Your search keyword '"MALWARE"' showing total 35,878 results

1. Pitfalls in Machine Learning for Computer Security.

Author

Arp, Daniel, Quiring, Erwin, Pendlebury, Feargus, Warnecke, Alexander, Pierazzi, Fabio, Wressnegger, Christian, Cavallaro, Lorenzo, and Rieck, Konrad

Subjects

*MACHINE learning, *COMPUTER security, *MALWARE, *SYSTEMS design, *ACQUISITION of data, *INTRUSION detection systems (Computer security)

Abstract

This article presents ten common pitfalls of machine learning in the context of computer security. Pitfalls are included from all stages of the machine learning process including data snooping, inappropriate baseline, and base rate fallacy. Next, the prevalence of each pitfall was assessed using thirty security papers published in the last ten years. Then, an impact analysis is presented of these pitfalls in four different security fields, including vulnerability and network intrusion detection.

Published

2024

2. Supervised and Unsupervised Learning Techniques for Malware Classification Based on Opcode Frequency Features

Author

Asmitha, K. A., Vinod, P., Rafidha Rehiman, K. A., Cherian, Renil M., Balachandran, Rohith, Titus, Bins, Rohith Raj, R., Fathima Afrah, K. N., Archana, A. R., Li, Gang, Series Editor, Filipe, Joaquim, Series Editor, Ghosh, Ashish, Series Editor, Xu, Zhiwei, Series Editor, T., Shreekumar, editor, L., Dinesha, editor, and Rajesh, Sreeja, editor

Published

2025

3. Preventing and Detecting Malware in Smart Environments. The Smart Home Case

Author

Kulkarni, Shruti, Mylonas, Alexios, Vidalis, Stilianos, Jajodia, Sushil, Series Editor, Samarati, Pierangela, Series Editor, Lopez, Javier, Series Editor, Vaidya, Jaideep, Series Editor, Gritzalis, Dimitris, editor, Choo, Kim-Kwang Raymond, editor, and Patsakis, Constantinos, editor

Published

2025

4. The South African and Senegalese Legislative Response to Malware-Facilitated Cybercrime

Author

Mabunda, Sagwadi, Jajodia, Sushil, Series Editor, Samarati, Pierangela, Series Editor, Lopez, Javier, Series Editor, Vaidya, Jaideep, Series Editor, Gritzalis, Dimitris, editor, Choo, Kim-Kwang Raymond, editor, and Patsakis, Constantinos, editor

Published

2025

5. Unpacking Malware in the Real World: A Step-by Step Guide

Author

Totosis, Nikolaos, Patsakis, Constantinos, Jajodia, Sushil, Series Editor, Samarati, Pierangela, Series Editor, Lopez, Javier, Series Editor, Vaidya, Jaideep, Series Editor, Gritzalis, Dimitris, editor, Choo, Kim-Kwang Raymond, editor, and Patsakis, Constantinos, editor

Published

2025

6. Hidden Realms: Exploring Steganography Methods in Games for Covert Malware Delivery

Author

Vasilellis, Efstratios, Anagnostopoulou, Argiro, Adamos, Konstantinos, Jajodia, Sushil, Series Editor, Samarati, Pierangela, Series Editor, Lopez, Javier, Series Editor, Vaidya, Jaideep, Series Editor, Gritzalis, Dimitris, editor, Choo, Kim-Kwang Raymond, editor, and Patsakis, Constantinos, editor

Published

2025

7. Malware as a Geopolitical Tool

Author

Leventopoulos, Sozon, Gritzalis, Dimitris, Stergiopoulos, George, Jajodia, Sushil, Series Editor, Samarati, Pierangela, Series Editor, Lopez, Javier, Series Editor, Vaidya, Jaideep, Series Editor, Gritzalis, Dimitris, editor, Choo, Kim-Kwang Raymond, editor, and Patsakis, Constantinos, editor

Published

2025

8. Method to Automate the Classification of PE32 Malware Using Word2vec and LSTM

Author

Percílio Azevedo, Bruce William, Oliveira Albuquerque, Robson de, García Villalba, Luis Javier, Jajodia, Sushil, Series Editor, Samarati, Pierangela, Series Editor, Lopez, Javier, Series Editor, Vaidya, Jaideep, Series Editor, Gritzalis, Dimitris, editor, Choo, Kim-Kwang Raymond, editor, and Patsakis, Constantinos, editor

Published

2025

9. Assessing Static and Dynamic Features for Packing Detection

Author

Van Ouytsel, Charles-Henry Bertrand, Legay, Axel, Lucca, Serena, Wauters, Dimitri, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, and Hinchey, Mike, editor

Published

2025

10. Enhancement of Malware Detection Systems Using Mal-cGAN

Author

Timmanagoudar, Harshit, Preethi, P., Howlett, Robert J., Series Editor, Jain, Lakhmi C., Series Editor, Pal, Sankar K., editor, Thampi, Sabu M., editor, and Abraham, Ajith, editor

Published

2025

11. An Optimized Approach Towards Malware Detection Using Java Microservices

Author

Goel, Mandhar, Thakur, Subodh, Kumar, Nishant, Gupta, Nishant, Singh, Mayank, Ghosh, Ashish, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Singh, Mayank, editor, Tyagi, Vipin, editor, Gupta, P. K., editor, Flusser, Jan, editor, Ören, Tuncer, editor, Cherif, Amar Ramdane, editor, and Tomar, Ravi, editor

Published

2025

12. Understanding and Measuring Inter-process Code Injection in Windows Malware

Author

Starink, Jerre, Huisman, Marieke, Peter, Andreas, Continella, Andrea, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin, Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Duan, Haixin, editor, Debbabi, Mourad, editor, de Carné de Carnavalet, Xavier, editor, Luo, Xiapu, editor, Du, Xiaojiang, editor, and Au, Man Ho Allen, editor

Published

2025

13. Comparative Analysis of Malware Detection Response Times Across Android Versions: An Emphasis on the 'Hoverwatch' Application

Author

Ndukwe, Chiemela, Homayounvala, Elaheh, Kazemian, Hassan, Araujo, Istteffanny, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Hassanien, Aboul Ella, editor, Anand, Sameer, editor, Jaiswal, Ajay, editor, and Kumar, Prabhat, editor

Published

2025

14. Modern ransomware: Evolution, methodology, attack model, prevention and mitigation using multi‐tiered approach.

Author

Raj, Arpit, Narayan, Vedant, Muskan, Vivek, Sani, Abhilash, Sharma, Pankaj, and Sarma, S. S.

