The rapid expansion of the Internet of Things(IoT)and Edge Artificial Intelligence(AI)has redefined automation and connectivity acrossmodern networks.However,the heterogeneity and limited resources of IoT devices expo...The rapid expansion of the Internet of Things(IoT)and Edge Artificial Intelligence(AI)has redefined automation and connectivity acrossmodern networks.However,the heterogeneity and limited resources of IoT devices expose them to increasingly sophisticated and persistentmalware attacks.These adaptive and stealthy threats can evade conventional detection,establish remote control,propagate across devices,exfiltrate sensitive data,and compromise network integrity.This study presents a Software-Defined Internet of Things(SD-IoT)control-plane-based,AI-driven framework that integrates Gated Recurrent Units(GRU)and Long Short-TermMemory(LSTM)networks for efficient detection of evolving multi-vector,malware-driven botnet attacks.The proposed CUDA-enabled hybrid deep learning(DL)framework performs centralized real-time detection without adding computational overhead to IoT nodes.A feature selection strategy combining variable clustering,attribute evaluation,one-R attribute evaluation,correlation analysis,and principal component analysis(PCA)enhances detection accuracy and reduces complexity.The framework is rigorously evaluated using the N_BaIoT dataset under k-fold cross-validation.Experimental results achieve 99.96%detection accuracy,a false positive rate(FPR)of 0.0035%,and a detection latency of 0.18 ms,confirming its high efficiency and scalability.The findings demonstrate the framework’s potential as a robust and intelligent security solution for next-generation IoT ecosystems.展开更多
Over the past decade,the landscape of cybersecurity has been increasingly shaped by the growing sophistication and frequency of malware attacks.Traditional detection techniques,while still in use,often fall short when...Over the past decade,the landscape of cybersecurity has been increasingly shaped by the growing sophistication and frequency of malware attacks.Traditional detection techniques,while still in use,often fall short when confronted with modern threats that use advanced evasion strategies.This systematic review critically examines recent developments in malware detection,with a particular emphasis on the role of artificial intelligence(AI)and machine learning(ML)in enhancing detection capabilities.Drawing on literature published between 2019 and 2025,this study reviews 105 peer-reviewed contributions from prominent digital libraries including IEEE Xplore,SpringerLink,ScienceDirect,and ACM Digital Library.In doing so,it explores the evolution of malware,evaluates detection methods,assesses the quality and limitations of widely used datasets,and identifies key challenges facing the field.Unlike existing surveys,this work offers a structured comparison of AI-driven frameworks and provides a detailed account of emerging techniques such as hybrid detection frameworks and image-based analysis.The findings indicate that AIbased models trained on diverse,high-quality datasets consistently outperform conventional methods,particularly when supported by feature engineering,explainable AI and a multi-faceted strategy.The review concludes by outlining future research directions,including the need for standardized datasets,enhanced adversarial robustness,and the integration of privacy-preserving mechanisms in malware detection systems.展开更多
Malware poses a significant threat to the Internet of Things(IoT).It enables unauthorized access to devices in the IoT environment.The lack of unique architectural standards causes challenges in developing robust malw...Malware poses a significant threat to the Internet of Things(IoT).It enables unauthorized access to devices in the IoT environment.The lack of unique architectural standards causes challenges in developing robust malware detection(MD)models.The existing models demand substantial computational resources.This study intends to build a lightweight MD model to detect anomalies in IoT networks.The authors develop a transformation technique,converting the malware binaries into images.MobileNet V2 is fine-tuned using improved grey wolf optimization(IGWO)to extract crucial features of malicious and benign samples.The ResNeXt model is combined with the Linformer’s attention mechanism to identify Malware features.A fully connected layer is integrated with gradientweighted class activation mapping(Grad-CAM)in order to facilitate an interpretable classification model.The proposed model is evaluated using the IoT malware and the IoT-23 datasets.The model performs well on the two datasets with an accuracy of 98.94%,precision of 98.46%,recall of 98.11%,and F1-score of 98.28%on the IoT malware dataset,and an accuracy of 98.23%,precision of 96.80%,recall of 96.64%,and F1-score of 96.71%on the IoT-23 dataset,respectively.The findings indicate that the model has a high standard of classification.The lightweight architecture enables efficient deployment with an inference time of 1.42 s.Inference time has no direct impact on accuracy,precision,recall,or F1-score.However,the inference speed would warrant timely detection in latency-sensitive IoT applications.By achieving a remarkable result,the proposed study offers a comprehensive solution:a scalable,interpretable,and computationally efficient MD model for the evolving IoT landscape.展开更多
With the increasing complexity of malware attack techniques,traditional detection methods face significant challenges,such as privacy preservation,data heterogeneity,and lacking category information.To address these i...With the increasing complexity of malware attack techniques,traditional detection methods face significant challenges,such as privacy preservation,data heterogeneity,and lacking category information.To address these issues,we propose Federated Dynamic Prototype Learning(FedDPL)for malware classification by integrating Federated Learning with a specifically designed K-means.Under the Federated Learning framework,model training occurs locally without data sharing,effectively protecting user data privacy and preventing the leakage of sensitive information.Furthermore,to tackle the challenges of data heterogeneity and the lack of category information,FedDPL introduces a dynamic prototype learning mechanism,which adaptively adjusts the clustering prototypes in terms of position and number.Thus,the dependency on predefined category numbers in typical K-means and its variants can be significantly reduced,resulting in improved clustering performance.Theoretically,it provides a more accurate detection of malicious behavior.Experimental results confirm that FedDPL excels in handling malware classification tasks,demonstrating superior accuracy,robustness,and privacy protection.展开更多
