT vector machines, MALWARE, RANDOM forest algorithms, MACHINE learning, ERROR rates
Abstract

The malware application is one of the most dangerous threats to various applications, particularly in Android devices. To effectively detect the malware in Android, the existing researchers utilized the Machine Learning (ML) approaches. However, the researchers have not accurately detected the malware due to the malware complexity, continuous changes as well as increased damages caused by attackers. In this paper, an Adaptive Weight based Grey Wolf Optimization (AWGWO) based feature selection is proposed for malware detection in Android. The proposed AWGWO is evaluated by using Drebin and CICInvesAndMal2019 dataset which contains 216 and 428 malware features. Then, the acquired dataset is pre-processed by utilizing the Min-Max normalization technique to remove the computational complexity and achieve minimum error rates. In the classification stage, a voting combination of benign and malignant malware is used while utilizing three ensemble ML approaches. The ensemble approaches involve a Support Vector Machine (SVM), Random Forest (RF) and AdaBoost algorithm. The proposed AWGWO method achieves better results by using evaluation metrics like accuracy, precision, recall, and F1-score of 0.9953, 0.9930, 0.9963, and 0.9725 respectively which is comparatively better than the existing methods named Random Forest-OWL (RF-OWL), SVM, Adjacency Matrix (AdMat) and Effective Feature selection - RF (EF-RF). [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

242. Evaluating Realistic Adversarial Attacks against Machine Learning Models for Windows PE Malware Detection.

Author

Imran, Muhammad, Appice, Annalisa, and Malerba, Donato

Subjects
CONVOLUTIONAL neural networks, MACHINE learning, MALWARE, ARTIFICIAL intelligence, DECISION trees
Abstract

During the last decade, the cybersecurity literature has conferred a high-level role to machine learning as a powerful security paradigm to recognise malicious software in modern anti-malware systems. However, a non-negligible limitation of machine learning methods used to train decision models is that adversarial attacks can easily fool them. Adversarial attacks are attack samples produced by carefully manipulating the samples at the test time to violate the model integrity by causing detection mistakes. In this paper, we analyse the performance of five realistic target-based adversarial attacks, namely Extend, Full DOS, Shift, FGSM padding + slack and GAMMA, against two machine learning models, namely MalConv and LGBM, learned to recognise Windows Portable Executable (PE) malware files. Specifically, MalConv is a Convolutional Neural Network (CNN) model learned from the raw bytes of Windows PE files. LGBM is a Gradient-Boosted Decision Tree model that is learned from features extracted through the static analysis of Windows PE files. Notably, the attack methods and machine learning models considered in this study are state-of-the-art methods broadly used in the machine learning literature for Windows PE malware detection tasks. In addition, we explore the effect of accounting for adversarial attacks on securing machine learning models through the adversarial training strategy. Therefore, the main contributions of this article are as follows: (1) We extend existing machine learning studies that commonly consider small datasets to explore the evasion ability of state-of-the-art Windows PE attack methods by increasing the size of the evaluation dataset. (2) To the best of our knowledge, we are the first to carry out an exploratory study to explain how the considered adversarial attack methods change Windows PE malware to fool an effective decision model. (3) We explore the performance of the adversarial training strategy as a means to secure effective decision models against adversarial Windows PE malware files generated with the considered attack methods. Hence, the study explains how GAMMA can actually be considered the most effective evasion method for the performed comparative analysis. On the other hand, the study shows that the adversarial training strategy can actually help in recognising adversarial PE malware generated with GAMMA by also explaining how it changes model decisions. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

243. An Empirical Study on Detection of Android Adware Using Machine Learning Techniques.

Author

Farooq, Umar, Khurana, Surinder Singh, Singh, Parvinder, and Kumar, Munish

Abstract

The Android operating system, without showing signs of diminishing, has experienced unprecedented popularity and continues to thrive with a significant user base. Its notable aspect for supporting third-party applications has revolutionized the digital landscape, allowing developers to generate revenue through advertising. Adware has emerged as a prominent monetization method for developers of both Adware and the applications that integrate it. However, as the utilization of Adware proliferates, it simultaneously escalates the risk of fraudulent activities associated with advertising approaches. The increasing prevalence of Adware introduces a pressing need for robust detection and mitigation strategies to address the potentially detrimental effects of fraudulent practices. In response, the proposed system focuses on analyzing and identifying alterations in network traffic acquired from Android devices. This research delves into an extensive exploration of machine and deep learning models, aiming to enhance the detection and mitigation of Adware. The exceptional capabilities of the LGBM model highlight the system's noteworthy performance in binary classification. However, in multiclass classification, the XGBM model emerges as the frontrunner, outperforming other models and showcasing superior effectiveness in distinguishing and classifying Adware and general Malware. These outcomes highlight the remarkable efficacy of the system in accurately classifying adware instances, regardless of the classification scenario. The findings not only validate the viability of the proposed system but also underscore the superior performance of specific machine learning models employed in the research. With further refinement and optimization, the system holds great promise in enhancing the security and integrity of the Android ecosystem. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