Abstract

Ransomware is a menace to the vibrant digital ecosystem. The exponential growth in ransomware attacks, its detrimental impacts, and the ever‐changing methods adopted by threat actor groups demands a focused understanding of the evolution of ransomware. This would help the organizations devise novel defensive frameworks and security controls against the modern ransomware. In this work, the impacts and evolution of ransomware through different phases up to its current form are detailed. Further, based on the study and analysis of the most prevalent modern ransomware variants, their most used tactics, techniques and procedures (TTPs) are identified as per the MITRE ATT&CK model. This acts as a platform to propose a generic attack model for "modern ransomware." Building on the existing MITRE mitigation, D3FEND‐based approaches and considering the resource and budget constraints of organizations, a simplified three‐tier defensive model that is cost‐effective and implementable is put forward. Thus, this work aims to open avenues for understanding the TTPs, and attack methodology of "modern ransomware," thereby developing feasible and implementable defensive security controls. [ABSTRACT FROM AUTHOR]

Published

2024

15. Efficient malware detection through inter-component communication analysis.

Author

Chen, Peng, Tian, Shengwei, Wang, Xin, Pei, Xinjun, Nong, Weitao, and Zhang, Hao

Subjects

*CAPSULE neural networks, *FEATURE extraction, *INTERNET of things, *MALWARE, *TELECOMMUNICATION systems

Abstract

With the development of science and technology, the number of smartphones has increased dramatically. This also exposes Android-based smartphones to an increasing number of malware attacks. Currently, feature extraction schemes based on sensitive API calls have become mainstream in malware detection. However, such an approach can only capture the behavior of malware when the API is called, but it cannot detect malicious behavior implemented through other means. In the real world, attackers often use the Inter-Component Communication (ICC) mechanism to hide and conceal their malicious intent. In this paper, we propose a novel malware detection framework (named ADACapsNet). This framework first employs an entropy-based approach to extract sensitive API features to reflect the behavior patterns of malware and then captures the information flow across components by monitoring the ICC interactions in the Android systems. We transform sensitive API calls and ICC features into vector representations that are used as inputs to the learning model. Moreover, we propose an adaptive capsule network to mine deep program semantics, which uses an adaptive factor to dynamically assign weights for features, enhancing the model's ability to focus on relevant features and capture complex spatial relationships. We conducted a number of experiments to demonstrate the effectiveness of the proposed ADACapsNet in detecting malware. Experimental results show that the proposed method is robust against malware attacks. [ABSTRACT FROM AUTHOR]

Published

2024

16. A Survey on Malware Detection with Graph Representation Learning.

Author

Bilot, Tristan, El Madhoun, Nour, Al Agha, Khaldoun, and Zouaoui, Anis

Published

2024

17. An Adaptive Framework for Classification and Detection of Android Malware.

Author

Al Sharah, Ashraf, Abu Alrub, Yousef, Abu Owida, Hamza, Abu Elsoud, Esraa, Alshdaifat, Nawaf, and Khtatnaha, Hamzah

Subjects

COMPUTERS, RANDOM forest algorithms, APPLICATION software, COMPUTER software, RECORDS management

Abstract

The hardware and software of a computer are controlled by its operating system (OS), which performs essential tasks such as input and output processing, file and memory management, and the management of peripheral devices such as disk drives and printers. Application software refers to programs designed for specific purposes, these applications, often freely available and open source, contribute to the rising number of downloads. In the third quarter of 2022, combined downloads from the Apple App Store and Google Play Reached an estimated 35.3 billion. However, the prevalence of insecurity in these applications and technologies heightens the potential for cybercrimes. Protection against unauthorized intruders is crucial in identifying malicious applications. Machine learning (ML) serves as a promising avenue for detecting malware attacks, offering potential solutions to bolster cybersecurity measures. We propose a novel approach utilizing ML to enhance malware detection accuracy by segmenting datasets into distinct groups. Our research employs supervised ML techniques on the CICMaldroid2020 dataset, which includes comprehensive information such as intent actions, permissions, and sensitive APIs. The dataset was partitioned into four groups, each containing 150 features, and analyzed across four experiments to distinguish between attack and benign classes. Our proposed model demonstrated exceptional performance, with the random forest algorithm achieving an accuracy of 98.6% and a precision of 98.75%. These results highlight the effectiveness of our segmentation approach and its significant contribution to advancing malware detection in Android applications, offering a promising direction for future cybersecurity solutions. [ABSTRACT FROM AUTHOR]

Published

2024

18. A DYNAMIC SANDBOX DETECTION TECHNIQUE IN A PRIVATE CLOUD ENVIRONMENT.

Author

ZHANGWEI YANG and JUNYU XIAO

Subjects

KNOWLEDGE graphs, MALWARE, DATA security, TRUST, ACCESS control

Abstract

In specific private cloud scenarios, how to defend against malicious software and ensure data security is one of the current research hotspots, and sandbox is an important detection method. This paper proposes a dynamic behavior detection technique based on sandboxing, which real-time monitors and analyzes malicious software behavior. By improving the sandbox behavior weight, integrating virtual resources, and designing fine-grained access control, the detection accuracy and efficiency are enhanced based on zero trust access control system. The simulated attacks are identified on the testing platform, drawing knowledge graphs, achieving effective discovery and tracing. Meanwhile, this paper verified through experiments that the system consumption of the detection method is within an acceptable range, expanding the detection range and reducing the missed detection rate. [ABSTRACT FROM AUTHOR]

Published

2024

19. Image-based Malware Detection and Classification Approach Using Multi-level Deep Learning Methods.

Author

Ourdighi, Asmaa, Gacem, Kawther, and Torki, Meriem Amira

Subjects

CONVOLUTIONAL neural networks, IMAGE recognition (Computer vision), RADIAL basis functions, MALWARE, LEARNING ability, DEEP learning

Abstract

Malware poses a significant threat to cybersecurity, continuously evolving to evade traditional detection methods. Deep learning (DL) offers a promising avenue for addressing this challenge by leveraging its ability to learn complex patterns from large amounts of data. This paper introduces a novel deep learning architecture that combines convolutional neural network (CNN), long short-term memory network (LSTM), and radial basis function network (RBF) to extract discriminative features from malware images. Our model captures both low-level visual details and high-level semantic information for robust and accurate malware classification. The Softmax layer assigns probabilities to different malware classes, enabling precise classification. We evaluated the model on three diverse datasets: Malimg, MaleVis, and Microsoft Big 2015, each differing in malware families, image characteristics, and collection methods. The model achieved accuracy rates of 99.06%, 93.55%, and 97.52% on these datasets, respectively, demonstrating its effectiveness and potential in malware image classification. [ABSTRACT FROM AUTHOR]

Published

2024

20. Robust malicious software detection and classification using global whale optimization algorithm with deep learning approach.

Author

Assiri, Mohammed

Subjects

*METAHEURISTIC algorithms, *ARTIFICIAL intelligence, *MACHINE learning, *MALWARE, *FEATURE selection, *DEEP learning

Abstract

Software malware detection and classification leverage sophisticated procedures and methods from the cybersecurity domain for identifying and categorizing malicious software, generally called malware. This procedure analyses code behaviour, file structures, and other features to distinguish between benign and malicious programs. Machine learning (ML) and artificial intelligence (AI) are vital in this domain, allowing the progress of dynamic and adaptive systems that identify novel and developing malware attacks. By training on massive datasets of benign and malicious instances, these systems learn patterns and signatures indicative of malware. This lets them correctly categorize and respond to potential attacks in real-time. This study presents a Global Whale Optimization Algorithm with Neutrosophic Logic for Software Malware Detection and Classification (GWOANL-SMDC) technique. The GWOANL-SMDC technique secures the software via the Android malware recognition process. Primarily, the GWOANL-SMDC technique employs the Neutrosophic Cognitive Maps (NCM) model for the feature selection process. The GWOANL-SMDC technique uses a convolutional long short-term memory (ConvLSTM) model for software malware detection. At last, the GWOA-based parameter tuning is performed to improve the performance of the ConvLSTM model. The simulation values of the GWOANL-SMDC technique are examined on the malware dataset. The obtained results ensured that the GWOANL-SMDC technique improved capability in detecting software malware. [ABSTRACT FROM AUTHOR]

Published

2024

21. Deep learning-based improved transformer model on android malware detection and classification in internet of vehicles.

