Safeguarding against malware requires precise machine-learning algorithms to classify harmful apps.The Drebin dataset of 15,036 samples and 215 features yielded significant and reliable results for two hybrid models,C...Safeguarding against malware requires precise machine-learning algorithms to classify harmful apps.The Drebin dataset of 15,036 samples and 215 features yielded significant and reliable results for two hybrid models,CNN+XGBoost and KNN+XGBoost.To address the class imbalance issue,SMOTE(Synthetic Minority Oversampling Technique)was used to preprocess the dataset,creating synthetic samples of the minority class(malware)to balance the training set.XGBoost was then used to choose the most essential features for separating malware from benign programs.The models were trained and tested using 6-fold cross-validation,measuring accuracy,precision,recall,F1 score,and ROC AUC.The results are highly dependable,showing that CNN+XGBoost consistently outperforms KNN+XGBoost with an average accuracy of 98.76%compared to 97.89%.The CNN-based malware classification model,with its higher precision,recall,and F1 scores,is a secure choice.CNN+XGBoost,with its fewer all-fold misclassifications in confusion matrices,further solidifies this security.The calibration curve research,confirming the accuracy and cybersecurity applicability of the models’probability projections,adds to the sense of reliability.This study unequivocally demonstrates that CNN+XGBoost is a reliable and effective malware detection system,underlining the importance of feature selection and hybrid models.展开更多
The proliferation of Internet of Things(IoT)devices has established edge computing as a critical paradigm for real-time data analysis and low-latency processing.Nevertheless,the distributed nature of edge computing pr...The proliferation of Internet of Things(IoT)devices has established edge computing as a critical paradigm for real-time data analysis and low-latency processing.Nevertheless,the distributed nature of edge computing presents substantial security challenges,rendering it a prominent target for sophisticated malware attacks.Existing signature-based and behavior-based detection methods are ineffective against the swiftly evolving nature of malware threats and are constrained by the availability of resources.This paper suggests the Genetic Encoding for Novel Optimization of Malware Evaluation(GENOME)framework,a novel solution that is intended to improve the performance of malware detection and classification in peripheral computing environments.GENOME optimizes data storage and computa-tional efficiency by converting malware artifacts into compact,structured sequences through a Deoxyribonucleic Acid(DNA)encoding mechanism.The framework employs two DNA encoding algorithms,standard and compressed,which substantially reduce data size while preserving high detection accuracy.The Edge-IIoTset dataset was used to conduct experiments that showed that GENOME was able to achieve high classification performance using models such as Random Forest and Logistic Regression,resulting in a reduction of data size by up to 42%.Further evaluations with the CIC-IoT-23 dataset and Deep Learning models confirmed GENOME’s scalability and adaptability across diverse datasets and algorithms.The potential of GENOME to address critical challenges,such as the rapid mutation of malware,real-time processing demands,and resource limitations,is emphasized in this study.GENOME offers comprehensive protection for peripheral computing environments by offering a security solution that is both efficient and scalable.展开更多
The rapid evolution of malware presents a critical cybersecurity challenge,rendering traditional signature-based detection methods ineffective against novel variants.This growing threat affects individuals,organizatio...The rapid evolution of malware presents a critical cybersecurity challenge,rendering traditional signature-based detection methods ineffective against novel variants.This growing threat affects individuals,organizations,and governments,highlighting the urgent need for robust malware detection mechanisms.Conventional machine learning-based approaches rely on static and dynamicmalware analysis and often struggle to detect previously unseen threats due to their dependency on predefined signatures.Although machine learning algorithms(MLAs)offer promising detection capabilities,their reliance on extensive feature engineering limits real-time applicability.Deep learning techniques mitigate this issue by automating feature extraction but may introduce computational overhead,affecting deployment efficiency.This research evaluates classical MLAs and deep learningmodels to enhance malware detection performance across diverse datasets.The proposed approach integrates a novel text and imagebased detection framework,employing an optimized Support Vector Machine(SVM)for textual data analysis and EfficientNet-B0 for image-based malware classification.Experimental analysis,conducted across multiple train-test splits over varying timescales,demonstrates 99.97%accuracy on textual datasets using SVM and 96.7%accuracy on image-based datasets with EfficientNet-B0,significantly improving zero-day malware detection.Furthermore,a comparative analysis with existing competitive techniques,such as Random Forest,XGBoost,and CNN-based(Convolutional Neural Network)classifiers,highlights the superior performance of the proposed model in terms of accuracy,efficiency,and robustness.展开更多
Over the past few years,Malware attacks have become more and more widespread,posing threats to digital assets throughout the world.Although numerous methods have been developed to detect malicious attacks,these malwar...Over the past few years,Malware attacks have become more and more widespread,posing threats to digital assets throughout the world.Although numerous methods have been developed to detect malicious attacks,these malware detection techniques need to be more efficient in detecting new and progressively sophisticated variants of malware.Therefore,the development of more advanced and accurate techniques is necessary for malware detection.This paper introduces a comprehensive Dual-Channel Attention Deep Bidirectional Long Short-Term Memory(DCADBiLSTM)model for malware detection and riskmitigation.The Dual Channel Attention(DCA)mechanism improves themodel’s capability to concentrate on the features that aremost appropriate in the input data,which reduces the false favourable rates.The Bidirectional Long,Short-Term Memory framework helps capture crucial interdependence from past and future circumstances,which is essential for enhancing the model’s understanding of malware behaviour.As soon as malware is detected,the risk mitigation phase is implemented,which evaluates the severity of each threat and helps mitigate threats earlier.The outcomes of the method demonstrate better accuracy of 98.96%,which outperforms traditional models.It indicates the method detects and mitigates several kinds of malware threats,thereby providing a proactive defence mechanism against the emerging challenges in cybersecurity.展开更多
In the current digital era,new technologies are becoming an essential part of our lives.Consequently,the number ofmalicious software ormalware attacks is rapidly growing.There is no doubt,themajority ofmalware attacks...In the current digital era,new technologies are becoming an essential part of our lives.Consequently,the number ofmalicious software ormalware attacks is rapidly growing.There is no doubt,themajority ofmalware attacks can be detected by most antivirus programs.However,such types of antivirus programs are one step behind malicious software.Due to these dilemmas,deep learning become popular in the detection and classification of malicious data.Therefore,researchers have significantly focused on finding solutions for malware attacks by analyzing malicious samples with the help of different techniques and models.In this research,we presented a lightweight attention-based novel deep Convolutional Neural Network(DNN-CNN)model for binary and multi-class malware classification,including benign,trojan horse,ransomware,and spyware.We applied the Principal Component Analysis(PCA)technique for feature extraction for binary classification.We used the Synthetic Minority Oversampling Technique(SMOTE)to handle the imbalanced data during multi-class classification.Our proposed attention-based malware detectionmodel is trained on the benchmarkmalware memory dataset named CIC-MalMem-2022.Theresults indicate that our model obtained high accuracy for binary and multi-class classification,99.5% and 97.9%,respectively.展开更多