244. GSB: GNGS and SAG-BiGRU network for malware dynamic detection.

Author

Hu, Zhanhui, Liu, Guangzhong, Xiang, Xinyu, Li, Yanping, and Zhuang, Siqing

Subjects
*DEEP learning, *INTRUSION detection systems (Computer security), *MALWARE, *RANDOM noise theory, *FEATURE extraction, *TRANSFORMER models, *INTERNET security
Abstract

With the rapid development of the Internet, the continuous increase of malware and its variants have brought greatly challenges for cyber security. Due to the imbalance of the data distribution, the research on malware detection focuses on the accuracy of the whole data sample, while ignoring the detection rate of the minority categories' malware. In the dataset sample, the normal data samples account for the majority, while the attacks' malware accounts for the minority. However, the minority categories' attacks will bring great losses to countries, enterprises, or individuals. For solving the problem, this study proposed the GNGS algorithm to construct a new balance dataset for the model algorithm to pay more attention to the feature learning of the minority attacks' malware to improve the detection rate of attacks' malware. The traditional malware detection method is highly dependent on professional knowledge and static analysis, so we used the Self-Attention with Gate mechanism (SAG) based on the Transformer to carry out feature extraction between the local and global features and filter irrelevant noise information, then extracted the long-distance dependency temporal sequence features by the BiGRU network, and obtained the classification results through the SoftMax classifier. In the study, we used the Alibaba Cloud dataset for malware multi-classification. Compared the GSB deep learning network model with other current studies, the experimental results showed that the Gaussian noise generation strategy (GNGS) could solve the unbalanced distribution of minority categories' malware and the SAG-BiGRU algorithm obtained the accuracy rate of 88.7% on the eight-classification, which has better performance than other existing algorithms, and the GSB model also has a good effect on the NSL-KDD dataset, which showed the GSB model is effective for other network intrusion detection. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

245. Can Windows 11 Stop Well-Known Ransomware Variants? An Examination of Its Built-in Security Features.

Author

Al-Awadi, Yousef Mahmoud, Baydoun, Ali, and Ur Rehman, Hafeez

Subjects
RANSOMWARE, DIGITAL technology, CYBERTERRORISM, SECURITY systems, INTERNET security
Abstract

The ever-evolving landscape of cyber threats, with ransomware at its forefront, poses significant challenges to the digital world. Windows 11 Pro, Microsoft's latest operating system, claims to offer enhanced security features designed to tackle such threats. This paper aims to comprehensively evaluate the effectiveness of these Windows 11 Pro, built-in security measures against prevalent ransomware strains, with a particular emphasis on crypto-ransomware. Utilizing a meticulously crafted experimental environment, the research adopted a two-phased testing approach, examining both the default and a hardened configuration of Windows 11 Pro. This dual examination offered insights into the system's inherent and potential defenses against ransomware threats. The study's findings revealed that Windows 11 Pro does present formidable defenses. This paper not only contributes valuable insights into cybersecurity, but also furnishes practical recommendations for both technology developers and end-users in the ongoing battle against ransomware. The significance of these findings extends beyond the immediate evaluation of Windows 11 Pro, serving as a reference point for the broader discourse on enhancing digital security measures. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

246. Effective and Efficient Android Malware Detection and Category Classification Using the Enhanced KronoDroid Dataset.

Author

Waheed, Mudassar and Qadir, Sana

Subjects
MACHINE learning, SUPERVISED learning, MOBILE operating systems, MALWARE, RANDOM forest algorithms
Abstract

Android is the most widely used mobile operating system and responsible for handling a wide variety of data from simple messages to sensitive banking details. The explosive increase in malware targeting this platform has made it imperative to adopt machine learning approaches for effective malware detection and classification. Since its release in 2008, the Android platform has changed substantially and there has also been a significant increase in the number, complexity, and evolution of malware that target this platform. This rapid evolution quickly renders existing malware datasets out of date and has a degrading impact on machine learning-based detection models. Many studies have been carried out to explore the effectiveness of various machine learning models for Android malware detection. Majority of these studies use datasets that have compiled using static or dynamic analysis of malware but the use of hybrid analysis approaches has not been addressed completely. Likewise, the impact of malware evolution has not been fully investigated. Although some of the models have achieved exceptional results, their performance deteriorated for evolving malware and they were also not effective against antidynamic malware. In this paper, we address both these limitations by creating an enhanced subset of the KronoDroid dataset and using it to develop a supervised machine learning model capable of detecting evolving and antidynamic malware. The original KronoDroid dataset contains malware samples from 2008 to 2020, making it effective for the detection of evolving malware and handling concept drift. Also, the dynamic features are collected by executing the malware on a real device, making it effective for handling antidynamic malware. We create an enhanced subset of this dataset by adding malware category labels with the help of multiple online repositories. Then, we train multiple supervised machine learning models and use the ExtraTree classifier to select the top 50 features. Our results show that the random forest (RF) model has the highest accuracy of 98.03% for malware detection and 87.56% for malware category classification (for 15 malware categories). [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