Author

Almakayeel, Naif

Subjects

*TRANSFORMER models, *MACHINE learning, *MALWARE, *DEEP learning, *AUTONOMOUS vehicles, *ALGORITHMS

Abstract

With the growing popularity of autonomous vehicles (AVs), confirming their safety has become a significant concern. Vehicle manufacturers have combined the Android operating system into AVs to improve consumer comfort. However, the diversity and weaknesses of the Android operating system pose substantial safety risks to AVs, as these factors can expose them to threats, namely Android malware. The advanced behaviour of multi-data source fusion in autonomous driving models has mitigated recognition accuracy and effectualness for Android malware. To efficiently counter new malware variants, novel techniques distinct from conventional methods must be utilized. Machine learning (ML) techniques cannot detect every new and complex malware variant. The deep learning (DL) model is an efficient tool for detecting various malware variants. This manuscript proposes a Deep Learning-Based Improved Transformer Model on Android Malware Detection (DLBITM-AMD) technique for Internet vehicles (IoVs). The main aim of the presented DLBITM-AMD approach is to detect Android malware effectually and accurately. The DLBITM-AMD method performs a Z-score normalization process to convert the raw data into a standard form. Then, the DLBITM-AMD approach utilizes the binary grey wolf optimization (BGWO) model to select optimum feature subsets. An improved transformer is integrated with the RNN model and softmax to enhance classification for Android malware recognition. Finally, the snake optimizer algorithm (SOA) method is employed to select the optimum parameter for the classification method. An extensive experiment of the DLBITM-AMD method is accomplished on a benchmark dataset. The performance validation of the DLBITM-AMD technique portrayed a superior accuracy value of 99.26% over existing Android malware recognition models. [ABSTRACT FROM AUTHOR]

Published

2024

22. Static analysis framework for permission-based dataset generation and android malware detection using machine learning.

Author

Pathak, Amarjyoti, Kumar, Th. Shanta, and Barman, Utpal

Subjects

REVERSE engineering, FEATURE extraction, MACHINE learning, RANDOM forest algorithms, MALWARE

Abstract

Since Android is the popular mobile operating system worldwide, malicious attackers seek out Android smartphones as targets. The Android malware can be identified through a number of established detection techniques. However, the issues presented by modern malware cannot be met by traditional signature or heuristic-based malware detection methods. Previous research suggests that machine-learning classifiers can be utilised to analyse permissions, making it possible to differentiate between malicious and benign applications on the Android platform. There exist machine-learning methods that utilise permission-based attributes to build models for the detection of malware on Android devices. Nevertheless, the performance of these detection methods is dependent on the raw or feature datasets. Android malware research frequently faces a major obstacle due to the lack of adequate and up-to-date raw malware datasets. In this paper, we put forward a systematic approach to generate an Android permission-based dataset using static analysis. To create the dataset, we collect recent raw malware samples (APK files) and focus on the reverse engineering approach and permission-based features extraction. We also conduct a thorough feature analysis to determine the important Android permissions and present a machine-learning-based Android malware detection mechanism. The experimental result of our study demonstrates that with just 48 features, the random forest classifier-based Android malware detection model obtains the best accuracy of 97.5%. [ABSTRACT FROM AUTHOR]

Published

2024

23. IPAnalyzer: A novel Android malware detection system using ranked Intents and Permissions.

Author

Sharma, Yash and Arora, Anshul

Subjects

PEARSON correlation (Statistics), FEATURE selection, MACHINE learning, CHI-squared test, MALWARE, DEEP learning

Abstract

Android malware has been growing in scale and complexity, spurred by the unabated uptake of smartphones worldwide. Millions of malicious Android applications have been detected in the past few years, posing severe threats like system damage, information leakage, etc. This calls for novel approaches to mitigate the growing threat of Android malware. Among various detection schemes, permission and intent-based ones have been widely proposed in the literature. However, many permissions and intents patterns are similar in normal and malware datasets. Such high similarity in both datasets' permissions and intents patterns motivates us to rank them to find the distinguishing features. Hence, we have proposed a novel Android malware detection system named IPAnalyzer that first ranks the permissions and intents with a frequency-based Chi-square test. Then, the system applies a novel detection algorithm that combines ranked permissions and intents and involves various machine learning and deep learning classifiers. As a result, the proposed system gives the best set of permissions and intents with higher detection accuracy as an output. The experimental results highlight that our proposed approach can effectively detect Android malware with 98.49% detection accuracy, achieved with the combination of the top six permissions and top six intents. Furthermore, our experiments demonstrate that the proposed system with the Chi-square ranking is better than other statistical tests like Mutual Information and Pearson Correlation Coefficient. Moreover, the proposed model can detect Android malware with better accuracy and less number of features than various state-of-the-art techniques for Android malware detection. [ABSTRACT FROM AUTHOR]

Published

2024

24. Sparse attention with residual pyramidal depthwise separable convolutional based malware detection with optimization mechanism.

Author

Ranjani, B. and Chinnadurai, M.

Subjects

*RANSOMWARE, *GRAYSCALE model, *OPTIMIZATION algorithms, *CONVOLUTIONAL neural networks, *WHITE shark, *APPLICATION program interfaces

Abstract

Recent developments indicate that malware programs present a significant risk in the security and privacy of cloud systems. Existing research in malware detection encounters numerous significant challenges due to the constantly changing and advanced characteristics of malware. Malware detection systems frequently experience high rates of false positives and false negatives, where legitimate applications are incorrectly identified as malware or actual malware remains undetected, which results in operational inefficiencies. Traditional signature-based approaches struggle in recognizing new or modified malware. Additionally, sophisticated malware types, such as file less malware, ransom ware, and rootkits pose detection challenges as they integrate deeply into systems or alter their behaviour to evade detection. These challenges highlight the urgent need for ongoing advancements in this field. Existing methods of malware detection that rely on signatures have been found to be both inefficient and slow in the context of cloud environments. Also, Existing studies have focused on detecting malware by analysing input API calls. But, these models have encountered challenges such as limited accuracy and difficulties in effectively classifying malware types. In contrast, Deep Learning (DL) have shown success by analysing malware behaviour through API calls, which yields encouraging results. Additionally, the data produced by API calls necessitates more computational resources for training. To address these challenges, a new deep learning-based malware detection approach utilizes 2D grayscale images derived from API calls, along with an effective tuning strategy has been proposed. Initially, data are collected from cloud malware dataset. Then, API calls are converted into 2D gray scale images in order to construct gray scale image dataset. After getting the gray scale image, pre-processing is performed to reduce high level noise and to enhance the quality of image by weighted mean filter and anisotropic filter, which helps to improve the performance in classification. Next, these images are then passed into the feature extraction stage to extract sufficient features with an effective integrated densely connected squeeze MobileNet v2 (Ef-DeSMob2), which reduces the dimensionality issue and increase the computational complexity. Then, the collected features are passed into the classification phase to detect normal and malware classes from the samples using sparse attention with residual pyramidal depth wise separable convolutional neural networks (SA:ResPyDSC), which focus to enhance the security and reliability of the model. Finally, the hyper parameters in the classifier model like weights, bias are properly fine-tuned by utilizing hybrid white shark beluga optimization algorithm (Hy-WBeOp). The experimental findings illustrate that the proposed method attains accuracy of 98.06%, precision of 97.99%, recall of 97.05%, f1-score of 96.08% and error metrics like MSE AT 0.08, RMSE of 0.27 and MAE of 0.21, which shows that the proposed method helps to classify the malware classes accurately with less error rates. The proposed approach outperforms with the existing techniques because of its great efficiency. Overall, this approach establish a strong malware detection system classification and enhance the reliability and effectiveness of protection against malicious attacks. [ABSTRACT FROM AUTHOR]

Published

2024

25. ViTDroid: Vision Transformers for Efficient, Explainable Attention to Malicious Behavior in Android Binaries.

Author

Syed, Toqeer Ali, Nauman, Mohammad, Khan, Sohail, Jan, Salman, and Zuhairi, Megat F.