The proliferation of malware and the emergence of adversarial samples pose severe threats to global cybersecurity,demanding robust detection mechanisms.Traditional malware detection methods suffer from limited feature...The proliferation of malware and the emergence of adversarial samples pose severe threats to global cybersecurity,demanding robust detection mechanisms.Traditional malware detection methods suffer from limited feature extraction capabilities,while existing Vision Transformer(ViT)-based approaches face high computational complexity due to global self-attention,hindering their efficiency in handling large-scale image data.To address these issues,this paper proposes a novel hybrid enhanced Vision Transformer architecture,HERL-ViT,tailored for malware detection.The detection framework involves five phases:malware image visualization,image segmentation with patch embedding,regional-local attention-based feature extraction,enhanced feature transformation,and classification.Methodologically,HERL-ViT integrates a multi-level pyramid structure to capture multi-scale features,a regionalto-local attention mechanism to reduce computational complexity,an Optimized Position Encoding Generator for dynamic relative position encoding,and enhanced MLP and downsampling modules to balance performance and efficiency.Key contributions include:(1)A unified framework integrating visualization,adversarial training,and hybrid attention for malware detection;(2)Regional-local attention to achieve both global awareness and local detail capture with lower complexity;(3)Optimized PEG to enhance spatial perception and reduce overfitting;(4)Lightweight network design(5.8M parameters)ensuring high efficiency.Experimental results show HERL-ViT achieves 99.2%accuracy(Loss=0.066)on malware classification and 98.9%accuracy(Loss=0.081)on adversarial samples,demonstrating superior performance and robustness compared to state-of-the-art methods.展开更多
Detecting cyber attacks in networks connected to the Internet of Things(IoT)is of utmost importance because of the growing vulnerabilities in the smart environment.Conventional models,such as Naive Bayes and support v...Detecting cyber attacks in networks connected to the Internet of Things(IoT)is of utmost importance because of the growing vulnerabilities in the smart environment.Conventional models,such as Naive Bayes and support vector machine(SVM),as well as ensemble methods,such as Gradient Boosting and eXtreme gradient boosting(XGBoost),are often plagued by high computational costs,which makes it challenging for them to perform real-time detection.In this regard,we suggested an attack detection approach that integrates Visual Geometry Group 16(VGG16),Artificial Rabbits Optimizer(ARO),and Random Forest Model to increase detection accuracy and operational efficiency in Internet of Things(IoT)networks.In the suggested model,the extraction of features from malware pictures was accomplished with the help of VGG16.The prediction process is carried out by the random forest model using the extracted features from the VGG16.Additionally,ARO is used to improve the hyper-parameters of the random forest model of the random forest.With an accuracy of 96.36%,the suggested model outperforms the standard models in terms of accuracy,F1-score,precision,and recall.The comparative research highlights our strategy’s success,which improves performance while maintaining a lower computational cost.This method is ideal for real-time applications,but it is effective.展开更多
In today’s digital world,the Internet of Things(IoT)plays an important role in both local and global economies due to its widespread adoption in different applications.This technology has the potential to offer sever...In today’s digital world,the Internet of Things(IoT)plays an important role in both local and global economies due to its widespread adoption in different applications.This technology has the potential to offer several advantages over conventional technologies in the near future.However,the potential growth of this technology also attracts attention from hackers,which introduces new challenges for the research community that range from hardware and software security to user privacy and authentication.Therefore,we focus on a particular security concern that is associated with malware detection.The literature presents many countermeasures,but inconsistent results on identical datasets and algorithms raise concerns about model biases,training quality,and complexity.This highlights the need for an adaptive,real-time learning framework that can effectively mitigate malware threats in IoT applications.To address these challenges,(i)we propose an intelligent framework based on Two-step Deep Reinforcement Learning(TwStDRL)that is capable of learning and adapting in real-time to counter malware threats in IoT applications.This framework uses exploration and exploitation phenomena during both the training and testing phases by storing results in a replay memory.The stored knowledge allows the model to effectively navigate the environment and maximize cumulative rewards.(ii)To demonstrate the superiority of the TwStDRL framework,we implement and evaluate several machine learning algorithms for comparative analysis that include Support Vector Machines(SVM),Multi-Layer Perceptron,Random Forests,and k-means Clustering.The selection of these algorithms is driven by the inconsistent results reported in the literature,which create doubt about their robustness and reliability in real-world IoT deployments.(iii)Finally,we provide a comprehensive evaluation to justify why the TwStDRL framework outperforms them in mitigating security threats.During analysis,we noted that our proposed TwStDRL scheme achieves an average performance of 99.45%across accuracy,precision,recall,and F1-score,which is an absolute improvement of roughly 3%over the existing malware-detection models.展开更多
Detecting malware on mobile devices using the Android operating system has become a critical challenge in the field of cybersecurity,in the context of the rapid increase in the number of malware variants and the frequ...Detecting malware on mobile devices using the Android operating system has become a critical challenge in the field of cybersecurity,in the context of the rapid increase in the number of malware variants and the frequency of attacks targeting Android devices.In this paper,we propose a novel intelligent computational method to enhance the effectiveness of Android malware detection models.The proposed method combines two main techniques:(1)constructing a malware behavior profile and(2)extracting features from the malware behavior profile using graph neural networks.Specifically,to effectively construct an Android malware behavior profile,this paper proposes an information enrichment technique for the function call graph of malware files,based on new graph-structured features and semantic features of the malware’s source code.Additionally,to extract significant features from the constructed behavior profile,the study proposes using the GraphSAGE graph neural network.With this novel intelligent computational method,a variety of significant features of the malware have been effectively represented,synthesized,and extracted.The approach to detecting Android malware proposed in this paper is a new study and has not been explored in previous research.The experimental results on a dataset of 40,819 Android software indicate that the proposed method performs well across all metrics,with particularly impressive accuracy and recall scores of 99.03%and 99.19%,respectively,which outperforms existing state-of-the-art methods.展开更多
Malware is an ever-present and dynamic threat to networks and computer systems in cybersecurity,and because of its complexity and evasiveness,it is challenging to identify using traditional signature-based detection a...Malware is an ever-present and dynamic threat to networks and computer systems in cybersecurity,and because of its complexity and evasiveness,it is challenging to identify using traditional signature-based detection approaches.The study article discusses the growing danger to cybersecurity that malware hidden in PDF files poses,highlighting the shortcomings of conventional detection techniques and the difficulties presented by adversarial methodologies.The article presents a new method that improves PDF virus detection by using document analysis and a Logistic Model Tree.Using a dataset from the Canadian Institute for Cybersecurity,a comparative analysis is carried out with well-known machine learning models,such as Credal Decision Tree,Naïve Bayes,Average One Dependency Estimator,Locally Weighted Learning,and Stochastic Gradient Descent.Beyond traditional structural and JavaScript-centric PDF analysis,the research makes a substantial contribution to the area by boosting precision and resilience in malware detection.The use of Logistic Model Tree,a thorough feature selection approach,and increased focus on PDF file attributes all contribute to the efficiency of PDF virus detection.The paper emphasizes Logistic Model Tree’s critical role in tackling increasing cybersecurity threats and proposes a viable answer to practical issues in the sector.The results reveal that the Logistic Model Tree is superior,with improved accuracy of 97.46%when compared to benchmark models,demonstrating its usefulness in addressing the ever-changing threat landscape.展开更多
