Your search keyword '"MALWARE prevention"' showing total 1,339 results

1. ESET Home Security Premium: Offers malware prevention, plus excellent level of customization.

Author

BARYLICK, CHRIS

Subjects

*PASSWORD software, *MALWARE prevention, *SOLID state drives, *HOME security measures, *COMPUTER software industry, *COMPUTER passwords

Abstract

ESET Home Security Premium is a software developed by Slovakian company ESET that offers antiviral and malware protection, as well as other features such as a password manager and encryption tool. While the software performs its primary task well, there are several bugs that need to be fixed. Some issues include long scan times, a lack of progress bar during scans, and missing features like the promised password manager and encryption tool. Other applications may be more reliable and worth considering. [Extracted from the article]

Published

2024

2. Securing the Web

Author

Ruchi Sharma, Bhag Dei Thakur, Neelam Kaushik, and Purnima Chauhan

Subjects

forensic science, cybersecurity, look-alike domains, open-source intelligence, domain analysis, phishing detection, malware prevention, Criminal law and procedure, K5000-5582, Cybernetics, Q300-390

Abstract

In an era characterized by the ubiquity of the internet, the proliferation of online services, and the increasing frequency of cyber threats, the detection of look-alike domains has become a critical component of cybersecurity. The current paper presents an approach for the detection of look-alike domains, leveraging the power of open-source intelligence (OSINT) tools. It included gathering and analyzing a wide range of publicly available data sources, including permutations, WHOIS records, IP information, website content, Geo IP, similarity percentage, name server, and mail server records, and building a comprehensive profile of domains under investigation. Through the application of online search engines, patterns and features that distinguish legitimate domains from their deceptive counterparts were established. The analysis demonstrated that OSINT tools provided significant information about the sample domains and successfully detected 1598 registered look-alike domains among 10 sample domains using dnstwist, while OpenSquat identified 103 squatting domains, 960 active phishing websites, and 53 domains with suspicious certificates across five sample websites. The research contributes to the enhancement of cybersecurity practices by providing a cost-effective and scalable solution for identifying look-alike domains, which can serve as precursors to various online threats, including phishing attacks, malware distribution, and fraud.

Published

2024

3. INTELLIGENT METHODS IN CYBER DEFENCE: MACHINE LEARNING BASED PHISHING ATTACK DETECTION ON WEB PAGES.

Author

GÜRFİDAN, Remzi

Subjects

WEBSITES, PHISHING prevention, MACHINE learning, PHISHING, MALWARE prevention, EMAIL security, INTELLIGENT transportation systems, INTERNET users

Abstract

Copyright of SDU Journal of Engineering Sciences & Design / Mühendislik Bilimleri ve Tasarım Dergisi is the property of Journal of Engineering Sciences & Design and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

4. African Vulture Optimization-Based Decision Tree (AVO-DT): An Innovative Method for Malware Identification and Evaluation through the Application of Meta-Heuristic Optimization Algorithm.

Author

Kaithal, Praveen Kumar and Sharma, Varsha

Subjects

METAHEURISTIC algorithms, DECISION trees, VULTURES, CYBERTERRORISM, MALWARE prevention, INTERNET security, MALWARE

Abstract

Malware remains a big threat to cyber security, calling for machine learning-based malware detection. Malware variations exhibit common behavioral patterns indicative of their source and intended use to enhance the existing framework's usefulness. Here we present a novel model, i.e., African Vulture Optimization-based Decision Tree (AVO-DT) to increase the overall optimization. The datasets from Android apps and malware software train the AVO-DT model. After training, the datasets are pre-processed by removing training errors. The DT algorithm is used by the developed AVO model to carry out the detection procedure and predict malware activity. To detect malware activities and improve accuracy, such an AVO-DT model technique employs both static and dynamic methodologies. The other measurements on Android applications might be either malicious or benign. Here we also developed malware prevention and detection systems to address ambiguous search spaces in multidimensionality difficulties and resolve optimization challenges. [ABSTRACT FROM AUTHOR]

Published

2024

5. Benchmarking Android Malware Analysis Tools.

Author

Bermejo Higuera, Javier, Morales Moreno, Javier, Bermejo Higuera, Juan Ramón, Sicilia Montalvo, Juan Antonio, Barreiro Martillo, Gustavo Javier, and Sureda Riera, Tomas Miguel

Subjects

MOBILE operating systems, ARTIFICIAL intelligence, MACHINE learning, MALWARE prevention

Abstract

Today, malware is arguably one of the biggest challenges organisations face from a cybersecurity standpoint, regardless of the types of devices used in the organisation. One of the most malware-attacked mobile operating systems today is Android. In response to this threat, this paper presents research on the functionalities and performance of different malicious Android application package analysis tools, including one that uses machine learning techniques. In addition, it investigates how these tools streamline the detection, classification, and analysis of malicious Android Application Packages (APKs) for Android operating system devices. As a result of the research included in this article, it can be highlighted that the AndroPytool, a tool that uses machine learning (ML) techniques, obtained the best results with an accuracy of 0.986, so it can be affirmed that the tools that use artificial intelligence techniques used in this study are more efficient in terms of detection capacity. On the other hand, of the online tools analysed, Virustotal and Pithus obtained the best results. Based on the above, new approaches can be suggested in the specification, design, and development of new tools that help to analyse, from a cybersecurity point of view, the code of applications developed for this environment. [ABSTRACT FROM AUTHOR]

Published

2024

6. Visualising Static Features and Classifying Android Malware Using a Convolutional Neural Network Approach.

Author

Kiraz, Ömer and Doğru, İbrahim Alper

Subjects

CONVOLUTIONAL neural networks, MALWARE, MALWARE prevention

Abstract

Android phones are widely recognised as the most popular mobile phone operating system. Additionally, tasks like browsing the internet, taking pictures, making calls, and sending messages may be completed with ease in daily life because of the functionality that Android phones offer. The number of situations in which users are harmed by unauthorised access to data emerging from these processes is growing daily. Because the Android operating system is open source and generated applications are not thoroughly reviewed before being released onto the market, this scenario has been the primary focus of hackers. Therefore, technologies to distinguish between malware and benign Android applications are required. CNN-based techniques are proven to produce important and successful outcomes when applied to Android malware detection on images. The CICMalDroid 2020 dataset, which is currently utilised in the literature, was used for this purpose. The features of the apps in the dataset were obtained using the AndroPyTool tool, and faster analysis files of 17,089 Android applications were obtained using the parallel execution technique. Permissions, intents, receivers, and services were used as static analysis features in this article. After these features were obtained, as data preprocessing, the ones with a grand total equal to 1 for each feature in the whole dataset were excluded in order to exclude the features that were specially created by the applications themselves. For each of the features specified for each application, a comma-separated text was obtained according to the usage status of the application. The BERT method was used to digitise the pertinent texts in order to create a unique embedding vector for every feature. Following the digitisation of the vectors, picture files were produced based on the length of each feature. To create a single image file, these image files were combined side by side. Finally, these image files were classified with CNNs. Experimental results were obtained by applying CNNs to the dataset used in the study. As a result of the experiments, a CNN with two outputs provided the highest performance with an accuracy of 91%, an F1-score of 89%, a Recall of 90%, and a Precision of 91%. [ABSTRACT FROM AUTHOR]

Published

2024

7. A survey on run-time packers and mitigation techniques.

Author

Alkhateeb, Ehab, Ghorbani, Ali, and Habibi Lashkari, Arash

Subjects

*REVERSE engineering, *EXTRACTION techniques, *FEATURE extraction, *MACHINE learning, *MALWARE, *MALWARE prevention