247. Cyber threats to the Private Academic Cloud.

Author

Lakhno, Valerii, Akhmetov, Bakhytzhan, Kryvoruchko, Olena, Chubaievskyi, Vitalyi, Desiatko, Alona, Bereke, Madina, and Shalabaeva, Maria

Subjects
*CLOUD computing security measures, *INFORMATION technology security, *MALWARE, *COMPUTER viruses
Abstract

The potential breach of access to confidential content hosted in a university's Private Academic Cloud (PAC) underscores the need for developing new protection methods. This paper introduces a Threat Analyzer Software (TAS) and a predictive algorithm rooted in both an operational model and discrete threat recognition procedures (DTRPs). These tools aid in identifying the functional layers that attackers could exploit to embed malware in guest operating systems (OS) and the PAC hypervisor. The solutions proposed herein play a crucial role in ensuring countermeasures against malware introduction into the PAC. Various hypervisor components are viewed as potential threat sources to the PAC's information security (IS). Such threats may manifest through the distribution of malware or the initiation of processes that compromise the PAC's security. The demonstrated counter-threat method, which is founded on the operational model and discrete threat recognition procedures, facilitates the use of mechanisms within the HIPV to quickly identify cyber attacks on the PAC, especially those employing "rootkit" technologies. This prompt identification empowers defenders to take swift and appropriate actions to safeguard the PAC. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

248. Empirical analysis of the cyberattacks of the Russian–Ukrainian war.

Author

BÁNYÁSZ, PÉTER, KISS, ADRIENN, MAGYAR, SÁNDOR, and KISS, DÁVID

Subjects
*TRENDS, *DENIAL of service attacks, *TREND analysis, *MALWARE, *ACQUISITION of data, *CYBERTERRORISM
Abstract

This research study aims to empirically analyze the cyberattacks that occurred in the context of the Russian–Ukrainian conflict between 2022 and 2023, with a specific focus on the impact of these attacks on civilian infrastructure and institutions. The data collection for this study is based on publicly available sources from the CyberPeace Institute, taking into account various types of incidents such as malware, distributed denial of service (DDoS) attacks, spam, information operations, and website defacements. The study employs a network theory approach to examine the structure and dynamics of incidents and campaigns, while additional statistical methods and trend analysis are used to assess sector-specific and geographic patterns, as well as changes in attack frequency and severity. The research aims to contribute to the existing literature on cyber warfare and to provide valuable insights into the cyber threats faced by civilian infrastructure and institutions during times of conflict. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

249. Provisioning the external infrastructure for Cyberspace Operations. A spotlight on Russian APT groups.

Author

Villalón-Huerta, Antonio, Ripoll-Ripoll, Ismael, and Marco-Gisbert, Hector

Subjects
*CYBERSPACE operations (Military science), *SCIENTIFIC literature, *TECHNICAL literature, *MALWARE, *INTERNET
Abstract

Advanced threat actors operating on cyberspace rely on external infrastructure for their operations. This external infrastructure encompasses various elements available on the internet, located outside the target's premises. Analyzing this infrastructure and the techniques utilized to maximize its operational efficiency is crucial in understanding threat actors and their activities. However, much of the existing scientific and technical literature predominantly focuses on internal infrastructure components, such as malware implants, and the tactics used by threat actors within their victim's infrastructure. This work aims to provide a comprehensive analysis of external infrastructure and its provisioning techniques. Although our research primarily delves into Russian APT groups and their activities, our findings are applicable to all advanced threat groups and operations. The outcomes of our study can significantly aid analysts in characterizing these groups and their activities, particularly in attribution endeavors. Our proposal presents a logical structure that is easily scalable and adaptable, and it can be used to improve widely accepted industry standards such as MITRE ATT&CK. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

250. Malware detection for container runtime based on virtual machine introspection.

Author

He, Xinfeng and Li, Riyang

Subjects
*VIRTUAL machine systems, *CONVOLUTIONAL neural networks, *MALWARE, *INTROSPECTION, *HYPERVISOR (Computer software), *GRAYSCALE model
Abstract

The isolation technique of containers introduces uncertain security risks to malware detection in the current container environment. In this paper, we propose a framework called Malware Detection for Container Runtime based on Virtual Machine Introspection (MDCRV) to detect in-container malware. MDCRV can automatically export the memory snapshots by using virtual machine introspection in container-in-virtual-machine architecture and reconstruct container semantics from memory snapshots. Although in-container malware might escape from the isolating measures of the container, our detecting program which benefits from the isolation of the hypervisor still can work well. Additionally, we propose a container process visualization approach to improve the efficiency of analyzing the binary execution information of container runtime. We convert the live processes of in-container malware and benign application to grayscale images and employ the convolutional neural network to extract malware features from the self-constructed dataset. The experimental results show that MDCRV achieves high accuracy while improving security. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results