Malware attacks on Windows machines pose significant cybersecurity threats,necessitating effective detection and prevention mechanisms.Supervised machine learning classifiers have emerged as promising tools for malwar...Malware attacks on Windows machines pose significant cybersecurity threats,necessitating effective detection and prevention mechanisms.Supervised machine learning classifiers have emerged as promising tools for malware detection.However,there remains a need for comprehensive studies that compare the performance of different classifiers specifically for Windows malware detection.Addressing this gap can provide valuable insights for enhancing cybersecurity strategies.While numerous studies have explored malware detection using machine learning techniques,there is a lack of systematic comparison of supervised classifiers for Windows malware detection.Understanding the relative effectiveness of these classifiers can inform the selection of optimal detection methods and improve overall security measures.This study aims to bridge the research gap by conducting a comparative analysis of supervised machine learning classifiers for detecting malware on Windows systems.The objectives include Investigating the performance of various classifiers,such as Gaussian Naïve Bayes,K Nearest Neighbors(KNN),Stochastic Gradient Descent Classifier(SGDC),and Decision Tree,in detecting Windows malware.Evaluating the accuracy,efficiency,and suitability of each classifier for real-world malware detection scenarios.Identifying the strengths and limitations of different classifiers to provide insights for cybersecurity practitioners and researchers.Offering recommendations for selecting the most effective classifier for Windows malware detection based on empirical evidence.The study employs a structured methodology consisting of several phases:exploratory data analysis,data preprocessing,model training,and evaluation.Exploratory data analysis involves understanding the dataset’s characteristics and identifying preprocessing requirements.Data preprocessing includes cleaning,feature encoding,dimensionality reduction,and optimization to prepare the data for training.Model training utilizes various supervised classifiers,and their performance is evaluated using metrics such as accuracy,precision,recall,and F1 score.The study’s outcomes comprise a comparative analysis of supervised machine learning classifiers for Windows malware detection.Results reveal the effectiveness and efficiency of each classifier in detecting different types of malware.Additionally,insights into their strengths and limitations provide practical guidance for enhancing cybersecurity defenses.Overall,this research contributes to advancing malware detection techniques and bolstering the security posture of Windows systems against evolving cyber threats.展开更多
The rapid growth of mobile applications,the popularity of the Android system and its openness have attracted many hackers and even criminals,who are creating lots of Android malware.However,the current methods of Andr...The rapid growth of mobile applications,the popularity of the Android system and its openness have attracted many hackers and even criminals,who are creating lots of Android malware.However,the current methods of Android malware detection need a lot of time in the feature engineering phase.Furthermore,these models have the defects of low detection rate,high complexity,and poor practicability,etc.We analyze the Android malware samples,and the distribution of malware and benign software in application programming interface(API)calls,permissions,and other attributes.We classify the software’s threat levels based on the correlation of features.Then,we propose deep neural networks and convolutional neural networks with ensemble learning(DCEL),a new classifier fusion model for Android malware detection.First,DCEL preprocesses the malware data to remove redundant data,and converts the one-dimensional data into a two-dimensional gray image.Then,the ensemble learning approach is used to combine the deep neural network with the convolutional neural network,and the final classification results are obtained by voting on the prediction of each single classifier.Experiments based on the Drebin and Malgenome datasets show that compared with current state-of-art models,the proposed DCEL has a higher detection rate,higher recall rate,and lower computational cost.展开更多
This paper proposes a new approach to counter cyberattacks using the increasingly diverse malware in cyber security.Traditional signature detection methods that utilize static and dynamic features face limitations due...This paper proposes a new approach to counter cyberattacks using the increasingly diverse malware in cyber security.Traditional signature detection methods that utilize static and dynamic features face limitations due to the continuous evolution and diversity of new malware.Recently,machine learning-based malware detection techniques,such as Convolutional Neural Networks(CNN)and Recurrent Neural Networks(RNN),have gained attention.While these methods demonstrate high performance by leveraging static and dynamic features,they are limited in detecting new malware or variants because they learn based on the characteristics of existing malware.To overcome these limitations,malware detection techniques employing One-Shot Learning and Few-Shot Learning have been introduced.Based on this,the Siamese Network,which can effectively learn from a small number of samples and perform predictions based on similarity rather than learning the characteristics of the input data,enables the detection of new malware or variants.We propose a dual Siamese network-based detection framework that utilizes byte images converted frommalware binary data to grayscale,and opcode frequency-based images generated after extracting opcodes and converting them into 2-gramfrequencies.The proposed framework integrates two independent Siamese network models,one learning from byte images and the other from opcode frequency-based images.The detection models trained on the different kinds of images generated separately apply the L1 distancemeasure to the output vectors themodels generate,calculate the similarity,and then apply different weights to each model.Our proposed framework achieved a malware detection accuracy of 95.9%and 99.83%in the experimentsusingdifferentmalware datasets.The experimental resultsdemonstrate that ourmalware detection model can effectively detect malware by utilizing two different types of features and employing the dual Siamese network-based model.展开更多
With the prevalence of machine learning in malware defense,hackers have tried to attack machine learning models to evade detection.It is generally difficult to explore the details of malware detection models,hackers c...With the prevalence of machine learning in malware defense,hackers have tried to attack machine learning models to evade detection.It is generally difficult to explore the details of malware detection models,hackers can adopt fuzzing attack to manipulate the features of the malware closer to benign programs on the premise of retaining their functions.In this paper,attack and defense methods on malware detection models based on machine learning algorithms were studied.Firstly,we designed a fuzzing attack method by randomly modifying features to evade detection.The fuzzing attack can effectively descend the accuracy of machine learning model with single feature.Then an adversarial malware detection model MaliFuzz is proposed to defend fuzzing attack.Different from the ordinary single feature detection model,the combined features by static and dynamic analysis to improve the defense ability are used.The experiment results show that the adversarial malware detection model with combined features can deal with the attack.The methods designed in this paper have great significance in improving the security of malware detection models and have good application prospects.展开更多
Focusing on the sensitive behaviors of malware, such as privacy stealing and money costing, this paper proposes a new method to monitor software behaviors and detect malicious applications on Android platform. Accordi...Focusing on the sensitive behaviors of malware, such as privacy stealing and money costing, this paper proposes a new method to monitor software behaviors and detect malicious applications on Android platform. According to the theory and implementation of Android Binder interprocess communication mechanism, a prototype system that integrates behavior monitoring and intercepting, malware detection, and identification is built in this work. There are 50 different kinds of samples used in the experiment of malware detection, including 40 normal samples and 10 malicious samples. The theoretical analysis and experimental result demonstrate that this system is effective in malware detection and interception, with a true positive rate equal to 100% and a false positive rate less than 3%.展开更多
As the risk of malware is sharply increasing in Android platform,Android malware detection has become an important research topic.Existing works have demonstrated that required permissions of Android applications are ...As the risk of malware is sharply increasing in Android platform,Android malware detection has become an important research topic.Existing works have demonstrated that required permissions of Android applications are valuable for malware analysis,but how to exploit those permission patterns for malware detection remains an open issue.In this paper,we introduce the contrasting permission patterns to characterize the essential differences between malwares and clean applications from the permission aspect Then a framework based on contrasting permission patterns is presented for Android malware detection.According to the proposed framework,an ensemble classifier,Enclamald,is further developed to detect whether an application is potentially malicious.Every contrasting permission pattern is acting as a weak classifier in Enclamald,and the weighted predictions of involved weak classifiers are aggregated to the final result.Experiments on real-world applications validate that the proposed Enclamald classifier outperforms commonly used classifiers for Android Malware Detection.展开更多