Abstract

The battle between malware analysts and malware authors is a never-ending challenge with the advent of complex malware such as polymorphic, metamorphic, and packed malware. A malware packer uses various techniques combined with file encryption to harden against reverse engineering of the program and hinder the analysis of program behaviors. In any case, substantial elements have emerged after more than a decade of continuous research in malware packer detection, such as multi-packing. Newly modified packers have this persistent problem, which demands new concepts and techniques. This study aims to provide a systematic and comprehensive review of run-time packers' mitigation techniques. We provide different types of packers and propose a malware packer handling life cycle for AV engines. Furthermore, we deliver a modern malware packers classification features set by examining the feature engineering in the packing handling life-cycle, such as feature extraction techniques in machine learning approaches. Also, we present extensive related works and discuss each work's benefits and weaknesses to address this problem, with a particular emphasis on packers identification techniques, to aid in unpacking malware. Finally, we identify the current gaps in knowledge and provide ideas about future work. [ABSTRACT FROM AUTHOR]

Published

2024

8. A novel application of the CORAS framework for ensuring cyber hygiene on shipboard RADAR.

Author

Kayisoglu, Gizem, Bolat, Pelin, and Tam, Kimberly

Subjects

*INFORMATION technology, *RADAR, *INTERNET security, *ELECTRONIC systems, *RADIO waves, *HYGIENE, *MALWARE prevention

Abstract

Radio Detection and Ranging (RADAR) equipment is a significant information and navigational system onboard vessels and a critical part of a ship's cyber space. It is an electronic system used not only for detecting surrounding objects, to indicate their positions, and tracking targets using radio waves, but also providing safe navigation by receiving and displaying data from other navigational devices. Therefore, it is concerning to see that marine RADAR systems have various cyber vulnerabilities, including data deletion and data relocation. These systems can be manipulated and penetrated via malicious software, unauthorised remote access, human error, or sabotage by internal and external attackers. This is critical to the cyber hygiene of the ship, which affects its reliability and safety. This study performs a cyber risk assessment using the CORAS framework for RADAR cyber security by developing case-based RADAR cyber scenarios in terms of both its specific information technology subsystems and the cyber security control measures. The output of this study includes a holistic and visual assessment of RADAR's cyber security for both its cyber vulnerabilities and cyber hygiene to better protect shipboard RADAR in the future. [ABSTRACT FROM AUTHOR]

Published

2024

9. Ransomware malware: Attacks and preventions.

Author

Vistro, Daniel Mago, Hassan, Taimoor, and Ullah, Zaka

Subjects

*RANSOMWARE, *MALWARE prevention, *ANTIVIRUS software, *RANSOM, *BEST practices, *INDIAN rupee

Abstract

Ransomware attacks are rapidly crowned threat to the corporate and individual data files. It encrypts the folders on infected computers that holds the important keys to decrypt those files until those victims pay to ransom attack These malwares are responsible for millions of rupees in losses annually because of the huge quantities of the cash to be earned brand new releases seem fast. This permit avoiding the antivirus and additional programs Intrusion Detections Method We present a short history of the ransom program the argument that is against the ransom it should be best practice to prevent infection and recover from infection once happens. [ABSTRACT FROM AUTHOR]

Published

2024

10. Preventing malware propagation in wireless sensor networks: Hybrid optimization algorithm for controlling.

Author

Chandan, Madhavarapu, Santhi, S.G., and Srinivasa Rao, T.

Abstract

Malware transmission is a significant security issue in WSN, however, the influence of the attack and defensive processes on malware propagation is rarely taken into account in traditional malware propagation prevention methods. Advanced methods are in need to stop the propagation of malware of sensor nodes. With the formulation of representing dynamics among states, a new decision-making problem as the optimal control problem via hybrid optimization algorithm. The proposing model is termed as Butterfly Updated Bald Eagle Optimization based Prevention of Malware Propagation in Wireless Sensor Network (BUBEO-PMPWSN). In the proposed controlling system, optimal system parameters are analyzed via the BUBEO for preventing malware propagation in WSN. Particularly, the sensor node states considered are Susceptible, Infectious, Infectious and sleeping, recovered, Recovered and sleeping, and finally Dead. The system parameter tuning will be under the evaluation of fitness calculation under probability of infectious sensor node becoming recovered and the probability of infectious sensor node entering sleeping state. This optimal tuning strategy ensures the preventing of malware propagation. Finally, the performance of proposed BUBEO-PMPWSN model is evaluated and validated successfully by comparing other state-of-the-art models. The BUBEO-PMPWSN achieved 250 recovered nodes for time 500, while the HGS, BOA, HBA, COOT, and HHO scored 123, 115, 236, 172, and 180, respectively, for recovered nodes. [ABSTRACT FROM AUTHOR]

Published

2024

11. Federated malware detection based on many‐objective optimization in cross‐architectural IoT.

Author

Zhang, Zhigang, Zhang, Zhixia, and Cui, Zhihua

Subjects

MALWARE, INTERNET of things, BLOOM'S taxonomy, MALWARE prevention, FEDERATED learning

Abstract

Summary: With the rising adoption of the Internet of Things (IoT) across a variety of industries, malware is increasingly targeting the large number of IoT devices that lack adequate protection. Malware hunting is challenging in the IoT due to the variety of instruction set architectures of devices, as shown by the differences in the relevant characteristics of malware on different platforms. There are also serious concerns about resource utilization and privacy leaks in the development of conventional detection models. This study suggests a novel federated malware detection framework based on many‐objective optimization (FMDMO) for the IoT to overcome the problems. First, the framework provides a cross‐platform compatible basis with the federated mechanism as the backbone, while avoiding raw data sharing to improve privacy protection. Second, an intelligent optimization‐based client selection method is designed for four objectives: learning performance, architectural selection deviation, time consumption, and training stability, which leads malware detection to retain a high degree of cross‐architectural generalization while enhancing training efficiency. Based on a large IoT malware dataset we constructed, containing 62,515 malware samples across seven typical architectures, the FMDMO is evaluated comprehensively in three scenarios. The experimental results demonstrate the FMDMO substantially enhances the model's cross‐platform detection performance while preserving effective training and flexibility. [ABSTRACT FROM AUTHOR]

Published

2024

12. Speculative Taint Tracking (STT): A Comprehensive Protection for Speculatively Accessed Data.

Author

Jiyong Yu, Mengjia Yan, Khyzha, Artem, Morrison, Adam, Torrellas, Josep, and Fletcher, Christopher W.

Subjects

*COMPUTER security, *DATA protection, *MALWARE prevention, *COMPUTER architecture, *COMPUTER performance

Abstract

Speculative execution attacks present an enormous security threat, capable of reading arbitrary program data under malicious speculation, and later exfiltrating that data over microarchitectural covert channels. This paper proposes speculative taint tracking (STT), a high security and high performance hardware mechanism to block these attacks. The main idea is that it is safe to execute and selectively forward the results of speculative instructions that read secrets, as long as we can prove that the forwarded results do not reach potential covert channels. The technical core of the paper is a new abstraction to help identify all microarchitectural covert channels, and an architecture to quickly identify when a covert channel is no longer a threat. We further conduct a detailed formal analysis on the scheme in a companion document. When evaluated on SPEC06 workloads, STT incurs 8.5% or 14.5% performance overhead relative to an insecure machine. [ABSTRACT FROM AUTHOR]

Published

2021

13. Black box malware adversarial examples generation method based on SNGAN.

Author

ZHANG Yu-Ke and WANG Jun-Feng

Subjects

MACHINE learning, MALWARE, MALWARE prevention, PROBLEM solving

Abstract

Currently, machine learning-based detectors are widely used to handle millions of Android malware, but they often suffer from poor anti-adversarial attack abilities. The research on the adversarial examples generation method of malware is helpful to promote the development of the field of malware detection. The adversarial examples generation technology in the black-box scenario is more in line with the real environment, but the effect is not good compared with the white-box scenario. To solve this problem, this paper proposes a black box malware adversarial examples generation method based on SNGAN, migrating the SNGAN approach to the malware domain from the image domain, adversarial examples are generated by the network of generator and replace detector iterative training, the training process is stabilized by spectral normalization. The proposed method can cheat the machine learning detectors by adding disturbance to the existing malware. Experimental results show that our method can avoid detection effectively from a variety of machine learning classifiers, and the feasibility and portability of the method are verified. [ABSTRACT FROM AUTHOR]