Subjects

*TRANSFORMER models, *MOBILE operating systems, *VISUAL fields, *DEEP learning, *MODERN society, *MALWARE

Abstract

Smartphones are intricately connected to the modern society. The two widely used mobile phone operating systems, iOS and Android, profoundly affect the lives of millions of people. Android presently holds a market share of close to 71% among these two. As a result, if personal information is not securely protected, it is at tremendous risk. On the other hand, mobile malware has seen a year-on-year increase of more than 42% globally in 2022 mid-year. Any group of human professionals would have a very tough time detecting and removing all of this malware. For this reason, deep learning in particular has been used recently to overcome this problem. Deep learning models, however, were primarily created for picture analysis. Despite the fact that these models have shown promising findings in the field of vision, it has been challenging to fully comprehend what the characteristics recovered by deep learning models are in the area of malware. Furthermore, the actual potential of deep learning for malware analysis has not yet been fully realized due to the translation invariance trait of well-known models based on CNN. In this paper, we present ViTDroid, a novel model based on vision transformers for the deep learning-based analysis of opcode sequences of Android malware samples from large real-world datasets. We have been able to achieve a false positive rate of 0.0019 as compared to the previous best of 0.0021. However, this incremental improvement is not the major contribution of our work. Our model aims to make explainable predictions, i.e., it not only performs the classification of malware with high accuracy, but it also provides insights into the reasons for this classification. The model is able to pinpoint the malicious behavior-causing instructions in the malware samples. This means that our model can actually aid in the field of malware analysis itself by providing insights to human experts, thus leading to further improvements in this field. [ABSTRACT FROM AUTHOR]

Published

2024

26. Adaptive Ransomware Detection Using Similarity-Preserving Hashing.

Author

AlMajali, Anas, Elmosalamy, Adham, Safwat, Omar, and Abouelela, Hassan

Subjects

RANSOMWARE, MALWARE, RANSOM, BUSINESS models, VICTIMS

Abstract

Crypto-ransomware is a type of ransomware that encrypts the victim's files and demands a ransom to return the files. This type of attack has been on the rise in recent years, as it offers a lucrative business model for threat actors. Research into developing solutions for detecting and halting the spread of ransomware is vast, and it uses different approaches. Some approaches rely on analyzing system calls made via processes to detect malicious behavior, while other methods focus on the affected files by creating a file integrity monitor to detect rapid and abnormal changes in file hashes. In this paper, we present a novel approach that utilizes hashing and can accommodate large files and dynamically take into account the amount of change within each file. Mainly, our approach relies on dividing each file into partitions and then performing selective hashing on those partitions to rapidly detect encrypted partitions due to ransomware. Our new approach addresses the main weakness of a previous implementation that relies on hashing files, not file partitions. This new implementation strikes a balance between the detection time and false positives based on the partition size and the threshold of partition changes before issuing an alert. [ABSTRACT FROM AUTHOR]

Published

2024

27. Feature selection to improve distributed denial of service detection accuracy using hybrid N-Gram heuristic techniques.

Author

Maslan, Andi, Hamid, Abdul, Fitriawan, Dedy, Putri, Anggia Dasa, and Tukino

Subjects

*MACHINE learning, *CYBERTERRORISM, *DENIAL of service attacks, *FEATURE selection, *SUPPORT vector machines

Abstract

Distributed denial of service (DDoS) attacks servers and computers in various ways, such as flooding traffic. There are three DDoS detection methods, namely anomaly-based, pattern-based and heuristic-based. However, patternbased methods cannot detect recent attacks, while anomaly-based methods have low accuracy and relatively high false positives. This research proposes increasing accuracy using a heuristic-based DDoS detection method and a new feature. The combination of CSDPayload+N-Gram and CSPayload+NGram features is called hybrid N-Gram, which is analysed on four datasets: CIC2017, CIC2019, MIB-2016, and H2NPayload. Next, calculate Chi-square distance (CSD) and cosine similarity (CS) using the N-Gram frequency value results. Subsequently, compute Pearson Chi-square using the N-Gram frequency value results. Compare the CSDPayload+N-Gram and CSPayload+N-Gram, along with the Pearson Chi-square value, to classify it as either DDoS or not. Finally, feature selection based on weight correlation and payload classification employs machine learning algorithms: support vector machine (SVM), K-nearest neighbors (KNN), and neural network (NN). The average accuracy rate for detecting DDoS attacks across four datasets, utilising the CSDPayload+4-Gram and CSPayload+4-Gram features with the SVM algorithm, is 99.71%, which surpasses the accuracy achieved by using KNN (96.22%) and NNs (99.50%) imitation. Thus, the best algorithm for detecting DDoS is SVM with hybrid 4-Gram. [ABSTRACT FROM AUTHOR]

Published

2024

28. Towards Securing Smart Homes: A Systematic Literature Review of Malware Detection Techniques and Recommended Prevention Approach.

Author

Alshamsi, Omar, Shaalan, Khaled, and Butt, Usman

Subjects

*ARTIFICIAL intelligence, *SMART homes, *DENIAL of service attacks, *MACHINE learning, *HOME automation, *INTRUSION detection systems (Computer security), *DEEP learning

Abstract

The exponential growth of the Internet of Things (IoT) sector has resulted in a surge of interconnected gadgets in smart households, thus exposing them to new cyber-attack susceptibilities. This systematic literature review investigates machine learning methodologies for detecting malware in smart homes, with a specific emphasis on identifying common threats such as denial-of-service attacks, phishing efforts, and zero-day vulnerabilities. By examining 56 publications published from 2019 to 2023, this analysis uncovers that users are the weakest link and that there is a possibility of attackers disrupting home automation systems, stealing confidential information, or causing physical harm. Machine learning approaches, namely, deep learning and ensemble approaches, are emerging as effective tools for detecting malware. In addition, this analysis highlights prevention techniques, such as early threat detection systems, intrusion detection systems, and robust authentication procedures, as crucial measures for improving smart home security. This study offers significant insights for academics and practitioners aiming to protect smart home settings from growing cybersecurity threats by summarizing the existing knowledge. [ABSTRACT FROM AUTHOR]

Published

2024

29. LEDA—Layered Event-Based Malware Detection Architecture.

Author

Portase, Radu Marian, Portase, Raluca Laura, Colesa, Adrian, and Sebestyen, Gheorghe

Subjects

*ARCHITECTURAL design, *MACHINE learning, *MALWARE, *RANSOMWARE

Abstract

The rapid increase in new malware necessitates effective detection methods. While machine learning techniques have shown promise for malware detection, most research focuses on identifying malware through the content of executable files or full behavior logs collected from process start to finish. However, detecting threats like ransomware via full logs is redundant, as this malware type openly informs users of the infection. To address this, we present LEDA, a novel malware detection architecture designed to monitor process behavior during execution and to identify malicious actions in real time. LEDA dynamically learns the most relevant features for detection and optimally triggers model evaluations to minimize the performance impact perceived by users. We evaluated LEDA using a dataset of Windows malware and legitimate applications collected over a year, examining our model's temporal decay in effectiveness. [ABSTRACT FROM AUTHOR]

Published

2024

30. Explaining cybercrime victimization using a longitudinal population-based survey experiment. Are personal characteristics, online routine activities, and actual self-protective online behavior related to future cybercrime victimization?