The study of malware behaviors,over the last years,has received tremendous attention from researchers for the purpose of reducing malware risks.Most of the investigating experiments are performed using either static a...The study of malware behaviors,over the last years,has received tremendous attention from researchers for the purpose of reducing malware risks.Most of the investigating experiments are performed using either static analysis or behavior analysis.However,recent studies have shown that both analyses are vulnerable to modern malware files that use several techniques to avoid analysis and detection.Therefore,extracted features could be meaningless and a distraction for malware analysts.However,the volatile memory can expose useful information about malware behaviors and characteristics.In addition,memory analysis is capable of detecting unconventional malware,such as in-memory and fileless malware.However,memory features have not been fully utilized yet.Therefore,this work aims to present a new malware detection and classification approach that extracts memory-based features from memory images using memory forensic techniques.The extracted features can expose the malware’s real behaviors,such as interacting with the operating system,DLL and process injection,communicating with command and control site,and requesting higher privileges to perform specific tasks.We also applied feature engineering and converted the features to binary vectors before training and testing the classifiers.The experiments show that the proposed approach has a high classification accuracy rate of 98.5%and a false positive rate as low as 1.24%using the SVM classifier.The efficiency of the approach has been evaluated by comparing it with other related works.Also,a new memory-based dataset consisting of 2502 malware files and 966 benign samples forming 8898 features and belonging to six memory types has been created and published online for research purposes.展开更多
Malware is a‘malicious software program that performs multiple cyberattacks on the Internet,involving fraud,scams,nation-state cyberwar,and cybercrime.Such malicious software programs come under different classificat...Malware is a‘malicious software program that performs multiple cyberattacks on the Internet,involving fraud,scams,nation-state cyberwar,and cybercrime.Such malicious software programs come under different classifications,namely Trojans,viruses,spyware,worms,ransomware,Rootkit,botnet malware,etc.Ransomware is a kind of malware that holds the victim’s data hostage by encrypting the information on the user’s computer to make it inaccessible to users and only decrypting it;then,the user pays a ransom procedure of a sum of money.To prevent detection,various forms of ransomware utilize more than one mechanism in their attack flow in conjunction with Machine Learning(ML)algorithm.This study focuses on designing a Learning-Based Artificial Algae Algorithm with Optimal Machine Learning Enabled Malware Detection(LBAAA-OMLMD)approach in Computer Networks.The presented LBAAA-OMLMDmodelmainly aims to detect and classify the existence of ransomware and goodware in the network.To accomplish this,the LBAAA-OMLMD model initially derives a Learning-Based Artificial Algae Algorithm based Feature Selection(LBAAA-FS)model to reduce the curse of dimensionality problems.Besides,the Flower Pollination Algorithm(FPA)with Echo State Network(ESN)Classification model is applied.The FPA model helps to appropriately adjust the parameters related to the ESN model to accomplish enhanced classifier results.The experimental validation of the LBAAA-OMLMD model is tested using a benchmark dataset,and the outcomes are inspected in distinct measures.The comprehensive comparative examination demonstrated the betterment of the LBAAAOMLMD model over recent algorithms.展开更多
Cybersecurity has become the most significant research area in the domain of the Internet of Things(IoT)owing to the ever-increasing number of cyberattacks.The rapid penetration of Android platforms in mobile devices ...Cybersecurity has become the most significant research area in the domain of the Internet of Things(IoT)owing to the ever-increasing number of cyberattacks.The rapid penetration of Android platforms in mobile devices has made the detection of malware attacks a challenging process.Furthermore,Android malware is increasing on a daily basis.So,precise malware detection analytical techniques need a large number of hardware resources that are signifi-cantly resource-limited for mobile devices.In this research article,an optimal Graph Convolutional Neural Network-based Malware Detection and classification(OGCNN-MDC)model is introduced for an IoT-cloud environment.The pro-posed OGCNN-MDC model aims to recognize and categorize malware occur-rences in IoT-enabled cloud platforms.The presented OGCNN-MDC model has three stages in total,such as data pre-processing,malware detection and para-meter tuning.To detect and classify the malware,the GCNN model is exploited in this work.In order to enhance the overall efficiency of the GCNN model,the Group Mean-based Optimizer(GMBO)algorithm is utilized to appropriately adjust the GCNN parameters,and this phenomenon shows the novelty of the cur-rent study.A widespread experimental analysis was conducted to establish the superiority of the proposed OGCNN-MDC model.A comprehensive comparison study was conducted,and the outcomes highlighted the supreme performance of the proposed OGCNN-MDC model over other recent approaches.展开更多
Machine learning(ML)is often used to solve the problem of malware detection and classification,and various machine learning approaches are adapted to the problem of malware classification;still acquiring poor performa...Machine learning(ML)is often used to solve the problem of malware detection and classification,and various machine learning approaches are adapted to the problem of malware classification;still acquiring poor performance by the way of feature selection,and classification.To address the problem,an efficient novel algorithm for adaptive feature-centered XG Boost Ensemble Learner Classifier“AFC-XG Boost”is presented in this paper.The proposed model has been designed to handle varying data sets of malware detection obtained from Kaggle data set.The model turns the XG Boost classifier in several stages to optimize performance.At preprocessing stage,the data set given has been noise removed,normalized and tamper removed using Feature Base Optimizer“FBO”algorithm.The FBO would normalize the data points,as well as perform noise removal according to the feature values and their base information.Similarly,the performance of standard XG Boost has been optimized by adapting the selection using Class Based Principle Component Analysis“CBPCA”algorithm,which performs the selection according to the fitness of any feature for different classes.Based on the selected features,the method generates a regression tree for each feature considered.Based on the generated trees,the method performs classification by computing the tree-level ensemble similarity‘TLES’and the class-level ensemble similarity‘CLES’.Using both methods calculates the value of the class match similarity‘CMS’based on which the malware has been classified.The proposed approach achieves 97% accuracy in malware detection and classification with the less time complexity of 34 s for 75000 samples.展开更多
文摘Safeguarding against malware requires precise machine-learning algorithms to classify harmful apps.The Drebin dataset of 15,036 samples and 215 features yielded significant and reliable results for two hybrid models,CNN+XGBoost and KNN+XGBoost.To address the class imbalance issue,SMOTE(Synthetic Minority Oversampling Technique)was used to preprocess the dataset,creating synthetic samples of the minority class(malware)to balance the training set.XGBoost was then used to choose the most essential features for separating malware from benign programs.The models were trained and tested using 6-fold cross-validation,measuring accuracy,precision,recall,F1 score,and ROC AUC.The results are highly dependable,showing that CNN+XGBoost consistently outperforms KNN+XGBoost with an average accuracy of 98.76%compared to 97.89%.The CNN-based malware classification model,with its higher precision,recall,and F1 scores,is a secure choice.CNN+XGBoost,with its fewer all-fold misclassifications in confusion matrices,further solidifies this security.The calibration curve research,confirming the accuracy and cybersecurity applicability of the models’probability projections,adds to the sense of reliability.This study unequivocally demonstrates that CNN+XGBoost is a reliable and effective malware detection system,underlining the importance of feature selection and hybrid models.