Published

2023

14. A Kullback-Liebler divergence-based representation algorithm for malware detection.

Author

Aboaoja, Faitouri A., Zainal, Anazida, Ghaleb, Fuad A., Alghamdi, Norah Saleh, Saeed, Faisal, and Alhuwayji, Husayn

Subjects

ALGORITHMS, DIGITAL technology, DISTRIBUTION (Probability theory), MALWARE, FALSE alarms, CYBERSPACE, MALWARE prevention

Abstract

Background. Malware, malicious software, is the major security concern of the digital realm. Conventional cyber-security solutions are challenged by sophisticated malicious behaviors. Currently, an overlap between malicious and legitimate behaviors causes more difficulties in characterizing those behaviors as malicious or legitimate activities. For instance, evasive malware often mimics legitimate behaviors, and evasion techniques are utilized by legitimate and malicious software. Problem. Most of the existing solutions use the traditional term of frequency-inverse document frequency (TF-IDF) technique or its concept to represent malware behaviors. However, the traditional TF-IDF and the developed techniques represent the features, especially the shared ones, inaccurately because those techniques calculate a weight for each feature without considering its distribution in each class; instead, the generated weight is generated based on the distribution of the feature among all the documents. Such presumption can reduce the meaning of those features, and when those features are used to classify malware, they lead to a high false alarms. Method. This study proposes a Kullback-Liebler Divergence-based Term Frequency-Probability Class Distribution (KLD-based TF-PCD) algorithm to represent the extracted features based on the differences between the probability distributions of the terms in malware and benign classes. Unlike the existing solution, the proposed algorithm increases the weights of the important features by using the Kullback-Liebler Divergence tool to measure the differences between their probability distributions in malware and benign classes. Results. The experimental results show that the proposed KLD-based TF-PCD algorithm achieved an accuracy of 0.972, the false positive rate of 0.037, and the F-measure of 0.978. Such results were significant compared to the related work studies. Thus, the proposed KLD-based TF-PCD algorithm contributes to improving the security of cyberspace. Conclusion. New meaningful characteristics have been added by the proposed algorithm to promote the learned knowledge of the classifiers, and thus increase their ability to classify malicious behaviors accurately. [ABSTRACT FROM AUTHOR]

Published

2023

15. Analyzing the potential benefits and use cases of ChatGPT as a tool for improving the efficiency and effectiveness of business operations.

Author

Raj, Rohit, Singh, Arpit, Kumar, Vimal, and Verma, Pratima

Subjects

CHATGPT, ARTIFICIAL intelligence in business, CHATBOTS, DATA security, MALWARE prevention

Abstract

The study addresses the potential benefits for companies of adopting ChatGPT, a popular chatbot built on a largescale transformer-based language model known as a generative pre-trained transformer (GPT). Chatbots like ChatGPT may improve customer service, handle several client inquiries at once, and save operational costs. Moreover, ChatGPT may automate regular processes like order tracking and billing, allowing human employees to focus on more complex and strategic responsibilities. Nevertheless, before deploying ChatGPT, enterprises must carefully analyze its use cases and restrictions, as well as its strengths and disadvantages. ChatGPT, for example, requires training data that is particular to the business domain and might produce erroneous and ambiguous findings. The study identifies areas of deployment of ChatGPT's possible benefits in enterprises by drawing on the literature that is currently accessible on ChatGPT, massive language models, and artificial intelligence. Then, using the PSI (Preference Selection Index) and COPRAS (Complex Proportional Assessment) approaches, potential advantages are taken into account and prioritized. By highlighting current trends and possible advantages in the industry, this editorial seeks to provide insight into the present state of employing ChatGPT in enterprises and research. ChatGPT may also learn biases from training data and create replies that reinforce those biases. As a result, enterprises must train and fine-tune ChatGPT to specific operations, set explicit boundaries and limitations for its use, and implement appropriate security measures to avoid malicious input. The study highlights the research gap in the dearth of literature by outlining ChatGPT's potential benefits for businesses, analyzing its strengths and limits, and offering insights into how organizations might use ChatGPT's capabilities to enhance their operations. [ABSTRACT FROM AUTHOR]

Published

2023

16. "One question I'm often asked is how secure it is to put all your password eggs in one basket".

Author

Winder, Davey

Subjects

COMPUTER passwords, MULTI-factor authentication, SOCIAL engineering (Fraud), PASSWORD software, INFORMATION technology, MALWARE prevention, DATA encryption

Abstract

This article discusses the importance of password security and the potential vulnerabilities associated with using passwords. It highlights a breach at Comcast Cable Communications, where millions of customer passwords were stolen. The article also explores the use of password managers as a solution for creating and managing secure passwords. Additionally, it introduces the concept of passkeys as a potential replacement for passwords, which offer improved security and user-friendliness. The article concludes with an interview with 1Password's chief product officer, who discusses the advantages and challenges of implementing passkeys. [Extracted from the article]

Published

2024

17. RealMalSol: real-time optimized model for Android malware detection using efficient neural networks and model quantization.

Author

Chaudhary, Maham and Masood, Ammar

Subjects

*EMULATION software, *MALWARE, *MALWARE prevention, *DATA privacy

Abstract

Android is currently the most dominant platform in the market in comparison with all other operating systems (OS) such as iOS, Windows, and Blackberry. As the scope of Android value-added applications has grown, so also the increased risk of exploitation; thus, highlighting the dire need to protect user's privacy and data through malware detection and prevention. Among the two options—static and dynamic android malware detection, static has the inherent advantages of being fast and the first line of defense before application installation/execution; thus, same has been the focus of our work. Static malware analysis has been previously targeted in a number of works, with approaches ranging from machine learning (ML)-based models to statistical analysis techniques; however, the former has been determined to be more promising thus leading to our proposed neural network (NN)-based Real-device Malware Solution (RealMalSol). Our proposed solution not only provides improved accuracy of 96.4% with respect to the contemporary options but also ensures customized, scalable and optimized deployment for on-device analysis in contrast to emulator-based methods. To cater for limited computational capability of Android devices; we considered model optimization in two steps; as a first efficient Feature Reduction (FR) is applied to reduce the model complexity without adversely impacting the accuracy, and next optimized transformation of the model to a lightweight construct has been analyzed in TensorFlow Lite. The accuracy of RealMalSol improved from 95.2% to 96.40% using feature reduction in the full dataset. Moreover, the resultant model also performed proficiently on Android devices due to the careful selection of the best quantization-based optimization after rigorous analysis. [ABSTRACT FROM AUTHOR]

Published

2023

18. ModDiff: Modularity Similarity-Based Malware Homologation Detection.

Author

Sun, Huaqi, Shu, Hui, Kang, Fei, and Guang, Yan

Subjects

BINARY codes, MALWARE, NATURAL languages, MALWARE prevention

Abstract

In recent years, the number and scale of malicious codes have grown exponentially, posing an increasing threat to cybersecurity. Hence, it is of great research value to quickly identify variants of malware and master their family information. Binary code similarity detection, as a key technique in reverse analysis, plays an indispensable role in malware analysis. However, most existing methods focus on similarity at the function or basic block level, ignoring the modular composition of malware. Implementing similarity detection among malware modules would greatly improve the efficiency and accuracy of homology detection. Inspired by the successful application of deep-learning techniques in program analysis, we propose a binary code module similarity detection method called ModDiff. It abstracts malware into attribute graphs, clusters functions using graph-embedded clustering algorithms to decompose malware into function-based modules, and calculates module similarity using graph-matching algorithms and natural language processing-based function similarity detection algorithms. The experimental results indicated that ModDiff improves the accuracy of module partitioning by 10.8% compared with previous work, and the highest F1 score of 89% is achieved in malware homologation detection. These results demonstrate the effectiveness of ModDiff in detecting and analyzing malware with important application value and development prospects. [ABSTRACT FROM AUTHOR]