Author

van 't Hoff-de Goede, M.S., van de Weijer, S., and Leukfeldt, R.

Subjects

*COMPUTER crimes, *CRIME victims, *INTERNET security

Abstract

With the increasing prevalence of cybercrime victimization there is a growing need for prevention. Previous studies have attempted to uncover risk factors associated with cybercrime victimization in the areas of personal characteristics and online routine activities. This article aims to take the field a step further by including actual self-protective online behavior, obtained through a population-based survey experiment (N = 1886), as a risk factor for cybercrime victimization. In wave 1 of our longitudinal design, personal characteristics, online routine activities, and actual self-protective online behavior concerning password strength, clicking behavior, sharing personal information, and handling phishing emails were measured. In wave 2, cybercrime victimization of several types of cyber-enabled and cyber-dependent cybercrimes was measured one year later. Results indicate that few personal characteristics, online routine activities, and self-protective online behaviors are related to the odds of becoming a cybercrime victim. This furthermore illustrates the heterogeneity of cybercrime victimization, since most significant factors only seem to be related to the risk of one particular type of cybercrime. These results indicate that to explain cybercrime victimization, the research field needs to shift its focus and adapt to new online developments. [ABSTRACT FROM AUTHOR]

Published

2024

31. Press play, install malware: a study of rhythm game-based malware dropping.

Author

Vasilellis, Efstratios, Gkionis, Grigoris, and Gritzalis, Dimitris

Subjects

*MUSICAL meter & rhythm, *CYBERTERRORISM, *MALWARE, *GAMIFICATION, *SMARTPHONES

Abstract

Malware remains a major cybersecurity threat, often evading traditional detection methods. This study builds on our previous research with Tetris to present a more efficient covert channel attack using a Trojanized version of the rhythm game "Guitar Hero". This new method delivers and executes malicious payloads in under 2.5 min, significantly faster than our previous Tetris-based approach. The engaging and musical nature of the rhythm game makes it more appealing to users, increasing the likelihood of attracting potential victims compared to the more monotonous Tetris. The attack encodes payloads into game levels, compelling users to make specific moves that unknowingly assemble malware on their devices, thereby evading detection. This study is the second to introduce gamification in malware transmission and the first to "force" user actions to achieve the objectives of the attacker. We provide a detailed analysis of this attack and suggest countermeasures, highlighting the necessity of human-based dynamic malware analysis and enhanced user awareness. Our findings underscore the evolving nature of cyber threats and the urgent need for innovative defensive strategies to address such sophisticated covert channel attacks. [ABSTRACT FROM AUTHOR]

Published

2024

32. Deep learning vs. adversarial noise: a battle in malware image analysis.

Author

Asmitha, K. A., Puthuvath, Vinod, Rafidha Rehiman, K. A., and Ananth, S. L.

Subjects

*MACHINE learning, *INFORMATION technology, *IMAGE analysis, *MALWARE, *FEATURE extraction, *DEEP learning

Abstract

The proliferation of malware variants has shown a steep increase, attributed to their enhanced sophistication and the utilization of the latest technologies. This constitutes a severe menace to smart gadgets and IT infrastructure. Malware visualization has emerged as an exceptionally attractive technique, primarily because it obviates the need for disassembly or code execution. In this approach, malicious executables are transformed into visual representations resembling images. This visual representation allows for the extraction of textural features using the Local Binary Pattern (LBP) technique. Subsequently, classification models are constructed using ResNet50, VGG16, and customized models tailored to the specific task. These model undergoes extensive evaluation through two benchmark datasets: the MalImg dataset (consisting of 9,342 instances of malware across 25 families) and the Malware Classification Challenge dataset (BIG2015) (with 10,868 labeled malware instances across nine families). Additionally, the model is validated on a self-made dataset, which we named Malhub, consisting of 26,452 executables comprising 20 families. Furthermore, we implemented a white-box adversarial attack using additive noise (Gaussian, Local Variable, Poisson, Salt and Pepper, Speckle). We observed an F1 score in the range of 0.992 - 0.993 for MalImg, 0.874 - 0.878 for BIG2015, and 0.014 - 0.992 for Malhub dataset. This proves that efforts are required to tune machine learning models to detect adversarial examples. [ABSTRACT FROM AUTHOR]

Published

2024

33. MalEXLNet:A semantic analysis and detection method of malware API sequence based on EXLNet model.

Author

Xuedong Mao, Yuntao Zhao, Yongxin Feng, and Yutao Hu

Subjects

POLYMORPHISM (Zoology), MALWARE, MACHINE performance, CYBERSPACE, ALGORITHMS, DEEP learning

Abstract

With the continuous advancements in malicious code polymorphism and obfuscation techniques, the performance of traditional machine learning-based detection methods for malware variant detection has gradually declined. Additionally, conventional pre-trained models could adequately capture the contextual semantic information of malicious code and appropriately represent polysemous words. To enhance the efficiency of malware variant detection, this paper proposes the MalEXLNet intelligent semantic analysis and detection architecture for malware. This architecture leverages malware API call sequences and employs an improved pre-training model for semantic vector representation, effectively utilizing the semantic information of API call sequences. It constructs a hybrid deep learning model, CBAM+AttentionBiLSTM, for training and classification prediction. Furthermore, incorporating the KMeansSMOTE algorithm achieves balanced processing of small sample data, ensuring the model maintains robust performance in detecting malicious variants from rare malware families. Comparative experiments on generalized datasets, Ember and Catak, the results show that the proposed MalEXLNet architecture achieves excellent performance in malware classification and detection tasks, with accuracies of 98.85% and 94.46% in the two datasets, and macro-averaged and micro-averaged metrics exceeding 98% and 92%, respectively. [ABSTRACT FROM AUTHOR]

Published

2024

34. Keylogger ve Gizlilik: Makine Öğrenimi Modellerinin Karşılaştırması.

Author

KIZILTEPE, Seher and GÜLBANDILAR, Eyyüp

Subjects

RANDOM forest algorithms, DECISION trees, MACHINE learning, SPYWARE (Computer software), CONFIDENTIAL communications

Abstract

Copyright of Afyon Kocatepe University Journal of Science & Engineering / Afyon Kocatepe Üniversitesi Fen Ve Mühendislik Bilimleri Dergisi is the property of Afyon Kocatepe University, Faculty of Science & Literature and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