基金supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)(Project Nos.RS-2024-00438551,30%,2022-11220701,30%,2021-0-01816,30%)the National Research Foundation of Korea(NRF)grant funded by the Korean Government(Project No.RS2023-00208460,10%).
文摘The proliferation of Internet of Things(IoT)devices has established edge computing as a critical paradigm for real-time data analysis and low-latency processing.Nevertheless,the distributed nature of edge computing presents substantial security challenges,rendering it a prominent target for sophisticated malware attacks.Existing signature-based and behavior-based detection methods are ineffective against the swiftly evolving nature of malware threats and are constrained by the availability of resources.This paper suggests the Genetic Encoding for Novel Optimization of Malware Evaluation(GENOME)framework,a novel solution that is intended to improve the performance of malware detection and classification in peripheral computing environments.GENOME optimizes data storage and computa-tional efficiency by converting malware artifacts into compact,structured sequences through a Deoxyribonucleic Acid(DNA)encoding mechanism.The framework employs two DNA encoding algorithms,standard and compressed,which substantially reduce data size while preserving high detection accuracy.The Edge-IIoTset dataset was used to conduct experiments that showed that GENOME was able to achieve high classification performance using models such as Random Forest and Logistic Regression,resulting in a reduction of data size by up to 42%.Further evaluations with the CIC-IoT-23 dataset and Deep Learning models confirmed GENOME’s scalability and adaptability across diverse datasets and algorithms.The potential of GENOME to address critical challenges,such as the rapid mutation of malware,real-time processing demands,and resource limitations,is emphasized in this study.GENOME offers comprehensive protection for peripheral computing environments by offering a security solution that is both efficient and scalable.
基金supported and funded by the Deanship of Scientific Research at Imam Mohammad Ibn Saud Islamic University(IMSIU)(grant number IMSIU-DDRSP2504).
文摘The rapid evolution of malware presents a critical cybersecurity challenge,rendering traditional signature-based detection methods ineffective against novel variants.This growing threat affects individuals,organizations,and governments,highlighting the urgent need for robust malware detection mechanisms.Conventional machine learning-based approaches rely on static and dynamicmalware analysis and often struggle to detect previously unseen threats due to their dependency on predefined signatures.Although machine learning algorithms(MLAs)offer promising detection capabilities,their reliance on extensive feature engineering limits real-time applicability.Deep learning techniques mitigate this issue by automating feature extraction but may introduce computational overhead,affecting deployment efficiency.This research evaluates classical MLAs and deep learningmodels to enhance malware detection performance across diverse datasets.The proposed approach integrates a novel text and imagebased detection framework,employing an optimized Support Vector Machine(SVM)for textual data analysis and EfficientNet-B0 for image-based malware classification.Experimental analysis,conducted across multiple train-test splits over varying timescales,demonstrates 99.97%accuracy on textual datasets using SVM and 96.7%accuracy on image-based datasets with EfficientNet-B0,significantly improving zero-day malware detection.Furthermore,a comparative analysis with existing competitive techniques,such as Random Forest,XGBoost,and CNN-based(Convolutional Neural Network)classifiers,highlights the superior performance of the proposed model in terms of accuracy,efficiency,and robustness.
基金funded by the Deanship of Scientific Research(DSR)at King Abdulaziz University,Jeddah,under grant No.(IPP:421-611-2025).
文摘Over the past few years,Malware attacks have become more and more widespread,posing threats to digital assets throughout the world.Although numerous methods have been developed to detect malicious attacks,these malware detection techniques need to be more efficient in detecting new and progressively sophisticated variants of malware.Therefore,the development of more advanced and accurate techniques is necessary for malware detection.This paper introduces a comprehensive Dual-Channel Attention Deep Bidirectional Long Short-Term Memory(DCADBiLSTM)model for malware detection and riskmitigation.The Dual Channel Attention(DCA)mechanism improves themodel’s capability to concentrate on the features that aremost appropriate in the input data,which reduces the false favourable rates.The Bidirectional Long,Short-Term Memory framework helps capture crucial interdependence from past and future circumstances,which is essential for enhancing the model’s understanding of malware behaviour.As soon as malware is detected,the risk mitigation phase is implemented,which evaluates the severity of each threat and helps mitigate threats earlier.The outcomes of the method demonstrate better accuracy of 98.96%,which outperforms traditional models.It indicates the method detects and mitigates several kinds of malware threats,thereby providing a proactive defence mechanism against the emerging challenges in cybersecurity.
基金funded by Naif Arab University for Security Sciences under grant No.NAUSS-23-R11.
文摘In the current digital era,new technologies are becoming an essential part of our lives.Consequently,the number ofmalicious software ormalware attacks is rapidly growing.There is no doubt,themajority ofmalware attacks can be detected by most antivirus programs.However,such types of antivirus programs are one step behind malicious software.Due to these dilemmas,deep learning become popular in the detection and classification of malicious data.Therefore,researchers have significantly focused on finding solutions for malware attacks by analyzing malicious samples with the help of different techniques and models.In this research,we presented a lightweight attention-based novel deep Convolutional Neural Network(DNN-CNN)model for binary and multi-class malware classification,including benign,trojan horse,ransomware,and spyware.We applied the Principal Component Analysis(PCA)technique for feature extraction for binary classification.We used the Synthetic Minority Oversampling Technique(SMOTE)to handle the imbalanced data during multi-class classification.Our proposed attention-based malware detectionmodel is trained on the benchmarkmalware memory dataset named CIC-MalMem-2022.Theresults indicate that our model obtained high accuracy for binary and multi-class classification,99.5% and 97.9%,respectively.