Published

2023

19. Machine Learning-Based Adaptive Genetic Algorithm for Android Malware Detection in Auto-Driving Vehicles.

Author

Hammood, Layth, Doğru, İbrahim Alper, and Kılıç, Kazım

Subjects

GENETIC algorithms, PARTICLE swarm optimization, MALWARE, FEATURE selection, RANDOM forest algorithms, COMPUTER network security, MALWARE prevention

Abstract

The growing trend toward vehicles being connected to various unidentified devices, such as other vehicles or infrastructure, increases the possibility of external attacks on"vehicle cybersecurity (VC). Detection of intrusion is a very important part of network security for vehicles such as connected vehicles, that have open connectivity, and self-driving vehicles. Consequently, security has become an important requirement in trying to protect these vehicles as attackers have become more sophisticated in using malware that can penetrate and harm vehicle control units as technology advances. Thus, ensuring the vehicles and the network are safe is very important for the growth of the automotive industry and for people to have more faith in it. In this study, a machine learning-based detection approach using hybrid analysis-based particle swarm optimization (PSO) and an adaptive genetic algorithm (AGA) is presented for Android malware detection in auto-driving vehicles. The "CCCS-CIC-AndMal-2020" dataset containing 13 different malware categories and 9504 hybrid features was used for the experiments. In the proposed approach, firstly, feature selection is performed by applying PSO to the features in the dataset. In the next step, the performance of XGBoost and random forest (RF) machine learning classifiers is optimized using the AGA. In the experiments performed, a 99.82% accuracy and F-score were obtained with the XGBoost classifier, which was developed using PSO-based feature selection and AGA-based hyperparameter optimization. With the random forest classifier, a 98.72% accuracy and F-score were achieved. Our results show that the application of PSO and an AGA greatly increases the performance in the classification of the information obtained from the hybrid analysis. [ABSTRACT FROM AUTHOR]

Published

2023

20. A YARA-based approach for detecting cyber security attack types.

Author

YILDIRIM, Kubra, DEMIR, Mustafa Emre, KELES, Tugce, YILDIZ, Arif Metahan, DOGAN, Sengul, and TUNCER, Turker

Subjects

CYBERTERRORISM, INTERNET security, TECHNOLOGICAL innovations, DATA security, INFORMATION storage & retrieval systems, MALWARE prevention, MALWARE

Abstract

Copyright of Firat University Journal of Experimental & Computational Engineering (FUJECE) is the property of Firat University Journal of Experimental & Computational Engineering (FUJECE) and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2023

21. Image-Based Malware Classification Method with the AlexNet Convolutional Neural Network Model.

Author

Zhao, Zilin, Zhao, Dawei, Yang, Shumian, and Xu, Lijuan

Subjects

CONVOLUTIONAL neural networks, MALWARE prevention, MALWARE, MACHINE learning

Abstract

In recent years, malware has experienced explosive growth and has become one of the most severe security threats. However, feature engineering easily restricts the traditional machine learning methods-based malware classification and is hard to deal with massive malware. At the same time, the dynamic analysis methods have the problems of complex operation and high cost, which are not suitable for efficiently classifying large quantities of malware. Therefore, we propose a novel static malware detection method based on this study's AlexNet convolutional neural network (CNN). Unlike existing solutions, we convert all malware bytes into color images, propose an improved AlexNet architecture, and solve the unbalanced datasets with the data enhancement method. Extensive experiments are performed using the Microsoft malware dataset and the Google Code Jam (GCJ) dataset. The experimental results show that the accuracy of the Microsoft malware dataset reaches 99.99%, and the GCJ dataset reaches 99.38%. We also verify that our method can better extract the texture features of malware and improve the accuracy and detection efficiency. [ABSTRACT FROM AUTHOR]

Published

2023

22. Broadening The Solution Space of Feature Selection in Time-interval-based Malware Detection.

Author

Yang, Zao and Kang, BooJoong

Subjects

FEATURE selection, MALWARE, CYBERCRIMINALS, MALWARE prevention

Abstract

In the last few years, the number of malware has grown exponentially. Malware has become the major medium for cyber criminals to conduct attacks and malicious actions, which has led to a lot of financial loss and data leakage. It is important to have an effective malware detection method to combat malware. Several malware detection methods were proposed recently. Many studies focus on dynamic analysis, which require malware to be executed. Some of them identify similarities among runtime API sequences or network behaviors, and some studies calculate occurrences of API calls and rank them to find the most discriminative features. A novel time-interval-based malware detection method was proposed in 2022, which mines the temporal relationships among the occurrences and tendencies of runtime API calls. This method has been demonstrated that it could outperform prior malware detection methods in terms of accuracy. However, the current time-interval-based malware detection method failed to explore a large enough solution space of feature selection, which could waste a lot of time and decrease accuracy. This paper illustrates that a broader feature selection solution space could generate better results, with the computational cost reduced by up to 27.1% and the accuracy increased by 4.7%. This paper also proposes a new time-interval-based malware detection method with the ability of more detailed adjustments in feature selection, which could reduce computational cost by up to 79.34%. [ABSTRACT FROM AUTHOR]

Published

2023

23. InviSeal: A Stealthy Dynamic Analysis Framework for Android Systems.

Author

Kumar, Saurabh, Mishra, Debadatta, Panda, Biswabandan, and Shukla, Sandeep Kumar

Subjects

MALWARE prevention, FORENSIC sciences, SANDBOXES (Computer science), EMULATION software

Abstract

With wide adaptation of open-source Android into mobile devices by different device vendors, sophisticated malware are developed to exploit security vulnerabilities. As comprehensive security analysis on physical devices are impractical and costly, emulator-driven security analysis has gained popularity in recent times. Existing dynamic analysis frameworks suffer from two major issues: (i) they do not provide foolproof anti-emulation-detection measures even for fingerprint-based attacks, and (ii) they lack efficient cross-layer profiling capabilities. In this work, we present InviSeal, a comprehensive and scalable dynamic analysis framework that includes low-overhead cross-layer profiling techniques and detailed anti-emulation-detection measures along with the basic emulation features. While providing an emulator-based comprehensive analysis platform, InviSeal strives to remain behind-the-scene to avoid emulation-detection. We empirically demonstrate that the proposed OS layer profiling utility to achieve cross-layer profiling is ∼1.26× faster than existing strace-based approaches. Overall, on average, InviSeal incurs ∼1.04× profiling overhead in terms of the number of operations performed by the various workloads of the CaffeineMark-3.0 benchmark, which is better than the contemporary techniques. Furthermore, we measure the anti-emulation-detection strategies of InviSeal against the fingerprint-based emulation-detection attacks. Experimental results show that the emulation-detection attacks carried out by the malware samples do not find InviSeal as an emulated platform. [ABSTRACT FROM AUTHOR]

Published

2023

24. Human elements impacting risky habits in cybersecurity.

Author

Majumdar, Nilabdhi and Ramteke, Vidyavati

Subjects

*INTERNET security, *DATA security failures, *TIME pressure, *HUMAN security, *HABIT, *MALWARE prevention, *NEAR field communication