35. ScanSavant: Malware Detection for Android Applications with Explainable AI.

Author

Navaneethan, S. and Kumar, S. Udhaya

Subjects

WEBSITE security, ARTIFICIAL intelligence, DATA protection, MALWARE, SQL

Abstract

Mobile devices face SQL injection, malware, and web-based threats. Current solutions lack real-time detection. This paper introduces an Android app with advanced algorithms for real-time threat scanning. During testing, our application detected 94% of SQL injection attempts, outperforming the 86% average detection rate in similar studies. For malware analysis, it achieved a 97% detection accuracy on a dataset of infected files, higher than the industry standard of 93%. Additionally, our app can detect 85 malware variants and assign 15 attributes (Trojan.Gen.8, Worm.Autorun, Adware.Elex, Spyware.Zbot, Ransom.Cryptolocker, Rootkit.ZeroAccess, Exploit.CVE-2017-0143, Virus.MSIL.CoinMiner, Trojan.Emotet, Backdoor. DarkComet, PUP.Optional.Conduit, Adware.MyWebSearch, Virus.Win32.Sality, Trojan.Win32. Necurs, and Ransom.WannaCry) to some malwares, providing detailed analysis for better threat management. The application effectively scans both EXE and APK files, ensuring comprehensive protection. When assessing website links, the application identified security risks with 96% accuracy, demonstrating its capability in managing web-based threats. This app detects SQL injections, analyses malware, and assesses website security, bolstering cyber defence with user-friendly features and top-notch threat mitigation. [ABSTRACT FROM AUTHOR]

Published

2024

36. Enhancing spyware detection by utilizing decision trees with hyperparameter optimization.

Author

Abualhaj, Mosleh M., Al-Shamayleh, Ahmad Sami, Munther, Alhamza, Alkhatib, Sumaya Nabil, Hiari, Mohammad O., and Anbar, Mohammed

Subjects

PYTHON programming language, DECISION trees, MACHINE learning, SPYWARE (Computer software), MALWARE

Abstract

In the realm of cybersecurity, spyware has emerged as a formidable adversary due to its persistent and stealthy nature. This study delves deeply into the multifaceted impact of spyware, meticulously examining its implications for individuals and organizations. This work introduces a systematic approach to spyware detection, leveraging decision trees (DT), a machine-learning classifier renowned for its analytical prowess. A pivotal aspect of this research involves the meticulous optimization of DT's hyperparameters, a critical operation for enhancing the precision of spyware threat identification. To evaluate the efficacy of the proposed methodology, the study employs the Obfuscated-MalMem2022 dataset, well-regarded for its comprehensive and detailed spyware-related data. The model is implemented using the Python programming language. Significantly, the findings of this study consistently demonstrate the superiority of the DT classifier over other methods. With an accuracy rate of 99.97%, the DT proves its exceptional effectiveness in detecting spyware, particularly in the face of more intricate threats. By advancing our understanding of spyware and providing a potent detection mechanism, this research equips cybersecurity professionals with a valuable tool to combat this persistent online menace. [ABSTRACT FROM AUTHOR]

Published

2024

37. Hybridized grasshopper optimization and cuckoo search algorithm for the classification of malware.

Author

Banumathi, Chandini Shivaramu and Rajendra, Ajjipura Basavegowda

Subjects

MALWARE, SEARCH algorithms, CLASSIFICATION algorithms, ANTI-malware (Computer software), RESEARCH personnel

Abstract

The classification and analysis of malicious software (malware) has reached a huge development in the systems associated with the internet. The malware exploits the system information and takes off the important information of the user without any intimation. Moreover, the malware furtively directs that information to the servers which are organized by the attackers. In recent years, many researchers and scientists discovered anti-malware products to identify known malware. But these methods are not robust to detect obfuscated and packed malware. To overcome these problems, the hybridized grasshopper optimization and cuckoo search (GOA-CSA) algorithm is proposed. The effective features are selected by the GOA-CSA algorithm which eases the process of classifying the malware. This research also utilized long short-term memory (LSTM)-softsign classifier to classify the malware. The malware samples are collected from the VXHeavens dataset which consists of malware samples from various software. The proposed model performance is estimated by using the performance metrics like accuracy, sensitivity, recall, and F1-score. The model attained better accuracy of 98.95% when the model is compared with other existing models. [ABSTRACT FROM AUTHOR]

Published

2024

38. Cyber–Physical Security Assessment for Maritime Vessels: Study on Drillship DP System Using American Petroleum Institute Security Risk Analysis and Bow-Tie Analysis.

Author

Progoulakis, Iosif, Dagkinis, Ioannis K., Dimakopoulou, Anastasia, Lilas, Theodoros, Nikitakos, Nikitas, and Psomas, Panagiotis M.

Subjects

INDUSTRIAL controls manufacturing, INFRASTRUCTURE (Economics), CYBERTERRORISM, INTERNET security, SECURITY systems, MARINE accidents

Abstract

The maritime industry's increasing integration of IT/OT systems into vessel operations has significantly elevated its exposure to cyber–physical threats, making the development of effective cyber risk management strategies a necessity. This paper provides an outlook of the current landscape of cyber security threats and vulnerabilities for the maritime sector and vessels. An outline of the relevant governmental and industry directives, standards, and guidelines for cyber security in maritime vessels is given. Considering maritime vessels as critical elements of the maritime critical infrastructure sector, a number of relevant cyber–physical security assessment methods are presented. Bridging cyber–physical security, process safety, and security, API SRA (American Petroleum Institute Security Risk Analysis) and BTA (Bow-Tie Analysis) are presented as the most applicable cyber–physical security assessment methods for complex maritime vessels, such as an offshore oil and gas drillship. The scenario of a cyber-attack on the Dynamic Positioning (DP) system of a drillship is presented with the use of API SRA and BTA. The difficulties in the implementation of NIST CSF v2.0 and IACS UR E26 and UR E27 in the maritime sector are also discussed. The need for intensified research on and the formulation of bespoke cyber security measures to mitigate the evolving cyber threats within the maritime domain is highlighted. The need for the allocation of training and resources for the reinforcement of the capacity of a maritime vessel's crew in the mitigation of cyber threats and safe maritime operations is emphasized. [ABSTRACT FROM AUTHOR]

Published

2024

39. An Improved Pre-Exploitation Detection Model for Android Malware Attacks.

Author

Al Besher, Hamad Saleh A., Bin Rohani, Mohd Fo'ad, and Saleh Al-rimy, Bander Ali

Subjects

FEATURE extraction, EXTRACTION techniques, SYSTEM identification, VECTOR spaces, MACHINE learning

Abstract

This paper presents an innovative approach to the early detection of Android malware, focusing on a dynamic pre-exploitation phase identification system. Traditional methods often rely on static thresholding to delineate the pre-exploitation phase of malware attacks, which can be insufficient due to the diverse behaviors exhibited by various malware families. This study introduces the Dynamic Pre-exploitation Boundary Definition and Feature Extraction (DPED-FE) system to address these limitations, which utilizes entropy for change detection, thus enabling more accurate and timely identification of potential threats before they reach the exploitation phase. A comprehensive analysis of the system's methodology is provided, including the use of vector space models with Kullback-Leibler divergence for dynamic boundary detection and advanced feature extraction techniques such as Weighted Term Frequency- Inverse Document Frequency (WF-IDF) to enhance its predictive capabilities. The experimental results demonstrate the superior performance of DPED-FE compared to traditional methods, highlighting its effectiveness in real-world scenarios. [ABSTRACT FROM AUTHOR]

Published

2024

40. Malware Detection Using Dual Siamese Network Model.

Author

An, ByeongYeol, Yang, JeaHyuk, Kim, Seoyeon, and Kim, Taeguen

Subjects

RECURRENT neural networks, CONVOLUTIONAL neural networks, INTERNET security, GRAYSCALE model, MALWARE