The escalating complexity of modern malware continues to undermine the effectiveness of traditional signature-based detection techniques,which are often unable to adapt to rapidly evolving attack patterns.To address t...The escalating complexity of modern malware continues to undermine the effectiveness of traditional signature-based detection techniques,which are often unable to adapt to rapidly evolving attack patterns.To address these challenges,this study proposes X-MalNet,a lightweight Convolutional Neural Network(CNN)framework designed for static malware classification through image-based representations of binary executables.By converting malware binaries into grayscale images,the model extracts distinctive structural and texture-level features that signify malicious intent,thereby eliminating the dependence on manual feature engineering or dynamic behavioral analysis.Built upon a modified AlexNet architecture,X-MalNet employs transfer learning to enhance generalization and reduce computational cost,enabling efficient training and deployment on limited hardware resources.To promote interpretability and transparency,the framework integrates Gradient-weighted Class ActivationMapping(Grad-CAM)and Deep SHapleyAdditive exPlanations(DeepSHAP),offering spatial and pixel-level visualizations that reveal howspecific image regions influence classification outcomes.These explainability components support security analysts in validating the model’s reasoning,strengthening confidence in AI-assisted malware detection.Comprehensive experiments on the Malimg and Malevis benchmark datasets confirm the superior performance of X-MalNet,achieving classification accuracies of 99.15% and 98.72%,respectively.Further robustness evaluations using FastGradient SignMethod(FGSM)and Projected Gradient Descent(PGD)adversarial attacks demonstrate the model’s resilience against perturbed inputs.In conclusion,X-MalNet emerges as a scalable,interpretable,and robust malware detection framework that effectively balances accuracy,efficiency,and explainability.Its lightweight design and adversarial stability position it as a promising solution for real-world cybersecurity deployments,advancing the development of trustworthy,automated,and transparent malware classification systems.展开更多
Many machine learning-based Android malware detection often suffers from concept drift,where models trained on historical data fail to generalize to evolving threats.This paper proposes SCAN(Structural Clustering with...Many machine learning-based Android malware detection often suffers from concept drift,where models trained on historical data fail to generalize to evolving threats.This paper proposes SCAN(Structural Clustering with Adaptive thresholds for iNtelligent Android malware detection),a hybrid intelligent framework designed to mitigate concept drift without retraining.SCAN integrates Gaussian Mixture Models(GMMs)-based clustering with cluster-wise adaptive thresholding and supervised classifiers tailored to each cluster.A key challenge in clusteringbased malware detection is cluster-wise class imbalance,where clusters contain disproportionate distributions of benign and malicious samples.SCAN addresses this issue through adaptive thresholding,which dynamically adjusts the decision boundary of each cluster according to its malicious-to-benign ratio.In the final training stage,four supervised learning algorithms—Random Forest(RF),Support Vector Machine(SVM),k-NN,and XGBoost—are applied within the GMM-defined clusters.We train SCAN on Android applications collected from 2014-2017 and test it with applications from 2018-2023.Experimental results demonstrate that SCAN combined with RF consistently achieves superior performance,with both average accuracy and average F1-score exceeding 91%.These findings confirm SCAN’s robustness to concept drift and highlight its potential as a sustainable and intelligent solution for long-term Android malware detection in the real world.展开更多
The method for malware detection based on Application Programming Interface(API)call sequences,as a primary research focus within dynamic detection technologies,currently lacks attention to subsequences of API calls,t...The method for malware detection based on Application Programming Interface(API)call sequences,as a primary research focus within dynamic detection technologies,currently lacks attention to subsequences of API calls,the variety of API call types,and the length of sequences.This oversight leads to overly complex call sequences.To address this issue,a dynamic malware detection approach based on multiple subsequences is proposed.Initially,APIs are remapped and encoded,with the introduction of percentile lengths to process sequences.Subsequently,a combination of One-Dimensional Convolutional Neural Network(1D-CNN)and Bidirectional Long Short-Term Memory(Bi-LSTM)networks,along with an attention mechanism,is employed to extract features from subsequences of varying lengths for feature fusion and classification.Experiments conducted on two widely used public API-based datasets,namelyMalBehavD-V1 and Alibaba Cloud,demonstrate that the proposedmethod reduces the number of API call types by approximately 20%compared to representative deep learning–based API sequence detection methods,while achieving a peak accuracy of 98.70%.Additionally,experimental results indicate that sequence length at the 95th percentile represents the optimal solution that balances classification performance and computational efficiency.展开更多
The proliferation of Internet of Things(IoT)devices has established edge computing as a critical paradigm for real-time data analysis and low-latency processing.Nevertheless,the distributed nature of edge computing pr...The proliferation of Internet of Things(IoT)devices has established edge computing as a critical paradigm for real-time data analysis and low-latency processing.Nevertheless,the distributed nature of edge computing presents substantial security challenges,rendering it a prominent target for sophisticated malware attacks.Existing signature-based and behavior-based detection methods are ineffective against the swiftly evolving nature of malware threats and are constrained by the availability of resources.This paper suggests the Genetic Encoding for Novel Optimization of Malware Evaluation(GENOME)framework,a novel solution that is intended to improve the performance of malware detection and classification in peripheral computing environments.GENOME optimizes data storage and computa-tional efficiency by converting malware artifacts into compact,structured sequences through a Deoxyribonucleic Acid(DNA)encoding mechanism.The framework employs two DNA encoding algorithms,standard and compressed,which substantially reduce data size while preserving high detection accuracy.The Edge-IIoTset dataset was used to conduct experiments that showed that GENOME was able to achieve high classification performance using models such as Random Forest and Logistic Regression,resulting in a reduction of data size by up to 42%.Further evaluations with the CIC-IoT-23 dataset and Deep Learning models confirmed GENOME’s scalability and adaptability across diverse datasets and algorithms.The potential of GENOME to address critical challenges,such as the rapid mutation of malware,real-time processing demands,and resource limitations,is emphasized in this study.GENOME offers comprehensive protection for peripheral computing environments by offering a security solution that is both efficient and scalable.展开更多
The rapid and increasing growth in the volume and number of cyber threats from malware is not a real danger;the real threat lies in the obfuscation of these cyberattacks,as they constantly change their behavior,making...The rapid and increasing growth in the volume and number of cyber threats from malware is not a real danger;the real threat lies in the obfuscation of these cyberattacks,as they constantly change their behavior,making detection more difficult.Numerous researchers and developers have devoted considerable attention to this topic;however,the research field has not yet been fully saturated with high-quality studies that address these problems.For this reason,this paper presents a novel multi-objective Markov-enhanced adaptive whale optimization(MOMEAWO)cybersecurity model to improve the classification of binary and multi-class malware threats through the proposed MOMEAWO approach.The proposed MOMEAWO cybersecurity model aims to provide an innovative solution for analyzing,detecting,and classifying the behavior of obfuscated malware within their respective families.The proposed model includes three classification types:Binary classification and multi-class classification(e.g.,four families and 16 malware families).To evaluate the performance of this model,we used a recently published dataset called the Canadian Institute for Cybersecurity Malware Memory Analysis(CIC-MalMem-2022)that contains balanced data.The results show near-perfect accuracy in binary classification and high accuracy in multi-class classification compared with related work using the same dataset.展开更多