Abstract

Human elements in security or cybersecurity, in particular, have been an area, which has been less explored and underrated. Data leaks, Cyber-attacks, and malware attacks, which consequences of failures triggered by humans, are constantly raising. In fact, ninety-five percent of the cyber events are human-triggered or enabled. Several elements related to humans, such as (not limited to) psychological, situational, time pressure, characteristics, biases, influence cybersecurity habits. Through theme extraction using WordStar 8 and manual scanning of the chosen research papers, we fixated on such six significant human-related components or variables, which impact cybersecurity practices through a careful Systematic Literature Review. The paper shows how these components affect cybersecurity conduct and shows how these components are related and can often (all things are considered) lead to dangerous security practices. A significant research question investigated is how these elements affect cybersecurity conduct. We have drawn data for this study principally dependent on secondary research to create a theoretical framework that depicts the consequences of various human elements on one another, which influences cybersecurity propensities. We likewise clarify why a comprehension of human-related components or variables identified with digital security is significant and can add to fruitful innovations and programming. A thing to note here is that the study area, despite everything, remains not a completely examined field, and subsequently, specialized papers for this literature review were difficult to find. This examination is utilized as a base for more work to decrease the human variables driving cyber-attacks that have seen a sensational increment in the world of innovation, technology, and the web. [ABSTRACT FROM AUTHOR]

Published

2022

25. SFCWGAN-BiTCN with Sequential Features for Malware Detection.

Author

Xuan, Bona, Li, Jin, and Song, Yafei

Subjects

GENERATIVE adversarial networks, CONVOLUTIONAL neural networks, FEATURE selection, RANK correlation (Statistics), MALWARE prevention

Abstract

In the field of adversarial attacks, the generative adversarial network (GAN) has shown better performance. There have been few studies applying it to malware sample supplementation, due to the complexity of handling discrete data. More importantly, unbalanced malware family samples interfere with the analytical power of malware detection models and mislead malware classification. To address the problem of the impact of malware family imbalance on accuracy, a selection feature conditional Wasserstein generative adversarial network (SFCWGAN) and bidirectional temporal convolutional network (BiTCN) are proposed. First, we extract the features of malware Opcode and API sequences and use Word2Vec to represent features, emphasizing the semantic logic between API tuning and Opcode calling sequences. Second, the Spearman correlation coefficient and the whale optimization algorithm extreme gradient boosting (WOA-XGBoost) algorithm are combined to select features, filter out invalid features, and simplify structure. Finally, we propose a GAN-based sequence feature generation algorithm. Samples were generated using the conditional Wasserstein generative adversarial network (CWGAN) on the imbalanced malware family dataset, added to the trainset to supplement the samples, and trained on BiTCN. In comparison, in tests on the Kaggle and DataCon datasets, the model achieved detection accuracies of 99.56% and 96.93%, respectively, which were 0.18% and 2.98% higher than the models of other methods. [ABSTRACT FROM AUTHOR]

Published

2023

26. The Advanced Malware Malware Prevention Playbook

Author

Badhwar, Raj and Badhwar, Raj

Published

2021

27. Security Hardened and Privacy Preserved Android Malware Detection Using Fuzzy Hash of Reverse Engineered Source Code.

Author

Ali, Hasnat, Batool, Komal, Yousaf, Muhammad, Islam Satti, Muhammad, Naseer, Salman, Zahid, Saleem, Gardezi, Akber Abid, Shafiq, Muhammad, and Choi, Jin-Ghoo

Subjects

SOURCE code, MALWARE, FUZZY logic, PRIVACY, MALWARE prevention, FUZZY neural networks

Abstract

The risk of malware has increased drastically in recent years due to advances in the IT industry but it also increased the need for malware analysis and prevention. Hackers inject malicious code using awful applications. In this research, a framework is proposed to identify malicious Android applications based on repacked malicious code. The sensitive features of android applications are extracted using source code. These extracted features are compared with existing malware signatures to identify repacked malicious android applications. Experiments are performed using 3490 android-based malware samples belonging to 21 different malware families. A threshold value for malware categorization is defined using fuzzy logic. If the fuzzy comparison match is greater than 40%, the application is malicious. Meanwhile, if the match is greater than 10% and less than 40%, the application is suspicious otherwise benign. Furthermore, the proposed framework presents around 74% of the repacked malware compared to other similar approaches. [ABSTRACT FROM AUTHOR]

Published

2022

28. Lightweight On-Device Detection of Android Malware Based on the Koodous Platform and Machine Learning.

Author

Krzysztoń, Mateusz, Bok, Bartosz, Lew, Marcin, and Sikora, Andrzej

Subjects

*MACHINE learning, *MOBILE operating systems, *ARTIFICIAL neural networks, *MALWARE, *MALWARE prevention

Abstract

Currently, Android is the most popular operating system among mobile devices. However, as the number of devices with the Android operating system increases, so does the danger of using them. This is especially important as smartphones increasingly authenticate critical activities(e-banking, e-identity). BotSense Mobile is a tool already integrated with some critical applications (e-banking, e-identity) to increase user safety. In this paper, we focus on the novel functionality of BotSense Mobile: the detection of malware applications on a user device. In addition to the standard blacklist approach, we propose a machine learning-based model for unknown malicious application detection. The lightweight neural network model is deployed on an edge device to avoid sending sensitive user data outside the device. For the same reason, manifest-related features can be used by the detector only. We present a comprehensive empirical analysis of malware detection conducted on recent data (May–June, 2022) from the Koodous platform, which is a collaborative platform where over 70 million Android applications were collected. The research highlighted the problem of machine learning model aging. We evaluated the lightweight model on recent Koodous data and obtained f 1 = 0.77 and high precision ( 0.9 ). [ABSTRACT FROM AUTHOR]

Published

2022

29. Where Are We Looking for Security Concerns? Understanding Android Security Static Analysis

Author

Schmeelk, Suzanna, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Arai, Kohei, editor, Bhatia, Rahul, editor, and Kapoor, Supriya, editor

Published

2020

30. Malicious URL Detection Using Decision Tree-based Lexical Features Selection and Multilayer Perceptron Model.

Author

Ahmed, Warmn Faiq and Jameel, Noor Ghazi M.

Subjects

*MALWARE prevention, *DECISION trees, *LEXICAL access, *MULTILAYER perceptrons, *FEATURE selection

Abstract

Network information security risks multiply and become more dangerous. Hackers today generally target end-to-end technology and take advantage of human weaknesses. Furthermore, hackers take advantage of technology weaknesses by applying various methods to attack. Nowadays, one of the greatest dangers to the modern digital world is malicious URLs, and stopping them is one of the biggest challenges in the field of cyber security. Detecting harmful URLs using machine learning and deep learning algorithms have been the subject of various academic papers. However, time and accuracy are the two biggest challenges of these tools. This paper proposes a multilayer perceptron (MLP) model that utilizes two significant aspects to make it more practical, lightweight, and fast: Using only lexical features and a decision tree (DT) algorithm to select the best relevant subset of features. The effectiveness of the experimental outcomes is evaluated in terms of time, accuracy, and error reduction. The results show that a MLP model using 35 features could achieve an accuracy of 94.51% utilizing only URL lexical features. Furthermore, the model is improved in time after applying the DT as feature selection with a slight improvement in accuracy and loss. [ABSTRACT FROM AUTHOR]

Published

2022

31. High Performance Classification of Android Malware Using Ensemble Machine Learning.

Author

Ouk, Pagnchakneat C. and Wooguil Pak

Subjects

MACHINE learning, MALWARE, CLASSIFICATION algorithms, FEATURE extraction, FEATURE selection, CLASSIFICATION, MALWARE prevention

Abstract

Although Android becomes a leading operating system in market, Android users suffer from security threats due to malwares. To protect users from the threats, the solutions to detect and identify the malware variant are essential. However, modern malware evades existing solutions by applying code obfuscation and native code. To resolve this problem, we introduce an ensemble-based malware classification algorithm using malware family grouping. The proposed family grouping algorithm finds the optimal combination of families belonging to the same group while the total number of families is fixed to the optimal total number. It also adopts unified feature extraction technique for handling seamless both bytecode and native code. We propose a unique feature selection algorithm that improves classification performance and time simultaneously. 2-gram based features are generated from the instructions and segments, and then selected by using multiple filters to choose most effective features. Through extensive simulation with many obfuscated and native code malware applications, we confirm that it can classify malwares with high accuracy and short processing time. Most existing approaches failed to achieve classification speed and detection time simultaneously. Therefore, the approach can help Android users to keep themselves safe from various and evolving cyber-attacks very effectively. [ABSTRACT FROM AUTHOR]

Published

2022

32. A Novel Framework for Windows Malware Detection Using a Deep Learning Approach.

Author

Darem, Abdulbasit A.