Abstract

This paper proposes a new approach to counter cyberattacks using the increasingly diverse malware in cyber security. Traditional signature detection methods that utilize static and dynamic features face limitations due to the continuous evolution and diversity of new malware. Recently, machine learning-based malware detection techniques, such as Convolutional Neural Networks (CNN) and Recurrent Neural Networks (RNN), have gained attention. While these methods demonstrate high performance by leveraging static and dynamic features, they are limited in detecting new malware or variants because they learn based on the characteristics of existing malware. To overcome these limitations, malware detection techniques employing One-Shot Learning and Few-Shot Learning have been introduced. Based on this, the Siamese Network, which can effectively learn from a small number of samples and perform predictions based on similarity rather than learning the characteristics of the input data, enables the detection of new malware or variants. We propose a dual Siamese network-based detection framework that utilizes byte images converted from malware binary data to grayscale, and opcode frequency-based images generated after extracting opcodes and converting them into 2-gram frequencies. The proposed framework integrates two independent Siamese network models, one learning from byte images and the other from opcode frequency-based images. The detection models trained on the different kinds of images generated separately apply the L1 distance measure to the output vectors the models generate, calculate the similarity, and then apply different weights to each model. Our proposed framework achieved a malware detection accuracy of 95.9% and 99.83% in the experiments using different malware datasets. The experimental results demonstrate that our malware detection model can effectively detect malware by utilizing two different types of features and employing the dual Siamese network-based model. [ABSTRACT FROM AUTHOR]

Published

2024

41. Novel Multi-Classification Dynamic Detection Model for Android Malware Based on Improved Zebra Optimization Algorithm and LightGBM.

Author

Zhou, Shuncheng, Li, Honghui, Fu, Xueliang, Han, Daoqi, and He, Xin

Subjects

*OPTIMIZATION algorithms, *MACHINE learning, *MALWARE, *DYNAMIC models, *ZEBRAS

Abstract

With the increasing popularity of Android smartphones, malware targeting the Android platform is showing explosive growth. Currently, mainstream detection methods use static analysis methods to extract features of the software and apply machine learning algorithms for detection. However, static analysis methods can be less effective when faced with Android malware that employs sophisticated obfuscation techniques such as altering code structure. In order to effectively detect Android malware and improve the detection accuracy, this paper proposes a dynamic detection model for Android malware based on the combination of an Improved Zebra Optimization Algorithm (IZOA) and Light Gradient Boosting Machine (LightGBM) model, called IZOA-LightGBM. By introducing elite opposition-based learning and firefly perturbation strategies, IZOA enhances the convergence speed and search capability of the traditional zebra optimization algorithm. Then, the IZOA is employed to optimize the LightGBM model hyperparameters for the dynamic detection of Android malware multi-classification. The results from experiments indicate that the overall accuracy of the proposed IZOA-LightGBM model on the CICMalDroid-2020, CCCS-CIC-AndMal-2020, and CIC-AAGM-2017 datasets is 99.75%, 98.86%, and 97.95%, respectively, which are higher than the other comparative models. [ABSTRACT FROM AUTHOR]

Published

2024

42. MPSD: A Robust Defense Mechanism against Malicious PowerShell Scripts in Windows Systems.

Author

Wu, Min-Hao, Hsu, Fu-Hau, Hunag, Jian-Hong, Wang, Keyuan, Liu, Yen-Yu, Chen, Jian-Xin, Wang, Hao-Jyun, and Yang, Hao-Tsung

Subjects

ANTI-malware (Computer software), CYBERTERRORISM, MALWARE, SCRIPTS, CANARIES

Abstract

This manuscript introduces MPSD (Malicious PowerShell Script Detector), an advanced tool to protect Windows systems from malicious PowerShell commands and scripts commonly used in fileless malware attacks. These scripts are often hidden in Office document macros or downloaded remotely via PowerShell, posing significant threats to corporate networks. A 2018 report revealed that 77% of successful cyberattacks involved fileless malware, with PowerShell being the primary attack method, as highlighted in Red Canary's 2022 report. To counter these threats, MPSD leverages the Antimalware Scan Interface (AMSI) to intercept and analyze real-time PowerShell scripts, preventing their execution. It further utilizes VirusTotal to filter out malicious scripts. Unlike traditional methods that rely on direct access to scripts, MPSD detects them before execution, addressing the challenge of hidden or obfuscated scripts. Experimental results show that MPSD outperforms well-known antivirus engines, with a low false-negative rate of 1.83%. MPSD is highly effective against evasion techniques like concatenation, encoding, and reordering, making it a robust tool in the cybersecurity landscape. [ABSTRACT FROM AUTHOR]

Published

2024

43. Dual Convolutional Malware Network (DCMN): An Image-Based Malware Classification Using Dual Convolutional Neural Networks.

Author

Al-Masri, Bassam, Bakir, Nader, El-Zaart, Ali, and Samrouth, Khouloud

Subjects

CONVOLUTIONAL neural networks, IMAGE recognition (Computer vision), DEEP learning, GRAYSCALE model, MALWARE

Abstract

Malware attacks have a cascading effect, causing financial harm, compromising privacy, operations and interrupting. By preventing these attacks, individuals and organizations can safeguard the valuable assets of their operations, and gain more trust. In this paper, we propose a dual convolutional neural network (DCNN) based architecture for malware classification. It consists first of converting malware binary files into 2D grayscale images and then training a customized dual CNN for malware multi-classification. This paper proposes an efficient approach for malware classification using dual CNNs. The model leverages the complementary strengths of a custom structure extraction branch and a pre-trained ResNet-50 model for malware image classification. By combining features extracted from both branches, the model achieved superior performance compared to a single-branch approach. [ABSTRACT FROM AUTHOR]

Published

2024

44. Deep-Learning-Based Approach for IoT Attack and Malware Detection.

Author

Taşcı, Burak

Subjects

CONVOLUTIONAL neural networks, DEEP learning, INTERNET of things, MALWARE

Abstract

The Internet of Things (IoT), introduced by Kevin Ashton in the late 1990s, has transformed technology usage globally, enhancing efficiency and convenience but also posing significant security challenges. With the proliferation of IoT devices expected to exceed 29 billion by 2030, securing these devices is crucial. This study proposes an optimized 1D convolutional neural network (1D CNN) model for effectively classifying IoT security data. The model architecture includes input, convolutional, self-attention, and output layers, utilizing GELU activation, dropout, and normalization techniques to improve performance and prevent overfitting. The model was evaluated using the CIC IoT 2023, CIC-MalMem-2022, and CIC-IDS2017 datasets, achieving impressive results: 98.36% accuracy, 100% precision, 99.96% recall, and 99.95% F1-score for CIC IoT 2023; 99.90% accuracy, 99.98% precision, 99.97% recall, and 99.96% F1-score for CIC-MalMem-2022; and 99.99% accuracy, 99.99% precision, 99.98% recall, and 99.98% F1-score for CIC-IDS2017. These outcomes demonstrate the model's effectiveness in detecting and classifying various IoT-related attacks and malware. The study highlights the potential of deep-learning techniques to enhance IoT security, with the developed model showing high performance and low computational overhead, making it suitable for real-time applications and resource-constrained devices. Future research should aim at testing the model on larger datasets and incorporating adaptive learning capabilities to further enhance its robustness. This research significantly contributes to IoT security by providing advanced insights into deploying deep-learning models, encouraging further exploration in this dynamic field. [ABSTRACT FROM AUTHOR]