With the proliferation of Android malware,the issue of traceability in malware analysis has emerged as a significant problem that requires exploration.By establishing links between newly discovered,unreported malware ...With the proliferation of Android malware,the issue of traceability in malware analysis has emerged as a significant problem that requires exploration.By establishing links between newly discovered,unreported malware and prior knowledge from existing malware data pools,security analysts can gain a better understanding of the evolution process of malware and its underlying reasons.However,in real-world scenarios,analyzing the traceability of malware can be complex and time-consuming due to the large volume of existing malware data,requiring extensive manual analysis.Furthermore,the results obtained from such analysis often lack explanation.Therefore,there is a pressing need to develop a comprehensive automated malware tracking system that can provide detailed insights into the tracking and evolution process of malware and offer strong explanatory capabilities.In this paper,we propose a knowledge graph-based approach that uses partial API call graphs comprising semantic and behavioral features to reveal the traceability relations among malware and provide explainable results for these relations.Our approach is implemented on a dataset of over 20,000 malware samples labeled with family information,spanning a time period of 10 years.To address the challenges associated with the complexity of analysis,we leverage prior knowledge from existing malware research and a branch pruning method on call graphs to reduce computational complexity and enhance the precision of explanations when determining traceability relations.展开更多
In recent years,cyber threats have escalated across diverse sectors,with cybercrime syndicates increasingly exploiting system vulnerabilities.Traditional passive defense mechanisms have proven insufficient,particularl...In recent years,cyber threats have escalated across diverse sectors,with cybercrime syndicates increasingly exploiting system vulnerabilities.Traditional passive defense mechanisms have proven insufficient,particularly as Linux platforms—historically overlooked in favor of Windows—have emerged as frequent targets.According to Trend Micro,there has been a substantial increase in Linux-targeted malware,with ransomware attacks on Linux surpassing those on macOS.This alarming trend underscores the need for detection strategies specifically designed for Linux environments.To address this challenge,this study proposes a comprehensive malware detection framework tailored for Linux systems,integrating dynamic behavioral analysis with the semantic reasoning capabilities of large language models(LLMs).Malware samples are executed within sandbox environments to extract behavioral features such as system calls and command-line executions.These features are then systematically mapped to the MITRE ATT&CK framework,incorporating its defined data sources,data components,and Tactics,Techniques,and Procedures(TTPs).Two mapping constructs—Conceptual Definition Mapping and TTP Technical Keyword Mapping—are developed from official MITRE documentation.These resources are utilized to fine-tune an LLM,enabling it to semantically interpret complex behavioral patterns and infer associated attack techniques,including those employed by previously unknown malware variants.The resulting detection pipeline effectively bridges raw behavioral data with structured threat intelligence.Experimental evaluations confirm the efficacy of the proposed system,with the fine-tuned Gemma 2B model demonstrating significantly enhanced accuracy in associating behavioral features with ATT&CK-defined techniques.This study contributes a fully integrated Linux-specific detection framework,a novel approach for transforming unstructured behavioral data into actionable intelligence,improved interpretability of malicious behavior,and a scalable training process for future applications of LLMs in cybersecurity.展开更多
Malware continues to pose a significant threat to cybersecurity,with new advanced infections that go beyond traditional detection.Limitations in existing systems include high false-positive rates,slow system response ...Malware continues to pose a significant threat to cybersecurity,with new advanced infections that go beyond traditional detection.Limitations in existing systems include high false-positive rates,slow system response times,and inability to respond quickly to new malware forms.To overcome these challenges,this paper proposes OMD-RAS:Implementing Malware Detection in an Optimized Way through Real-Time and Adaptive Security as an extensive approach,hoping to get good results towards better malware threat detection and remediation.The significant steps in the model are data collection followed by comprehensive preprocessing consisting of feature engineering and normalization.Static analysis,along with dynamic analysis,is done to capture the whole spectrum of malware behavior for the feature extraction process.The extracted processed features are given with a continuous learning mechanism to the Extreme Learning Machine model of real-time detection.This OMD-RAS trains quickly and has great accuracy,providing elite,advanced real-time detection capabilities.This approach uses continuous learning to adapt to new threats—ensuring the effectiveness of detection even as strategies used by malware may change over time.The experimental results showed that OMD-RAS performs better than the traditional approaches.For instance,the OMD-RAS model has been able to achieve an accuracy of 96.23%and massively reduce the rate of false positives across all datasets while eliciting a consistently high rate of precision and recall.The model’s adaptive learning reflected enhancements on other performance measures-for example,Matthews Correlation Coefficients and Log Loss.展开更多
Safeguarding against malware requires precise machine-learning algorithms to classify harmful apps.The Drebin dataset of 15,036 samples and 215 features yielded significant and reliable results for two hybrid models,C...Safeguarding against malware requires precise machine-learning algorithms to classify harmful apps.The Drebin dataset of 15,036 samples and 215 features yielded significant and reliable results for two hybrid models,CNN+XGBoost and KNN+XGBoost.To address the class imbalance issue,SMOTE(Synthetic Minority Oversampling Technique)was used to preprocess the dataset,creating synthetic samples of the minority class(malware)to balance the training set.XGBoost was then used to choose the most essential features for separating malware from benign programs.The models were trained and tested using 6-fold cross-validation,measuring accuracy,precision,recall,F1 score,and ROC AUC.The results are highly dependable,showing that CNN+XGBoost consistently outperforms KNN+XGBoost with an average accuracy of 98.76%compared to 97.89%.The CNN-based malware classification model,with its higher precision,recall,and F1 scores,is a secure choice.CNN+XGBoost,with its fewer all-fold misclassifications in confusion matrices,further solidifies this security.The calibration curve research,confirming the accuracy and cybersecurity applicability of the models’probability projections,adds to the sense of reliability.This study unequivocally demonstrates that CNN+XGBoost is a reliable and effective malware detection system,underlining the importance of feature selection and hybrid models.展开更多