Subjects

DEEP learning, MALWARE, CYBERTERRORISM, MALWARE prevention, FEATURE selection, INTERNET users

Abstract

Malicious software (malware) is one of the main cyber threats that organizations and Internet users are currently facing. Malware is a software code developed by cybercriminals for damage purposes, such as corrupting the system and data as well as stealing sensitive data. The damage caused by malware is substantially increasing every day. There is a need to detect malware efficiently and automatically and remove threats quickly from the systems. Although there are various approaches to tackle malware problems, their prevalence and stealthiness necessitate an effective method for the detection and prevention of malware attacks. The deep learning-based approach is recently gaining attention as a suitable method that effectively detects malware. In this paper, a novel approach based on deep learning for detecting malware proposed. Furthermore, the proposed approach deploys novel feature selection, feature co-relation, and feature representations to significantly reduce the feature space. The proposed approach has been evaluated using a Microsoft prediction dataset with samples of 21,736 malware composed of 9 malware families. It achieved 96.01% accuracy and outperformed the existing techniques of malware detection. [ABSTRACT FROM AUTHOR]

Published

2022

33. A Comprehensive Review of Android Security: Threats, Vulnerabilities, Malware Detection, and Analysis.

Author

Acharya, Saket, Rawat, Umashankar, and Bhatnagar, Roheet

Subjects

MALWARE prevention, MALWARE, DEEP learning, SECURITY systems

Abstract

The popularity and open-source nature of Android devices have resulted in a dramatic growth of Android malware. Malware developers are also able to evade the detection methods, reducing the efficiency of malware detection techniques. It is hence desirable that security researchers and experts come up with novel and more efficient methods to analyze existing and zero-day Android malware. Most of the researchers have focused on Android system security. However, to examine Android security, with a specific focus on malware development, investigation of malware prevention techniques and already known malware detection techniques needs a broad inclusion. To overcome the research gaps, this paper provides a broad review of current Android security concerns, security implementation enhancements, significant malware detected during 2017–2021, and stealth procedures used by the malware developers along with the current Android malware detection techniques. A comparative analysis is presented between this article and similar recent survey articles to fill the existing research gaps. In the end, a three-phase model is proposed to efficiently identify and characterize Android malware. In the first phase, a lightweight deep transfer learning approach is used to classify Android applications into benign and malicious. In the second phase, the malicious applications are executed in a virtual emulator to reduce the number of false positives. Finally, the malicious applications having the same characteristic ratio are grouped into their corresponding families using the topic modelling approach. The proposed model can efficiently detect, characterize, and provide a familial classification of Android malware with a good accuracy rate. [ABSTRACT FROM AUTHOR]

Published

2022

34. Optimal Control of Heterogeneous-Susceptible-Exposed-Infectious-Recovered-Susceptible Malware Propagation Model in Heterogeneous Degree-Based Wireless Sensor Networks.

Author

ZHANG Hong, SHEN Shigen, WU Guowen, CAO Qiying, and XU Hongyun

Subjects

MALWARE prevention, WIRELESS sensor networks, INTRUSION detection systems (Computer security), OPTIMAL control theory, COMPUTER simulation

Abstract

Heterogeneous wireless sensor networks ( HWSNs ) are vulnerable to malware propagation, because of their low configuration and weak defense mechanism. Therefore, an optimality system for HWSNs is developed to suppress malware propagation in this paper. Firstly, a heterogeneous-susceptible-exposed-infectious-recovered-susceptible ( HSEIRS ) model is proposed to describe the state dynamics of heterogeneous sensor nodes (HSNs) in HWSNs. Secondly, the existence of an optimal control problem with installing antivirus on HSNs to minimize the sum of the cumulative infection probabilities of HWSNs at a low cost based on the HSEIRS model is proved, and then an optimal control strategy for the problem is derived by the optimal control theory. Thirdly, the optimal control strategy based on the HSEIRS model is transformed into corresponding Hamiltonian by the Pontryagin’s minimum principle, and the corresponding optimality system is derived. Finally, the effectiveness of the optimality system is validated by the experimental simulations, and the results show that the infectious HSNs will fall to an extremely low level at a low cost. [ABSTRACT FROM AUTHOR]

Published

2022

35. Defending against OS-Level Malware in Mobile Devices via Real-Time Malware Detection and Storage Restoration †.

Author

Chen, Niusen and Chen, Bo

Subjects

MALWARE prevention, MOBILE apps, FLASH memory, INVESTMENT analysis, RANDOM access memory

Abstract

Combating the OS-level malware is a very challenging problem as this type of malware can compromise the operating system, obtaining the kernel privilege and subverting almost all the existing anti-malware tools. This work aims to address this problem in the context of mobile devices. As real-world malware is very heterogeneous, we narrow down the scope of our work by especially focusing on a special type of OS-level malware that always corrupts user data. We have designed mobiDOM, the first framework that can combat the OS-level data corruption malware for mobile computing devices. Our mobiDOM contains two components, a malware detector and a data repairer. The malware detector can securely and timely detect the presence of OS-level malware by fully utilizing the existing hardware features of a mobile device, namely, flash memory and Arm TrustZone. Specifically, we integrate the malware detection into the flash translation layer (FTL), a firmware layer embedded into the flash storage hardware, which is inaccessible to the OS; in addition, we run a trusted application in the Arm TrustZone secure world, which acts as a user-level manager of the malware detector. The FTL-based malware detection and the TrustZone-based manager can communicate with each other stealthily via steganography. The data repairer can allow restoring the external storage to a healthy historical state by taking advantage of the out-of-place-update feature of flash memory and our malware-aware garbage collection in the FTL. Security analysis and experimental evaluation on a real-world testbed confirm the effectiveness of mobiDOM. [ABSTRACT FROM AUTHOR]

Published

2022

36. Zyxel USG Lite 60AX.

Subjects

TELECOMMUTING, MALWARE prevention, AD blockers, INTERNET content, DARKNETS (File sharing)

Abstract

The Zyxel USG Lite 60AX is an entry-level security router that offers a range of subscription-free protection measures. Priced at £142, it includes a lifetime subscription to Zyxel's Security Cloud, which provides firewall, ransomware and malware prevention, VPN proxy, intrusion detection, and other security features. The router features a Wi-Fi 6 access point and a multi-gigabit switch, with two 2.5GbE ports and four gigabit LAN ports. It can be managed through the Nebula cloud account, allowing for easy customization and wireless network management. While enabling the application identification service may impact performance, the router offers a solid range of security features and is suitable for businesses with remote workers. [Extracted from the article]

Published

2024

37. Mobile apps give greater financial transactional freedom.

Author

Ghatak, Aanchal

Subjects

MALWARE prevention, MOBILE games, MOBILE apps, ASIANS, SOURCE code, DIGITAL technology

Abstract

An interview with Jan Sysmans, Head of Marketing, Asia Pacific and Japan (APJ) at Appdome, is presented. He discusses the surging demand for enhanced mobile app security and fraud prevention in Asia, with a specific focus on India. Consumers now priorities security as much as new features in their mobile app experiences. Appdome addresses this need by seamlessly integrating security into DevOps workflows, catering to the region's increasing demand for mobile security.

Published

2023

38. Bridgeware: The Air-Gap Malware.

Author

GURI, MORDECHAI and ELOVICI, YUVAL

Subjects

*COMPUTER network security, *MALWARE, *ELECTROMAGNETIC radiation, *MALWARE prevention, *DATA security

Abstract

The article discusses the concept of bridgeware as a form of malware affecting air-gapped networks. Topics include attacks involving the leakage of sensitive data, the use of covert communication such as acoustic or electromagnetic radiation (EMR) methods despite air-gap separation, and defensive countermeasures such as physical insulation and software-based countermeasures.