基金funded by the Special Project of Langfang Key Research and Development under Grant No.2023011005Bthe Technology Innovation Platform Construction Project of North China Institute of Aerospace Engineering under Grant No.CXPT-2023-02.
文摘The proliferation of malware and the emergence of adversarial samples pose severe threats to global cybersecurity,demanding robust detection mechanisms.Traditional malware detection methods suffer from limited feature extraction capabilities,while existing Vision Transformer(ViT)-based approaches face high computational complexity due to global self-attention,hindering their efficiency in handling large-scale image data.To address these issues,this paper proposes a novel hybrid enhanced Vision Transformer architecture,HERL-ViT,tailored for malware detection.The detection framework involves five phases:malware image visualization,image segmentation with patch embedding,regional-local attention-based feature extraction,enhanced feature transformation,and classification.Methodologically,HERL-ViT integrates a multi-level pyramid structure to capture multi-scale features,a regionalto-local attention mechanism to reduce computational complexity,an Optimized Position Encoding Generator for dynamic relative position encoding,and enhanced MLP and downsampling modules to balance performance and efficiency.Key contributions include:(1)A unified framework integrating visualization,adversarial training,and hybrid attention for malware detection;(2)Regional-local attention to achieve both global awareness and local detail capture with lower complexity;(3)Optimized PEG to enhance spatial perception and reduce overfitting;(4)Lightweight network design(5.8M parameters)ensuring high efficiency.Experimental results show HERL-ViT achieves 99.2%accuracy(Loss=0.066)on malware classification and 98.9%accuracy(Loss=0.081)on adversarial samples,demonstrating superior performance and robustness compared to state-of-the-art methods.
基金funded by Institutional Fund Projects under grant no.(IFPDP-261-22)。
文摘Detecting cyber attacks in networks connected to the Internet of Things(IoT)is of utmost importance because of the growing vulnerabilities in the smart environment.Conventional models,such as Naive Bayes and support vector machine(SVM),as well as ensemble methods,such as Gradient Boosting and eXtreme gradient boosting(XGBoost),are often plagued by high computational costs,which makes it challenging for them to perform real-time detection.In this regard,we suggested an attack detection approach that integrates Visual Geometry Group 16(VGG16),Artificial Rabbits Optimizer(ARO),and Random Forest Model to increase detection accuracy and operational efficiency in Internet of Things(IoT)networks.In the suggested model,the extraction of features from malware pictures was accomplished with the help of VGG16.The prediction process is carried out by the random forest model using the extracted features from the VGG16.Additionally,ARO is used to improve the hyper-parameters of the random forest model of the random forest.With an accuracy of 96.36%,the suggested model outperforms the standard models in terms of accuracy,F1-score,precision,and recall.The comparative research highlights our strategy’s success,which improves performance while maintaining a lower computational cost.This method is ideal for real-time applications,but it is effective.
基金supported by Princess Nourah bint Abdulrahman University Researchers Supporting Project number(PNURSP2025R104)Princess Nourah bint Abdulrahman University,Riyadh,Saudi Arabia。
文摘In today’s digital world,the Internet of Things(IoT)plays an important role in both local and global economies due to its widespread adoption in different applications.This technology has the potential to offer several advantages over conventional technologies in the near future.However,the potential growth of this technology also attracts attention from hackers,which introduces new challenges for the research community that range from hardware and software security to user privacy and authentication.Therefore,we focus on a particular security concern that is associated with malware detection.The literature presents many countermeasures,but inconsistent results on identical datasets and algorithms raise concerns about model biases,training quality,and complexity.This highlights the need for an adaptive,real-time learning framework that can effectively mitigate malware threats in IoT applications.To address these challenges,(i)we propose an intelligent framework based on Two-step Deep Reinforcement Learning(TwStDRL)that is capable of learning and adapting in real-time to counter malware threats in IoT applications.This framework uses exploration and exploitation phenomena during both the training and testing phases by storing results in a replay memory.The stored knowledge allows the model to effectively navigate the environment and maximize cumulative rewards.(ii)To demonstrate the superiority of the TwStDRL framework,we implement and evaluate several machine learning algorithms for comparative analysis that include Support Vector Machines(SVM),Multi-Layer Perceptron,Random Forests,and k-means Clustering.The selection of these algorithms is driven by the inconsistent results reported in the literature,which create doubt about their robustness and reliability in real-world IoT deployments.(iii)Finally,we provide a comprehensive evaluation to justify why the TwStDRL framework outperforms them in mitigating security threats.During analysis,we noted that our proposed TwStDRL scheme achieves an average performance of 99.45%across accuracy,precision,recall,and F1-score,which is an absolute improvement of roughly 3%over the existing malware-detection models.
文摘Detecting malware on mobile devices using the Android operating system has become a critical challenge in the field of cybersecurity,in the context of the rapid increase in the number of malware variants and the frequency of attacks targeting Android devices.In this paper,we propose a novel intelligent computational method to enhance the effectiveness of Android malware detection models.The proposed method combines two main techniques:(1)constructing a malware behavior profile and(2)extracting features from the malware behavior profile using graph neural networks.Specifically,to effectively construct an Android malware behavior profile,this paper proposes an information enrichment technique for the function call graph of malware files,based on new graph-structured features and semantic features of the malware’s source code.Additionally,to extract significant features from the constructed behavior profile,the study proposes using the GraphSAGE graph neural network.With this novel intelligent computational method,a variety of significant features of the malware have been effectively represented,synthesized,and extracted.The approach to detecting Android malware proposed in this paper is a new study and has not been explored in previous research.The experimental results on a dataset of 40,819 Android software indicate that the proposed method performs well across all metrics,with particularly impressive accuracy and recall scores of 99.03%and 99.19%,respectively,which outperforms existing state-of-the-art methods.
基金This research work was funded by Institutional Fund Projects under Grant No.(IFPIP:211-611-1443).
文摘Malware is an ever-present and dynamic threat to networks and computer systems in cybersecurity,and because of its complexity and evasiveness,it is challenging to identify using traditional signature-based detection approaches.The study article discusses the growing danger to cybersecurity that malware hidden in PDF files poses,highlighting the shortcomings of conventional detection techniques and the difficulties presented by adversarial methodologies.The article presents a new method that improves PDF virus detection by using document analysis and a Logistic Model Tree.Using a dataset from the Canadian Institute for Cybersecurity,a comparative analysis is carried out with well-known machine learning models,such as Credal Decision Tree,Naïve Bayes,Average One Dependency Estimator,Locally Weighted Learning,and Stochastic Gradient Descent.Beyond traditional structural and JavaScript-centric PDF analysis,the research makes a substantial contribution to the area by boosting precision and resilience in malware detection.The use of Logistic Model Tree,a thorough feature selection approach,and increased focus on PDF file attributes all contribute to the efficiency of PDF virus detection.The paper emphasizes Logistic Model Tree’s critical role in tackling increasing cybersecurity threats and proposes a viable answer to practical issues in the sector.The results reveal that the Logistic Model Tree is superior,with improved accuracy of 97.46%when compared to benchmark models,demonstrating its usefulness in addressing the ever-changing threat landscape.