Over the past few years,Malware attacks have become more and more widespread,posing threats to digital assets throughout the world.Although numerous methods have been developed to detect malicious attacks,these malwar...Over the past few years,Malware attacks have become more and more widespread,posing threats to digital assets throughout the world.Although numerous methods have been developed to detect malicious attacks,these malware detection techniques need to be more efficient in detecting new and progressively sophisticated variants of malware.Therefore,the development of more advanced and accurate techniques is necessary for malware detection.This paper introduces a comprehensive Dual-Channel Attention Deep Bidirectional Long Short-Term Memory(DCADBiLSTM)model for malware detection and riskmitigation.The Dual Channel Attention(DCA)mechanism improves themodel’s capability to concentrate on the features that aremost appropriate in the input data,which reduces the false favourable rates.The Bidirectional Long,Short-Term Memory framework helps capture crucial interdependence from past and future circumstances,which is essential for enhancing the model’s understanding of malware behaviour.As soon as malware is detected,the risk mitigation phase is implemented,which evaluates the severity of each threat and helps mitigate threats earlier.The outcomes of the method demonstrate better accuracy of 98.96%,which outperforms traditional models.It indicates the method detects and mitigates several kinds of malware threats,thereby providing a proactive defence mechanism against the emerging challenges in cybersecurity.展开更多
In the current digital era,new technologies are becoming an essential part of our lives.Consequently,the number ofmalicious software ormalware attacks is rapidly growing.There is no doubt,themajority ofmalware attacks...In the current digital era,new technologies are becoming an essential part of our lives.Consequently,the number ofmalicious software ormalware attacks is rapidly growing.There is no doubt,themajority ofmalware attacks can be detected by most antivirus programs.However,such types of antivirus programs are one step behind malicious software.Due to these dilemmas,deep learning become popular in the detection and classification of malicious data.Therefore,researchers have significantly focused on finding solutions for malware attacks by analyzing malicious samples with the help of different techniques and models.In this research,we presented a lightweight attention-based novel deep Convolutional Neural Network(DNN-CNN)model for binary and multi-class malware classification,including benign,trojan horse,ransomware,and spyware.We applied the Principal Component Analysis(PCA)technique for feature extraction for binary classification.We used the Synthetic Minority Oversampling Technique(SMOTE)to handle the imbalanced data during multi-class classification.Our proposed attention-based malware detectionmodel is trained on the benchmarkmalware memory dataset named CIC-MalMem-2022.Theresults indicate that our model obtained high accuracy for binary and multi-class classification,99.5% and 97.9%,respectively.展开更多
The proliferation of malware and the emergence of adversarial samples pose severe threats to global cybersecurity,demanding robust detection mechanisms.Traditional malware detection methods suffer from limited feature...The proliferation of malware and the emergence of adversarial samples pose severe threats to global cybersecurity,demanding robust detection mechanisms.Traditional malware detection methods suffer from limited feature extraction capabilities,while existing Vision Transformer(ViT)-based approaches face high computational complexity due to global self-attention,hindering their efficiency in handling large-scale image data.To address these issues,this paper proposes a novel hybrid enhanced Vision Transformer architecture,HERL-ViT,tailored for malware detection.The detection framework involves five phases:malware image visualization,image segmentation with patch embedding,regional-local attention-based feature extraction,enhanced feature transformation,and classification.Methodologically,HERL-ViT integrates a multi-level pyramid structure to capture multi-scale features,a regionalto-local attention mechanism to reduce computational complexity,an Optimized Position Encoding Generator for dynamic relative position encoding,and enhanced MLP and downsampling modules to balance performance and efficiency.Key contributions include:(1)A unified framework integrating visualization,adversarial training,and hybrid attention for malware detection;(2)Regional-local attention to achieve both global awareness and local detail capture with lower complexity;(3)Optimized PEG to enhance spatial perception and reduce overfitting;(4)Lightweight network design(5.8M parameters)ensuring high efficiency.Experimental results show HERL-ViT achieves 99.2%accuracy(Loss=0.066)on malware classification and 98.9%accuracy(Loss=0.081)on adversarial samples,demonstrating superior performance and robustness compared to state-of-the-art methods.展开更多
The rapid evolution of malware presents a critical cybersecurity challenge,rendering traditional signature-based detection methods ineffective against novel variants.This growing threat affects individuals,organizatio...The rapid evolution of malware presents a critical cybersecurity challenge,rendering traditional signature-based detection methods ineffective against novel variants.This growing threat affects individuals,organizations,and governments,highlighting the urgent need for robust malware detection mechanisms.Conventional machine learning-based approaches rely on static and dynamicmalware analysis and often struggle to detect previously unseen threats due to their dependency on predefined signatures.Although machine learning algorithms(MLAs)offer promising detection capabilities,their reliance on extensive feature engineering limits real-time applicability.Deep learning techniques mitigate this issue by automating feature extraction but may introduce computational overhead,affecting deployment efficiency.This research evaluates classical MLAs and deep learningmodels to enhance malware detection performance across diverse datasets.The proposed approach integrates a novel text and imagebased detection framework,employing an optimized Support Vector Machine(SVM)for textual data analysis and EfficientNet-B0 for image-based malware classification.Experimental analysis,conducted across multiple train-test splits over varying timescales,demonstrates 99.97%accuracy on textual datasets using SVM and 96.7%accuracy on image-based datasets with EfficientNet-B0,significantly improving zero-day malware detection.Furthermore,a comparative analysis with existing competitive techniques,such as Random Forest,XGBoost,and CNN-based(Convolutional Neural Network)classifiers,highlights the superior performance of the proposed model in terms of accuracy,efficiency,and robustness.展开更多