Published

2018

39. MalDC: Malicious Software Detection and Classification using Machine Learning.

Author

Jaewoong Moon, Subin Kim, Park Jangyong, Jieun Lee, Kyungshin Kim, and Jaeseung Song

Subjects

MACHINE learning, ARTIFICIAL intelligence, SURGICAL robots, COMPUTER software security, INTERNET security, MALWARE prevention, MALWARE

Abstract

Recently, the importance and necessity of artificial intelligence (AI), especially machine learning, has been emphasized. In fact, studies are actively underway to solve complex and challenging problems through the use of AI systems, such as intelligent CCTVs, intelligent AI security systems, and AI surgical robots. Information security that involves analysis and response to security vulnerabilities of software is no exception to this and is recognized as one of the fields wherein significant results are expected when AI is applied. This is because the frequency of malware incidents is gradually increasing, and the available security technologies are limited with regard to the use of software security experts or source code analysis tools. We conducted a study on MalDC, a technique that converts malware into images using machine learning, MalDC showed good performance and was able to analyze and classify different types of malware. MalDC applies a preprocessing step to minimize the noise generated in the image conversion process and employs an image augmentation technique to reinforce the insufficient dataset, thus improving the accuracy of the malware classification. To verify the feasibility of our method, we tested the malware classification technique used by MalDC on a dataset provided by Microsoft and malware data collected by the Korea Internet & Security Agency (KISA). Consequently, an accuracy of 97% was achieved. [ABSTRACT FROM AUTHOR]

Published

2022

40. Prevention of Runtime Malware Injection Attack in Cloud Using Unsupervised Learning.

Author

Prabhavathy, M. and UmaMaheswari, S.

Subjects

CLOUD computing, MALWARE prevention, DIGITAL learning, DEBIT cards, MACHINE learning, USER experience, MALWARE

Abstract

Cloud computing utilizes various Internet-based technologies to enhance the Internet user experience. Cloud systems are on the rise, as this technology has completely revolutionized the digital industry. Currently, many users rely on cloud-based solutions to acquire business information and knowledge. As a result, cloud computing services such as SaaS and PaaS store a warehouse of sensitive and valuable information, which has turned the cloud systems into the obvious target for many malware creators and hackers. These malicious attackers attempt to gain illegal access to a myriad of valuable information such as user personal information, password, credit/debit card numbers, etc., from systems as the unsecured e-learning ones. As an important part of cloud services, security is needed to protect business customers and users from unauthorized threats. This paper aims to identify malware that attacks cloud-based software solutions using an unsupervised learning model with fixed-weight Hamming and Mexiannet. Different types of attack methodologies and various ways of malicious instructions targeting unknown files in cloud services are investigated. The result and analysis in this study provide an evolution of the unsupervised learning detection algorithm with an accuracy of 94.05%. [ABSTRACT FROM AUTHOR]

Published

2022

41. A New Malware Detection Method Based on VMCADR in Cloud Environments.

Author

Zheng, Luxin and Zhang, Jian

Subjects

MALWARE, CONVOLUTIONAL neural networks, MALWARE prevention, CLOUD computing

Abstract

With the cloud computing technology developing increasingly, malware and privacy protection have become two major challenges for cloud security. At present, the detection methods based on virtualization technology are mainly in-VM and out-of-VM approaches, both of which have high detection rates. However, a lot of relevant researches at present have focused on the accuracy of malware without considering the privacy protection of cloud tenants sufficiently. In this paper, we propose a new cloud-based malware detection method that can detect malware in cloud service platforms without compromising user privacy. In order to protect the privacy of cloud tenants, this method uses relevant virtualization technologies to obtain memory snapshots of cloud tenants. Because the memory snapshot is very large, and the semantics is of low level, it needs to be processed for feature dimensionality reduction. Therefore, we propose visualized memory change area dimensionality reduction (VMCADR) method. This method directly performs malware detection on binary memory snapshots without accessing user system information and files, thereby protecting user privacy. The following are the main steps of VMCADR method. First, we propose memory difference (MDIFF) algorithm to obtain the Memory Changed Area (MCA), which is changed by the test program. Then, in order to better detect the MCA files, we use visualization technology to process it. Next, we convert these MCA files into grayscale images and RGB images, respectively. And we resize the picture pixels uniformly, so that it can be classified using convolutional neural networks. Finally, we propose a Simplified Neural Network (SNN) to classify these images. After experiments, the RGB-dataset accuracy of malware detection is 99.39%. [ABSTRACT FROM AUTHOR]

Published

2022

42. [m]allotROPism: a metamorphic engine for malicious software variation development.

Author

Lyvas, Christos, Ntantogian, Christoforos, and Xenakis, Christos

Subjects

*MALWARE, *COMPUTER software development, *STATISTICAL decision making, *ENGINES, *ANTI-malware (Computer software), *MALWARE prevention, *MOLECULAR phylogeny

Abstract

For decades, code transformations have been a vital open problem in the field of system security, especially for cases like malware mutation engines that generate semantically equivalent forms of given malicious payloads. While there are abundant works on malware and on malware phylogenies classification and detection in general, the fundamental principles about malicious transformations to evade detection have been neglected. In the present work, we introduce a mutation engine, named [m]allotROPism, to generate malicious code deviations with equivalent semantics from a static-analysis point of view. To achieve this, we reduce the problem of generating semantically equivalent solutions of given assembly code into a decision problem, and we solve it with the aid of satisfiability modulo theories. Moreover, we leverage return-oriented programming techniques to alter the traditional execution control flow from text to stack memory segment. We have implemented our proposed mutation engine and evaluated its detection evasion capabilities. Results show that so far, our approach is undetectable against popular free and commercial anti-malware products. We release the implementation of [m]allotROPism as open source. Our intention is to provide a method to generate malware families for experimental purposes and inspire further state-of-the-art research in the field of malware analysis. [ABSTRACT FROM AUTHOR]

Published

2022

43. AVMCT: API Calls Visualization based Malware Classification using Transfer Learning.

Author

Goyal, Manish and Kumar, Raman

Subjects

*DATA visualization software, *MALWARE prevention, *ARTIFICIAL neural networks, *DEEP learning, *APPLICATION program interfaces, *CYBERCRIMINALS, *DATA security

Abstract

The exponential growth of the internet and high-speed data transmission has also increased the security threat of data. The antivirus companies are providing security to this data. Cybercriminals are in continuous efforts to break security barriers to steal sensitive information and to have unauthorized access or corrupt the victim's system. There is a never-ending cycle between antivirus companies and cybercriminals. There are two ways to detect malware by using static analysis and dynamic analysis. Although static analysis provides fast results, zero-day malware can't be detected as there is a predefined set of signatures in this technique. By using obfuscation techniques malware writers can evade this technique while in dynamic analysis malware detection is based on malware behavior. So, dynamic analysis is capable of detecting new and unseen malware. Machine learning and deep learning techniques are quite effective in the classification of malware on the extracted feature set by using static or dynamic analysis. In a recent study, the malware classification is performed by using transfer learning inConvolution Neural Network (CNN) architectures based on API Call visualization. API Call visualization means converting API Calls in the form of images to detect patterns of different families of malware. After converting API Callimages,the transfer learning is performed on two customized CNN models to enhance feature vectors and made a combined set of feature vectors. The results of thisframework are compared with pre-trained models like VGG-16, ResNet-50 and AlexNet which shows that our suggested approach outperforms pre-trained models. [ABSTRACT FROM AUTHOR]

Published

2022

44. A Survey on TLS-Encrypted Malware Network Traffic Analysis Applicable to Security Operations Centers.

Author

Oh, Chaeyeon, Ha, Joonseo, and Roh, Heejun

Subjects

MALWARE, MACHINE learning, MALWARE prevention

Abstract

Recently, a majority of security operations centers (SOCs) have been facing a critical issue of increased adoption of transport layer security (TLS) encryption on the Internet, in network traffic analysis (NTA). To this end, in this survey article, we present existing research on NTA and related areas, primarily focusing on TLS-encrypted traffic to detect and classify malicious traffic with deployment scenarios for SOCs. Security experts in SOCs and researchers in academia can obtain useful information from our survey, as the main focus of our survey is NTA methods applicable to malware detection and family classification. Especially, we have discussed pros and cons of three main deployment models for encrypted NTA: TLS interception, inspection using cryptographic functions, and passive inspection without decryption. In addition, we have discussed the state-of-the-art methods in TLS-encrypted NTA for each component of a machine learning pipeline, typically used in the state-of-the-art methods. [ABSTRACT FROM AUTHOR]

Published

2022

45. ENERGY EFFICIENT BASED SECURE DATA TRANSMISSION FOR MULTI HOP TRUST MANAGEMENT TECHNIQUE USING WIRELESS SENSOR NETWORK.