基金This researchwork is supported by Princess Nourah bint Abdulrahman University Researchers Supporting Project Number(PNURSP2024R411),Princess Nourah bint Abdulrahman University,Riyadh,Saudi Arabia.
文摘Malware attacks on Windows machines pose significant cybersecurity threats,necessitating effective detection and prevention mechanisms.Supervised machine learning classifiers have emerged as promising tools for malware detection.However,there remains a need for comprehensive studies that compare the performance of different classifiers specifically for Windows malware detection.Addressing this gap can provide valuable insights for enhancing cybersecurity strategies.While numerous studies have explored malware detection using machine learning techniques,there is a lack of systematic comparison of supervised classifiers for Windows malware detection.Understanding the relative effectiveness of these classifiers can inform the selection of optimal detection methods and improve overall security measures.This study aims to bridge the research gap by conducting a comparative analysis of supervised machine learning classifiers for detecting malware on Windows systems.The objectives include Investigating the performance of various classifiers,such as Gaussian Naïve Bayes,K Nearest Neighbors(KNN),Stochastic Gradient Descent Classifier(SGDC),and Decision Tree,in detecting Windows malware.Evaluating the accuracy,efficiency,and suitability of each classifier for real-world malware detection scenarios.Identifying the strengths and limitations of different classifiers to provide insights for cybersecurity practitioners and researchers.Offering recommendations for selecting the most effective classifier for Windows malware detection based on empirical evidence.The study employs a structured methodology consisting of several phases:exploratory data analysis,data preprocessing,model training,and evaluation.Exploratory data analysis involves understanding the dataset’s characteristics and identifying preprocessing requirements.Data preprocessing includes cleaning,feature encoding,dimensionality reduction,and optimization to prepare the data for training.Model training utilizes various supervised classifiers,and their performance is evaluated using metrics such as accuracy,precision,recall,and F1 score.The study’s outcomes comprise a comparative analysis of supervised machine learning classifiers for Windows malware detection.Results reveal the effectiveness and efficiency of each classifier in detecting different types of malware.Additionally,insights into their strengths and limitations provide practical guidance for enhancing cybersecurity defenses.Overall,this research contributes to advancing malware detection techniques and bolstering the security posture of Windows systems against evolving cyber threats.
基金supported by the National Natural Science Foundation of China(62072255)。
文摘The rapid growth of mobile applications,the popularity of the Android system and its openness have attracted many hackers and even criminals,who are creating lots of Android malware.However,the current methods of Android malware detection need a lot of time in the feature engineering phase.Furthermore,these models have the defects of low detection rate,high complexity,and poor practicability,etc.We analyze the Android malware samples,and the distribution of malware and benign software in application programming interface(API)calls,permissions,and other attributes.We classify the software’s threat levels based on the correlation of features.Then,we propose deep neural networks and convolutional neural networks with ensemble learning(DCEL),a new classifier fusion model for Android malware detection.First,DCEL preprocesses the malware data to remove redundant data,and converts the one-dimensional data into a two-dimensional gray image.Then,the ensemble learning approach is used to combine the deep neural network with the convolutional neural network,and the final classification results are obtained by voting on the prediction of each single classifier.Experiments based on the Drebin and Malgenome datasets show that compared with current state-of-art models,the proposed DCEL has a higher detection rate,higher recall rate,and lower computational cost.
文摘This paper proposes a new approach to counter cyberattacks using the increasingly diverse malware in cyber security.Traditional signature detection methods that utilize static and dynamic features face limitations due to the continuous evolution and diversity of new malware.Recently,machine learning-based malware detection techniques,such as Convolutional Neural Networks(CNN)and Recurrent Neural Networks(RNN),have gained attention.While these methods demonstrate high performance by leveraging static and dynamic features,they are limited in detecting new malware or variants because they learn based on the characteristics of existing malware.To overcome these limitations,malware detection techniques employing One-Shot Learning and Few-Shot Learning have been introduced.Based on this,the Siamese Network,which can effectively learn from a small number of samples and perform predictions based on similarity rather than learning the characteristics of the input data,enables the detection of new malware or variants.We propose a dual Siamese network-based detection framework that utilizes byte images converted frommalware binary data to grayscale,and opcode frequency-based images generated after extracting opcodes and converting them into 2-gramfrequencies.The proposed framework integrates two independent Siamese network models,one learning from byte images and the other from opcode frequency-based images.The detection models trained on the different kinds of images generated separately apply the L1 distancemeasure to the output vectors themodels generate,calculate the similarity,and then apply different weights to each model.Our proposed framework achieved a malware detection accuracy of 95.9%and 99.83%in the experimentsusingdifferentmalware datasets.The experimental resultsdemonstrate that ourmalware detection model can effectively detect malware by utilizing two different types of features and employing the dual Siamese network-based model.
文摘With the prevalence of machine learning in malware defense,hackers have tried to attack machine learning models to evade detection.It is generally difficult to explore the details of malware detection models,hackers can adopt fuzzing attack to manipulate the features of the malware closer to benign programs on the premise of retaining their functions.In this paper,attack and defense methods on malware detection models based on machine learning algorithms were studied.Firstly,we designed a fuzzing attack method by randomly modifying features to evade detection.The fuzzing attack can effectively descend the accuracy of machine learning model with single feature.Then an adversarial malware detection model MaliFuzz is proposed to defend fuzzing attack.Different from the ordinary single feature detection model,the combined features by static and dynamic analysis to improve the defense ability are used.The experiment results show that the adversarial malware detection model with combined features can deal with the attack.The methods designed in this paper have great significance in improving the security of malware detection models and have good application prospects.
基金Supported by the National Natural Science Foundation of China(61103220)the Fundamental Research Funds for the Central Universities (6082013)+1 种基金the National Natural Science Foundation of Hubei(2011CDB456)Chenguang Program(2012710367)
文摘Focusing on the sensitive behaviors of malware, such as privacy stealing and money costing, this paper proposes a new method to monitor software behaviors and detect malicious applications on Android platform. According to the theory and implementation of Android Binder interprocess communication mechanism, a prototype system that integrates behavior monitoring and intercepting, malware detection, and identification is built in this work. There are 50 different kinds of samples used in the experiment of malware detection, including 40 normal samples and 10 malicious samples. The theoretical analysis and experimental result demonstrate that this system is effective in malware detection and interception, with a true positive rate equal to 100% and a false positive rate less than 3%.
基金This work was supported by Deakin Cyber Security Research Cluster National Natural Science Foundation of China under Grant Nos. 61304067 and 61202211 +1 种基金 Guangxi Key Laboratory of Trusted Software No. kx201325 the Fundamental Research Funds for the Central Universities under Grant No 31541311314.