The growing complexity of cyber threats requires innovative machine learning techniques,and image-based malware classification opens up new possibilities.Meanwhile,existing research has largely overlooked the impact o...The growing complexity of cyber threats requires innovative machine learning techniques,and image-based malware classification opens up new possibilities.Meanwhile,existing research has largely overlooked the impact of noise and obfuscation techniques commonly employed by malware authors to evade detection,and there is a critical gap in using noise simulation as a means of replicating real-world malware obfuscation techniques and adopting denoising framework to counteract these challenges.This study introduces an image denoising technique based on a U-Net combined with a GAN framework to address noise interference and obfuscation challenges in image-based malware analysis.The proposed methodology addresses existing classification limitations by introducing noise addition,which simulates obfuscated malware,and denoising strategies to restore robust image representations.To evaluate the approach,we used multiple CNN-based classifiers to assess noise resistance across architectures and datasets,measuring significant performance variation.Our denoising technique demonstrates remarkable performance improvements across two multi-class public datasets,MALIMG and BIG-15.For example,the MALIMG classification accuracy improved from 23.73%to 88.84%with denoising applied after Gaussian noise injection,demonstrating robustness.This approach contributes to improving malware detection by offering a robust framework for noise-resilient classification in noisy conditions.展开更多
Detecting cyber attacks in networks connected to the Internet of Things(IoT)is of utmost importance because of the growing vulnerabilities in the smart environment.Conventional models,such as Naive Bayes and support v...Detecting cyber attacks in networks connected to the Internet of Things(IoT)is of utmost importance because of the growing vulnerabilities in the smart environment.Conventional models,such as Naive Bayes and support vector machine(SVM),as well as ensemble methods,such as Gradient Boosting and eXtreme gradient boosting(XGBoost),are often plagued by high computational costs,which makes it challenging for them to perform real-time detection.In this regard,we suggested an attack detection approach that integrates Visual Geometry Group 16(VGG16),Artificial Rabbits Optimizer(ARO),and Random Forest Model to increase detection accuracy and operational efficiency in Internet of Things(IoT)networks.In the suggested model,the extraction of features from malware pictures was accomplished with the help of VGG16.The prediction process is carried out by the random forest model using the extracted features from the VGG16.Additionally,ARO is used to improve the hyper-parameters of the random forest model of the random forest.With an accuracy of 96.36%,the suggested model outperforms the standard models in terms of accuracy,F1-score,precision,and recall.The comparative research highlights our strategy’s success,which improves performance while maintaining a lower computational cost.This method is ideal for real-time applications,but it is effective.展开更多
The growing threat of malware,particularly in the Portable Executable(PE)format,demands more effective methods for detection and classification.Machine learning-based approaches exhibit their potential but often negle...The growing threat of malware,particularly in the Portable Executable(PE)format,demands more effective methods for detection and classification.Machine learning-based approaches exhibit their potential but often neglect semantic segmentation of malware files that can improve classification performance.This research applies deep learning to malware detection,using Convolutional Neural Network(CNN)architectures adapted to work with semantically extracted data to classify malware into malware families.Starting from the Malconv model,this study introduces modifications to adapt it to multi-classification tasks and improve its performance.It proposes a new innovative method that focuses on byte extraction from Portable Executable(PE)malware files based on their semantic location,resulting in higher accuracy in malware classification than traditional methods using full-byte sequences.This novel approach evaluates the importance of each semantic segment to improve classification accuracy.The results revealed that the header segment of PE files provides the most valuable information for malware identification,outperforming the other sections,and achieving an average classification accuracy of 99.54%.The above reaffirms the effectiveness of the semantic segmentation approach and highlights the critical role header data plays in improving malware detection and classification accuracy.展开更多
基金supported by Princess Nourah bint Abdulrahman University Researchers Supporting ProjectNumber(PNURSP2025R97),PrincessNourah bint AbdulrahmanUniversity,Riyadh,Saudi Arabia.
文摘The rapid expansion of the Internet of Things(IoT)and Edge Artificial Intelligence(AI)has redefined automation and connectivity acrossmodern networks.However,the heterogeneity and limited resources of IoT devices expose them to increasingly sophisticated and persistentmalware attacks.These adaptive and stealthy threats can evade conventional detection,establish remote control,propagate across devices,exfiltrate sensitive data,and compromise network integrity.This study presents a Software-Defined Internet of Things(SD-IoT)control-plane-based,AI-driven framework that integrates Gated Recurrent Units(GRU)and Long Short-TermMemory(LSTM)networks for efficient detection of evolving multi-vector,malware-driven botnet attacks.The proposed CUDA-enabled hybrid deep learning(DL)framework performs centralized real-time detection without adding computational overhead to IoT nodes.A feature selection strategy combining variable clustering,attribute evaluation,one-R attribute evaluation,correlation analysis,and principal component analysis(PCA)enhances detection accuracy and reduces complexity.The framework is rigorously evaluated using the N_BaIoT dataset under k-fold cross-validation.Experimental results achieve 99.96%detection accuracy,a false positive rate(FPR)of 0.0035%,and a detection latency of 0.18 ms,confirming its high efficiency and scalability.The findings demonstrate the framework’s potential as a robust and intelligent security solution for next-generation IoT ecosystems.
文摘Over the past decade,the landscape of cybersecurity has been increasingly shaped by the growing sophistication and frequency of malware attacks.Traditional detection techniques,while still in use,often fall short when confronted with modern threats that use advanced evasion strategies.This systematic review critically examines recent developments in malware detection,with a particular emphasis on the role of artificial intelligence(AI)and machine learning(ML)in enhancing detection capabilities.Drawing on literature published between 2019 and 2025,this study reviews 105 peer-reviewed contributions from prominent digital libraries including IEEE Xplore,SpringerLink,ScienceDirect,and ACM Digital Library.In doing so,it explores the evolution of malware,evaluates detection methods,assesses the quality and limitations of widely used datasets,and identifies key challenges facing the field.Unlike existing surveys,this work offers a structured comparison of AI-driven frameworks and provides a detailed account of emerging techniques such as hybrid detection frameworks and image-based analysis.The findings indicate that AIbased models trained on diverse,high-quality datasets consistently outperform conventional methods,particularly when supported by feature engineering,explainable AI and a multi-faceted strategy.The review concludes by outlining future research directions,including the need for standardized datasets,enhanced adversarial robustness,and the integration of privacy-preserving mechanisms in malware detection systems.