Author

Gayathri, S. and Senthilkumar, A.

Subjects

DATA transmission systems, TRUST, WIRELESS sensor networks, ENERGY consumption, MALWARE prevention

Abstract

Secure data transfer is intended to keep data safe from illegal access, damage, or disruption. In this proposed technique, an intrusion prevention system is built to counter the rapidly growing threats offered by the current generation of malware, software, and exploits. As the number of intruders has grown, the network environment has become more complicated, making threat mitigation more difficult. Modern wireless sensor networks have emerged for the aim of transmitting important information and services to an ever-growing set of users. Security is the most important issues in wireless network. Using this proposed Multi Hop Trust Management (MHTM) approach; trust management technique is used to identify the trusted nodes with malicious node. Then secured and efficient way of data transmission are directed and communicated to any kind of networks re confirmed here. The result attained shows MHTM technique attains better performance than TSRP in stipulations of energy efficiency, data transmission delay, communication overhead, throughput, malicious sensor device misclassification rate and identification. [ABSTRACT FROM AUTHOR]

Published

2021

46. Machine-Learning Classifiers for Malware Detection Using Data Features.

Author

Habtor, Saleh Abdulaziz and Dahah, Ahmed Haidarah Hasan

Subjects

ELECTRONIC data processing, MALWARE, MACHINE learning, RANSOMWARE, ARTIFICIAL intelligence, ANTI-malware (Computer software), MALWARE prevention

Abstract

The spread of ransomware has risen exponentially over the past decade, causing huge financial damage to multiple organizations. Various antiransomware firms have suggested methods for preventing malware threats. The growing pace, scale and sophistication of malware provide the anti-malware industry with more challenges. Recent literature indicates that academics and antivirus organizations have begun to use artificial learning as well as fundamental modeling techniques for the research and identification of malware. Orthodox signature-based anti-virus programs struggle to identify unfamiliar malware and track new forms of malware. In this study, a malware evaluation framework focused on machine learning was adopted that consists of several modules: dataset compiling in two separate classes (malicious and benign software), file disassembly, data processing, decision making, and updated malware identification. The data processing module uses grey images, functions for importing and Opcode n-gram to remove malware functionality. The decision making module detects malware and recognizes suspected malware. Different classifiers were considered in the research methodology for the detection and classification of malware. Its effectiveness was validated on the basis of the accuracy of the complete process. [ABSTRACT FROM AUTHOR]

Published

2021

47. Beware malware.

Subjects

*INTERNET, *MALWARE prevention, *COMPUTER software, *HUMAN fingerprints, *COMPUTER network management

Published

2024

48. A Survey of Android Malware Detection with Deep Neural Models.

Author

JUNYANG QIU, JUN ZHANG, WEI LUO, LEI PAN, NEPAL, SURYA, and YANG XIANG

Subjects

*MALWARE prevention, *MALWARE, *DEEP learning, *FEATURE extraction, *MACHINE learning, *DISRUPTIVE innovations, *INTERNET security

Abstract

Deep Learning (DL) is a disruptive technology that has changed the landscape of cyber security research. Deep learning models have many advantages over traditional Machine Learning (ML) models, particularly when there is a large amount of data available. Android malware detection or classiication qualiies as a big data problem because of the fast booming number of Android malware, the obfuscation of Android malware, and the potential protection of huge values of data assets stored on the Android devices. It seems a natural choice to apply DL on Android malware detection. However, there exist challenges for researchers and practitioners, such as choice of DL architecture, feature extraction and processing, performance evaluation, and even gathering adequate data of high quality. In this survey, we aim to address the challenges by systematically reviewing the latest progress in DL-based Android malware detection and classiication. We organize the literature according to the DL architecture, including FCN, CNN, RNN, DBN, AE, and hybrid models. The goal is to reveal the research frontier, with the focus on representing code semantics for Android malware detection.We also discuss the challenges in this emerging ield and provide our view of future research opportunities and directions. [ABSTRACT FROM AUTHOR]

Published

2021

49. A graph-based framework for malicious software detection and classification utilizing temporal-graphs.

Author

Dounavi, Helen-Maria, Mpanti, Anna, Nikolopoulos, Stavros D., and Polenakis, Iosif

Subjects

*SOFTWARE frameworks, *REPRESENTATIONS of graphs, *CLASSIFICATION, *MALWARE, *MALWARE prevention

Abstract

In this paper we present a graph-based framework that, utilizing relations between groups of System-calls, detects whether an unknown software sample is malicious or benign, and classifies a malicious software to one of a set of known malware families. In our approach we propose a novel graph representation of dependency graphs by capturing their structural evolution over time constructing sequential graph instances, the so-called Temporal Graphs. The partitions of the temporal evolution of a graph defined by specific time-slots, results to different types of graphs representations based upon the information we capture across the capturing of its evolution. The proposed graph-based framework utilizes the proposed types of temporal graphs computing similarity metrics over various graph characteristics in order to conduct the malware detection and classification procedures. Finally, we evaluate the detection rates and the classification ability of our proposed graph-based framework conducting a series of experiments over a set of known malware samples pre-classified into malware families. [ABSTRACT FROM AUTHOR]

Published

2021

50. Machine-Learning-Based Android Malware Family Classification Using Built-In and Custom Permissions.

Author

Kim, Minki, Kim, Daehan, Hwang, Changha, Cho, Seongje, Han, Sangchul, and Park, Minkyu

Subjects

MACHINE learning, CLASSIFICATION, FAMILIES, MOBILE apps, STATISTICAL correlation, MALWARE, MALWARE prevention

Abstract

Malware family classification is grouping malware samples that have the same or similar characteristics into the same family. It plays a crucial role in understanding notable malicious patterns and recovering from malware infections. Although many machine learning approaches have been devised for this problem, there are still several open questions including, "Which features, classifiers, and evaluation metrics are better for malware familial classification"? In this paper, we propose a machine learning approach to Android malware family classification using built-in and custom permissions. Each Android app must declare proper permissions to access restricted resources or to perform restricted actions. Permission declaration is an efficient and obfuscation-resilient feature for malware analysis. We developed a malware family classification technique using permissions and conducted extensive experiments with several classifiers on a well-known dataset, DREBIN. We then evaluated the classifiers in terms of four metrics: macrolevel F1-score, accuracy, balanced accuracy (BAC), and the Matthews correlation coefficient (MCC). BAC and the MCC are known to be appropriate for evaluating imbalanced data classification. Our experimental results showed that: (i) custom permissions had a positive impact on classification performance; (ii) even when the same classifier and the same feature information were used, there was a difference up to 3.67% between accuracy and BAC; (iii) LightGBM and AdaBoost performed better than other classifiers we considered. [ABSTRACT FROM AUTHOR]

Published

2021