文摘As the risk of malware is sharply increasing in Android platform,Android malware detection has become an important research topic.Existing works have demonstrated that required permissions of Android applications are valuable for malware analysis,but how to exploit those permission patterns for malware detection remains an open issue.In this paper,we introduce the contrasting permission patterns to characterize the essential differences between malwares and clean applications from the permission aspect Then a framework based on contrasting permission patterns is presented for Android malware detection.According to the proposed framework,an ensemble classifier,Enclamald,is further developed to detect whether an application is potentially malicious.Every contrasting permission pattern is acting as a weak classifier in Enclamald,and the weighted predictions of involved weak classifiers are aggregated to the final result.Experiments on real-world applications validate that the proposed Enclamald classifier outperforms commonly used classifiers for Android Malware Detection.
基金supported in part by Universiti Kebangsaan Malaysia(UKM)under Grant GUP-2019-062 and Grant GP-2019-K005539in part by the Ministry of Education Malaysia under Grant FRGS/1/2018/ICT04/UKM/02/3.
文摘The study of malware behaviors,over the last years,has received tremendous attention from researchers for the purpose of reducing malware risks.Most of the investigating experiments are performed using either static analysis or behavior analysis.However,recent studies have shown that both analyses are vulnerable to modern malware files that use several techniques to avoid analysis and detection.Therefore,extracted features could be meaningless and a distraction for malware analysts.However,the volatile memory can expose useful information about malware behaviors and characteristics.In addition,memory analysis is capable of detecting unconventional malware,such as in-memory and fileless malware.However,memory features have not been fully utilized yet.Therefore,this work aims to present a new malware detection and classification approach that extracts memory-based features from memory images using memory forensic techniques.The extracted features can expose the malware’s real behaviors,such as interacting with the operating system,DLL and process injection,communicating with command and control site,and requesting higher privileges to perform specific tasks.We also applied feature engineering and converted the features to binary vectors before training and testing the classifiers.The experiments show that the proposed approach has a high classification accuracy rate of 98.5%and a false positive rate as low as 1.24%using the SVM classifier.The efficiency of the approach has been evaluated by comparing it with other related works.Also,a new memory-based dataset consisting of 2502 malware files and 966 benign samples forming 8898 features and belonging to six memory types has been created and published online for research purposes.
基金Princess Nourah bint Abdulrahman University Researchers Supporting Project number(PNURSP2022R319)PrincessNourah bint Abdulrahman University,Riyadh,Saudi Arabia.The authors would like to thank the Deanship of Scientific Research at Umm Al-Qura University for supporting this work by Grant Code:22UQU4310373DSR34The authors are thankful to the Deanship of Scientific Research at Najran University for funding thiswork under theResearch Groups Funding program Grant Code(NU/RG/SERC/11/4).
文摘Malware is a‘malicious software program that performs multiple cyberattacks on the Internet,involving fraud,scams,nation-state cyberwar,and cybercrime.Such malicious software programs come under different classifications,namely Trojans,viruses,spyware,worms,ransomware,Rootkit,botnet malware,etc.Ransomware is a kind of malware that holds the victim’s data hostage by encrypting the information on the user’s computer to make it inaccessible to users and only decrypting it;then,the user pays a ransom procedure of a sum of money.To prevent detection,various forms of ransomware utilize more than one mechanism in their attack flow in conjunction with Machine Learning(ML)algorithm.This study focuses on designing a Learning-Based Artificial Algae Algorithm with Optimal Machine Learning Enabled Malware Detection(LBAAA-OMLMD)approach in Computer Networks.The presented LBAAA-OMLMDmodelmainly aims to detect and classify the existence of ransomware and goodware in the network.To accomplish this,the LBAAA-OMLMD model initially derives a Learning-Based Artificial Algae Algorithm based Feature Selection(LBAAA-FS)model to reduce the curse of dimensionality problems.Besides,the Flower Pollination Algorithm(FPA)with Echo State Network(ESN)Classification model is applied.The FPA model helps to appropriately adjust the parameters related to the ESN model to accomplish enhanced classifier results.The experimental validation of the LBAAA-OMLMD model is tested using a benchmark dataset,and the outcomes are inspected in distinct measures.The comprehensive comparative examination demonstrated the betterment of the LBAAAOMLMD model over recent algorithms.
基金Princess Nourah bint Abdulrahman University Researchers Supporting Project number(PNURSP2022R237)Princess Nourah bint Abdulrahman University,Riyadh,Saudi ArabiaThe authors would like to thank the Deanship of Scientific Research at Umm Al-Qura University for supporting this work by Grant Code:(22UQU4331004DSR13).
文摘Cybersecurity has become the most significant research area in the domain of the Internet of Things(IoT)owing to the ever-increasing number of cyberattacks.The rapid penetration of Android platforms in mobile devices has made the detection of malware attacks a challenging process.Furthermore,Android malware is increasing on a daily basis.So,precise malware detection analytical techniques need a large number of hardware resources that are signifi-cantly resource-limited for mobile devices.In this research article,an optimal Graph Convolutional Neural Network-based Malware Detection and classification(OGCNN-MDC)model is introduced for an IoT-cloud environment.The pro-posed OGCNN-MDC model aims to recognize and categorize malware occur-rences in IoT-enabled cloud platforms.The presented OGCNN-MDC model has three stages in total,such as data pre-processing,malware detection and para-meter tuning.To detect and classify the malware,the GCNN model is exploited in this work.In order to enhance the overall efficiency of the GCNN model,the Group Mean-based Optimizer(GMBO)algorithm is utilized to appropriately adjust the GCNN parameters,and this phenomenon shows the novelty of the cur-rent study.A widespread experimental analysis was conducted to establish the superiority of the proposed OGCNN-MDC model.A comprehensive comparison study was conducted,and the outcomes highlighted the supreme performance of the proposed OGCNN-MDC model over other recent approaches.
文摘Machine learning(ML)is often used to solve the problem of malware detection and classification,and various machine learning approaches are adapted to the problem of malware classification;still acquiring poor performance by the way of feature selection,and classification.To address the problem,an efficient novel algorithm for adaptive feature-centered XG Boost Ensemble Learner Classifier“AFC-XG Boost”is presented in this paper.The proposed model has been designed to handle varying data sets of malware detection obtained from Kaggle data set.The model turns the XG Boost classifier in several stages to optimize performance.At preprocessing stage,the data set given has been noise removed,normalized and tamper removed using Feature Base Optimizer“FBO”algorithm.The FBO would normalize the data points,as well as perform noise removal according to the feature values and their base information.Similarly,the performance of standard XG Boost has been optimized by adapting the selection using Class Based Principle Component Analysis“CBPCA”algorithm,which performs the selection according to the fitness of any feature for different classes.Based on the selected features,the method generates a regression tree for each feature considered.Based on the generated trees,the method performs classification by computing the tree-level ensemble similarity‘TLES’and the class-level ensemble similarity‘CLES’.Using both methods calculates the value of the class match similarity‘CMS’based on which the malware has been classified.The proposed approach achieves 97% accuracy in malware detection and classification with the less time complexity of 34 s for 75000 samples.