基金supported by the Deanship of Scientific Research,Vice Presidency for Graduate Studies and Scientific Research,King Faisal University,Saudi Arabia[Grant No.KFU253774].
文摘Malware poses a significant threat to the Internet of Things(IoT).It enables unauthorized access to devices in the IoT environment.The lack of unique architectural standards causes challenges in developing robust malware detection(MD)models.The existing models demand substantial computational resources.This study intends to build a lightweight MD model to detect anomalies in IoT networks.The authors develop a transformation technique,converting the malware binaries into images.MobileNet V2 is fine-tuned using improved grey wolf optimization(IGWO)to extract crucial features of malicious and benign samples.The ResNeXt model is combined with the Linformer’s attention mechanism to identify Malware features.A fully connected layer is integrated with gradientweighted class activation mapping(Grad-CAM)in order to facilitate an interpretable classification model.The proposed model is evaluated using the IoT malware and the IoT-23 datasets.The model performs well on the two datasets with an accuracy of 98.94%,precision of 98.46%,recall of 98.11%,and F1-score of 98.28%on the IoT malware dataset,and an accuracy of 98.23%,precision of 96.80%,recall of 96.64%,and F1-score of 96.71%on the IoT-23 dataset,respectively.The findings indicate that the model has a high standard of classification.The lightweight architecture enables efficient deployment with an inference time of 1.42 s.Inference time has no direct impact on accuracy,precision,recall,or F1-score.However,the inference speed would warrant timely detection in latency-sensitive IoT applications.By achieving a remarkable result,the proposed study offers a comprehensive solution:a scalable,interpretable,and computationally efficient MD model for the evolving IoT landscape.
基金supported by the National Natural Science Foundation of China under Grant No.62162009the Key Technologies R&D Program of He’nan Province under Grant No.242102211065+2 种基金the Postgraduate Education Reform and Quality Improvement Project of Henan Province under Grant Nos.YJS2025GZZ36,YJS2024AL112,and YJS2024JD38the Innovation Scientists and Technicians Troop Construction Projects of Henan Province under Grant No.CXTD2017099the Scientific Research Innovation Team of Xuchang University under Grant No.2022CXTD003.
文摘With the increasing complexity of malware attack techniques,traditional detection methods face significant challenges,such as privacy preservation,data heterogeneity,and lacking category information.To address these issues,we propose Federated Dynamic Prototype Learning(FedDPL)for malware classification by integrating Federated Learning with a specifically designed K-means.Under the Federated Learning framework,model training occurs locally without data sharing,effectively protecting user data privacy and preventing the leakage of sensitive information.Furthermore,to tackle the challenges of data heterogeneity and the lack of category information,FedDPL introduces a dynamic prototype learning mechanism,which adaptively adjusts the clustering prototypes in terms of position and number.Thus,the dependency on predefined category numbers in typical K-means and its variants can be significantly reduced,resulting in improved clustering performance.Theoretically,it provides a more accurate detection of malicious behavior.Experimental results confirm that FedDPL excels in handling malware classification tasks,demonstrating superior accuracy,robustness,and privacy protection.
文摘The escalating complexity of modern malware continues to undermine the effectiveness of traditional signature-based detection techniques,which are often unable to adapt to rapidly evolving attack patterns.To address these challenges,this study proposes X-MalNet,a lightweight Convolutional Neural Network(CNN)framework designed for static malware classification through image-based representations of binary executables.By converting malware binaries into grayscale images,the model extracts distinctive structural and texture-level features that signify malicious intent,thereby eliminating the dependence on manual feature engineering or dynamic behavioral analysis.Built upon a modified AlexNet architecture,X-MalNet employs transfer learning to enhance generalization and reduce computational cost,enabling efficient training and deployment on limited hardware resources.To promote interpretability and transparency,the framework integrates Gradient-weighted Class ActivationMapping(Grad-CAM)and Deep SHapleyAdditive exPlanations(DeepSHAP),offering spatial and pixel-level visualizations that reveal howspecific image regions influence classification outcomes.These explainability components support security analysts in validating the model’s reasoning,strengthening confidence in AI-assisted malware detection.Comprehensive experiments on the Malimg and Malevis benchmark datasets confirm the superior performance of X-MalNet,achieving classification accuracies of 99.15% and 98.72%,respectively.Further robustness evaluations using FastGradient SignMethod(FGSM)and Projected Gradient Descent(PGD)adversarial attacks demonstrate the model’s resilience against perturbed inputs.In conclusion,X-MalNet emerges as a scalable,interpretable,and robust malware detection framework that effectively balances accuracy,efficiency,and explainability.Its lightweight design and adversarial stability position it as a promising solution for real-world cybersecurity deployments,advancing the development of trustworthy,automated,and transparent malware classification systems.
基金supported in part by Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Science and ICT(No.2021R1A2C2012574)in part by the IITP(Institute of Information&Communications Technology Planning&Evaluation)-ITRC(Information Technology Research Center)grant funded by the Korea government(Ministry of Science and ICT)(IITP-2025-RS-2023-00259967).
文摘Many machine learning-based Android malware detection often suffers from concept drift,where models trained on historical data fail to generalize to evolving threats.This paper proposes SCAN(Structural Clustering with Adaptive thresholds for iNtelligent Android malware detection),a hybrid intelligent framework designed to mitigate concept drift without retraining.SCAN integrates Gaussian Mixture Models(GMMs)-based clustering with cluster-wise adaptive thresholding and supervised classifiers tailored to each cluster.A key challenge in clusteringbased malware detection is cluster-wise class imbalance,where clusters contain disproportionate distributions of benign and malicious samples.SCAN addresses this issue through adaptive thresholding,which dynamically adjusts the decision boundary of each cluster according to its malicious-to-benign ratio.In the final training stage,four supervised learning algorithms—Random Forest(RF),Support Vector Machine(SVM),k-NN,and XGBoost—are applied within the GMM-defined clusters.We train SCAN on Android applications collected from 2014-2017 and test it with applications from 2018-2023.Experimental results demonstrate that SCAN combined with RF consistently achieves superior performance,with both average accuracy and average F1-score exceeding 91%.These findings confirm SCAN’s robustness to concept drift and highlight its potential as a sustainable and intelligent solution for long-term Android malware detection in the real world.