Published

2024

45. CAIMP: Cross-Architecture IoT Malware Detection and Prediction Based On Static Feature.

Author

Dung, Luong The, Toan, Nguyen Ngoc, and Phu, Tran Nghi

Subjects

*INTERNET of things, *MALWARE, *MACHINE learning, *ARCHITECTURE, *ROBUST statistics

Abstract

IoT malware and cross-platform malware are currently the top threats to information systems. This paper proposes a robust cross-architecture IoT malware detection and prediction model based on machine learning and opcode features using a novel approach. In our method, a feature opcode transformation model between chip architecture platforms is proposed to facilitate the process of building a detection model for cross-architecture malware on IoT devices. The feature transformation model is capable of converting opcodes between different architecture platforms using an unsupervised machine learning approach. In our approach, a machine learning model is used for the detection of cross-platform malware based on the proposed opcode features. Experiments have demonstrated that our method is effective in detecting and predicting cross-platform malware with an accuracy of up to 99.4% and an F1-score of 99.3%. The method is capable of learning on one architecture platform and detecting malware on a different architecture platform. Therefore, the method can be used to develop cross-architecture detection and zero-day malware prediction solutions on IoT devices. [ABSTRACT FROM AUTHOR]

Published

2024

46. Malware Identification Method in Industrial Control Systems Based on Opcode2vec and CVAE-GAN.

Author

Huang, Yuchen, Liu, Jingwen, Xiang, Xuanyi, Wen, Pan, Wen, Shiyuan, Chen, Yanru, Chen, Liangyin, and Zhang, Yuanyuan

Subjects

*INDUSTRIAL controls manufacturing, *CONVOLUTIONAL neural networks, *MACHINE learning, *MALWARE, *INTERNET security

Abstract

Industrial Control Systems (ICSs) have faced a significant increase in malware threats since their integration with the Internet. However, existing machine learning-based malware identification methods are not specifically optimized for ICS environments, resulting in suboptimal identification performance. In this work, we propose an innovative method explicitly tailored for ICSs to enhance the performance of malware classifiers within these systems. Our method integrates the opcode2vec method based on preprocessed features with a conditional variational autoencoder–generative adversarial network, enabling classifiers based on Convolutional Neural Networks to identify malware more effectively and with some degree of increased stability and robustness. Extensive experiments validate the efficacy of our method, demonstrating the improved performance of malware classifiers in ICSs. Our method achieved an accuracy of 97.30%, precision of 92.34%, recall of 97.44%, and F1-score of 94.82%, which are the highest reported values in the experiment. [ABSTRACT FROM AUTHOR]

Published

2024

47. A Deep Learning Method for the Security Vulnerability Study of Feed-Forward Physical Unclonable Functions.

Author

Alkatheiri, Mohammed Saeed, Aseeri, Ahmad O., and Zhuang, Yu

Subjects

*DEEP learning, *PHYSICAL mobility, *MACHINE learning, *MALWARE, *SECURITY management

Abstract

Authentication is critical for Internet-of-Things. The traditional approach of using cryptographic keys is subject to invasive attacks. Being unclonable even by the manufacturers, physical unclonable functions (PUFs) leverage integrated circuits' manufacturing variations to produce responses unique for individual devices, and hence are of great potential as security primitives. While physically unclonable, many PUFs were reported to be mathematically cloneable by machine learning-based modeling methods. The feed-forward arbiter PUFs (FF PUFs) are among the PUFs with strong resistance against machine learning attacks. Existing studies revealed that only a very small group of FF PUFs with special loop patterns had been broken, and the vast majority of FF PUFs are still secure against all machine learning attack methods tried so far. In this paper, we introduce a neural network that can successfully attack FF PUFs with any loop patterns, with training time even magnitudes lower than existing methods attacking PUFs of the restrictive loop patterns. Experimental results show that, on the one hand, FF PUFs are not secure against attacks even with a large number of complex feed-forward loops, hence susceptible to attacks by response-prediction-based malicious software. On the other hand, the new approach of designing problem-tailored attack methods points to a new way to identify PUF security risks which might be difficult to discover by general-purpose machine learning methods. [ABSTRACT FROM AUTHOR]

Published

2024

48. FSSDroid: Feature subset selection for Android malware detection.

Author

Polatidis, Nikolaos, Kapetanakis, Stelios, Trovati, Marcello, Korkontzelos, Ioannis, and Manolopoulos, Yannis

Subjects

*FEATURE selection, *SUBSET selection, *DATA security, *MALWARE

Abstract

Android malware has become an increasingly important threat to individuals, organizations, and society, posing significant risks to data security, privacy, and infrastructure. As malware evolves in sophistication and complexity, the detection and mitigation of these malicious software instances have become more challenging and time consuming since the required number of features to identify potential malware can be very high. To address this issue, we have developed an effective feature selection methodology for malware detection in Android. The critical concern in the field of malware detection is the complexity of algorithms and the use of features that are used to detect malware. The present paper delivers a methodology for pre-processing datasets to select the most optimal features that will allow detecting malware, while maintaining very high accuracy. The proposed methodology has been tested on two real world datasets and the results indicate that the number of features is significantly reduced from 489 to between 19 and 28 for the first dataset and from 9503 to between 9 and 27 for the second dataset, whilst the accuracy is maintained as if all features were used. [ABSTRACT FROM AUTHOR]

Published

2024

49. Cobalt Strike: A Cyber Assessment Challenge.

Author

Wray, Nathan R. and Phipps, Sean

Subjects

INTERNET security, SOFTWARE development tools, MALWARE

Abstract

Assessment of cyber tooling serves a critical role in the procurement process of red team tools; however, once a tool is vetted and approved for use by a red team, it is then incorporated into their steady state operations. As a result, approved tools may not undergo routine in-depth cyber assessments as newer versions are released. This presents a major concern for the red team community as new versions can change the operational security of those tools. Similarly, cyber defenders – either through lack of training or limited resources – have been known to upload red team payloads to commercial malware analysis platforms, which inadvertently releases potentially sensitive information about red team operations. In this paper, we discuss red team cyber tooling, in-depth analysis into Cobalt Strike versions 4.8+, and provide recommendations on evaluating cyber tooling. [ABSTRACT FROM AUTHOR]

Published

2024

50. ANFIS-AMAL: Android Malware Threat Assessment Using Ensemble of ANFIS and GWO.

Author

Nwasra, Nedal, Daoud, Mohammad, and Qaisar, Zahid Hussain

Subjects

GREY Wolf Optimizer algorithm, FEATURE selection, MALWARE

Abstract

The Android malware has various features and capabilities. Various malware has distinctive characteristics. Ransomware threatens financial loss and system lockdown. This paper proposes a threat-assessing approach using the Grey Wolf Optimizer (GWO) to train and tune the Adaptive Neuro-Fuzzy Inference System (ANFIS) to categorize Android malware accurately. GWO improves efficiency and efficacy in ANFIS training and learning for Android malware feature selection and classification. Our approach categorizes Android malware as a high, moderate, or low hazard. The proposed approach qualitatively assesses risk based on critical features and threats. Our threat-assessing mechanism's scale categorizes Android malware. The proposed approach resolves the issue of overlapping features in different types of malware. Comparative results with other classifiers show that the ensemble of GWO is effective in the training and learning process of ANFIS and thus achieves 95% F-score, 94% specificity, and 94% accuracy. The ensemble makes fast learning possible and improves classification accuracy. [ABSTRACT FROM AUTHOR]

Published

2024