基金supported by the National Natural Science Foundation of China(62262020)the Graduate Education Innovation Project of Hubei Minzu University(MYK2024025).
文摘The method for malware detection based on Application Programming Interface(API)call sequences,as a primary research focus within dynamic detection technologies,currently lacks attention to subsequences of API calls,the variety of API call types,and the length of sequences.This oversight leads to overly complex call sequences.To address this issue,a dynamic malware detection approach based on multiple subsequences is proposed.Initially,APIs are remapped and encoded,with the introduction of percentile lengths to process sequences.Subsequently,a combination of One-Dimensional Convolutional Neural Network(1D-CNN)and Bidirectional Long Short-Term Memory(Bi-LSTM)networks,along with an attention mechanism,is employed to extract features from subsequences of varying lengths for feature fusion and classification.Experiments conducted on two widely used public API-based datasets,namelyMalBehavD-V1 and Alibaba Cloud,demonstrate that the proposedmethod reduces the number of API call types by approximately 20%compared to representative deep learning–based API sequence detection methods,while achieving a peak accuracy of 98.70%.Additionally,experimental results indicate that sequence length at the 95th percentile represents the optimal solution that balances classification performance and computational efficiency.
基金supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)(Project Nos.RS-2024-00438551,30%,2022-11220701,30%,2021-0-01816,30%)the National Research Foundation of Korea(NRF)grant funded by the Korean Government(Project No.RS2023-00208460,10%).
文摘The proliferation of Internet of Things(IoT)devices has established edge computing as a critical paradigm for real-time data analysis and low-latency processing.Nevertheless,the distributed nature of edge computing presents substantial security challenges,rendering it a prominent target for sophisticated malware attacks.Existing signature-based and behavior-based detection methods are ineffective against the swiftly evolving nature of malware threats and are constrained by the availability of resources.This paper suggests the Genetic Encoding for Novel Optimization of Malware Evaluation(GENOME)framework,a novel solution that is intended to improve the performance of malware detection and classification in peripheral computing environments.GENOME optimizes data storage and computa-tional efficiency by converting malware artifacts into compact,structured sequences through a Deoxyribonucleic Acid(DNA)encoding mechanism.The framework employs two DNA encoding algorithms,standard and compressed,which substantially reduce data size while preserving high detection accuracy.The Edge-IIoTset dataset was used to conduct experiments that showed that GENOME was able to achieve high classification performance using models such as Random Forest and Logistic Regression,resulting in a reduction of data size by up to 42%.Further evaluations with the CIC-IoT-23 dataset and Deep Learning models confirmed GENOME’s scalability and adaptability across diverse datasets and algorithms.The potential of GENOME to address critical challenges,such as the rapid mutation of malware,real-time processing demands,and resource limitations,is emphasized in this study.GENOME offers comprehensive protection for peripheral computing environments by offering a security solution that is both efficient and scalable.
文摘The rapid and increasing growth in the volume and number of cyber threats from malware is not a real danger;the real threat lies in the obfuscation of these cyberattacks,as they constantly change their behavior,making detection more difficult.Numerous researchers and developers have devoted considerable attention to this topic;however,the research field has not yet been fully saturated with high-quality studies that address these problems.For this reason,this paper presents a novel multi-objective Markov-enhanced adaptive whale optimization(MOMEAWO)cybersecurity model to improve the classification of binary and multi-class malware threats through the proposed MOMEAWO approach.The proposed MOMEAWO cybersecurity model aims to provide an innovative solution for analyzing,detecting,and classifying the behavior of obfuscated malware within their respective families.The proposed model includes three classification types:Binary classification and multi-class classification(e.g.,four families and 16 malware families).To evaluate the performance of this model,we used a recently published dataset called the Canadian Institute for Cybersecurity Malware Memory Analysis(CIC-MalMem-2022)that contains balanced data.The results show near-perfect accuracy in binary classification and high accuracy in multi-class classification compared with related work using the same dataset.
文摘With the proliferation of Android malware,the issue of traceability in malware analysis has emerged as a significant problem that requires exploration.By establishing links between newly discovered,unreported malware and prior knowledge from existing malware data pools,security analysts can gain a better understanding of the evolution process of malware and its underlying reasons.However,in real-world scenarios,analyzing the traceability of malware can be complex and time-consuming due to the large volume of existing malware data,requiring extensive manual analysis.Furthermore,the results obtained from such analysis often lack explanation.Therefore,there is a pressing need to develop a comprehensive automated malware tracking system that can provide detailed insights into the tracking and evolution process of malware and offer strong explanatory capabilities.In this paper,we propose a knowledge graph-based approach that uses partial API call graphs comprising semantic and behavioral features to reveal the traceability relations among malware and provide explainable results for these relations.Our approach is implemented on a dataset of over 20,000 malware samples labeled with family information,spanning a time period of 10 years.To address the challenges associated with the complexity of analysis,we leverage prior knowledge from existing malware research and a branch pruning method on call graphs to reduce computational complexity and enhance the precision of explanations when determining traceability relations.
基金supported by the National Science and Technology Council under grant number 113-2221-E-027-126-MY3.
文摘In recent years,cyber threats have escalated across diverse sectors,with cybercrime syndicates increasingly exploiting system vulnerabilities.Traditional passive defense mechanisms have proven insufficient,particularly as Linux platforms—historically overlooked in favor of Windows—have emerged as frequent targets.According to Trend Micro,there has been a substantial increase in Linux-targeted malware,with ransomware attacks on Linux surpassing those on macOS.This alarming trend underscores the need for detection strategies specifically designed for Linux environments.To address this challenge,this study proposes a comprehensive malware detection framework tailored for Linux systems,integrating dynamic behavioral analysis with the semantic reasoning capabilities of large language models(LLMs).Malware samples are executed within sandbox environments to extract behavioral features such as system calls and command-line executions.These features are then systematically mapped to the MITRE ATT&CK framework,incorporating its defined data sources,data components,and Tactics,Techniques,and Procedures(TTPs).Two mapping constructs—Conceptual Definition Mapping and TTP Technical Keyword Mapping—are developed from official MITRE documentation.These resources are utilized to fine-tune an LLM,enabling it to semantically interpret complex behavioral patterns and infer associated attack techniques,including those employed by previously unknown malware variants.The resulting detection pipeline effectively bridges raw behavioral data with structured threat intelligence.Experimental evaluations confirm the efficacy of the proposed system,with the fine-tuned Gemma 2B model demonstrating significantly enhanced accuracy in associating behavioral features with ATT&CK-defined techniques.This study contributes a fully integrated Linux-specific detection framework,a novel approach for transforming unstructured behavioral data into actionable intelligence,improved interpretability of malicious behavior,and a scalable training process for future applications of LLMs in cybersecurity.
基金supported by a grant from the Center of Excellence in Information Assurance(CoEIA),King Saud University(KSU).
文摘Malware continues to pose a significant threat to cybersecurity,with new advanced infections that go beyond traditional detection.Limitations in existing systems include high false-positive rates,slow system response times,and inability to respond quickly to new malware forms.To overcome these challenges,this paper proposes OMD-RAS:Implementing Malware Detection in an Optimized Way through Real-Time and Adaptive Security as an extensive approach,hoping to get good results towards better malware threat detection and remediation.The significant steps in the model are data collection followed by comprehensive preprocessing consisting of feature engineering and normalization.Static analysis,along with dynamic analysis,is done to capture the whole spectrum of malware behavior for the feature extraction process.The extracted processed features are given with a continuous learning mechanism to the Extreme Learning Machine model of real-time detection.This OMD-RAS trains quickly and has great accuracy,providing elite,advanced real-time detection capabilities.This approach uses continuous learning to adapt to new threats—ensuring the effectiveness of detection even as strategies used by malware may change over time.The experimental results showed that OMD-RAS performs better than the traditional approaches.For instance,the OMD-RAS model has been able to achieve an accuracy of 96.23%and massively reduce the rate of false positives across all datasets while eliciting a consistently high rate of precision and recall.The model’s adaptive learning reflected enhancements on other performance measures-for example,Matthews Correlation Coefficients and Log Loss.
文摘Safeguarding against malware requires precise machine-learning algorithms to classify harmful apps.The Drebin dataset of 15,036 samples and 215 features yielded significant and reliable results for two hybrid models,CNN+XGBoost and KNN+XGBoost.To address the class imbalance issue,SMOTE(Synthetic Minority Oversampling Technique)was used to preprocess the dataset,creating synthetic samples of the minority class(malware)to balance the training set.XGBoost was then used to choose the most essential features for separating malware from benign programs.The models were trained and tested using 6-fold cross-validation,measuring accuracy,precision,recall,F1 score,and ROC AUC.The results are highly dependable,showing that CNN+XGBoost consistently outperforms KNN+XGBoost with an average accuracy of 98.76%compared to 97.89%.The CNN-based malware classification model,with its higher precision,recall,and F1 scores,is a secure choice.CNN+XGBoost,with its fewer all-fold misclassifications in confusion matrices,further solidifies this security.The calibration curve research,confirming the accuracy and cybersecurity applicability of the models’probability projections,adds to the sense of reliability.This study unequivocally demonstrates that CNN+XGBoost is a reliable and effective malware detection system,underlining the importance of feature selection and hybrid models.
基金funded by the Deanship of Scientific Research(DSR)at King Abdulaziz University,Jeddah,under grant No.(IPP:421-611-2025).
文摘Over the past few years,Malware attacks have become more and more widespread,posing threats to digital assets throughout the world.Although numerous methods have been developed to detect malicious attacks,these malware detection techniques need to be more efficient in detecting new and progressively sophisticated variants of malware.Therefore,the development of more advanced and accurate techniques is necessary for malware detection.This paper introduces a comprehensive Dual-Channel Attention Deep Bidirectional Long Short-Term Memory(DCADBiLSTM)model for malware detection and riskmitigation.The Dual Channel Attention(DCA)mechanism improves themodel’s capability to concentrate on the features that aremost appropriate in the input data,which reduces the false favourable rates.The Bidirectional Long,Short-Term Memory framework helps capture crucial interdependence from past and future circumstances,which is essential for enhancing the model’s understanding of malware behaviour.As soon as malware is detected,the risk mitigation phase is implemented,which evaluates the severity of each threat and helps mitigate threats earlier.The outcomes of the method demonstrate better accuracy of 98.96%,which outperforms traditional models.It indicates the method detects and mitigates several kinds of malware threats,thereby providing a proactive defence mechanism against the emerging challenges in cybersecurity.
基金funded by Naif Arab University for Security Sciences under grant No.NAUSS-23-R11.
文摘In the current digital era,new technologies are becoming an essential part of our lives.Consequently,the number ofmalicious software ormalware attacks is rapidly growing.There is no doubt,themajority ofmalware attacks can be detected by most antivirus programs.However,such types of antivirus programs are one step behind malicious software.Due to these dilemmas,deep learning become popular in the detection and classification of malicious data.Therefore,researchers have significantly focused on finding solutions for malware attacks by analyzing malicious samples with the help of different techniques and models.In this research,we presented a lightweight attention-based novel deep Convolutional Neural Network(DNN-CNN)model for binary and multi-class malware classification,including benign,trojan horse,ransomware,and spyware.We applied the Principal Component Analysis(PCA)technique for feature extraction for binary classification.We used the Synthetic Minority Oversampling Technique(SMOTE)to handle the imbalanced data during multi-class classification.Our proposed attention-based malware detectionmodel is trained on the benchmarkmalware memory dataset named CIC-MalMem-2022.Theresults indicate that our model obtained high accuracy for binary and multi-class classification,99.5% and 97.9%,respectively.
基金funded by the Special Project of Langfang Key Research and Development under Grant No.2023011005Bthe Technology Innovation Platform Construction Project of North China Institute of Aerospace Engineering under Grant No.CXPT-2023-02.
文摘The proliferation of malware and the emergence of adversarial samples pose severe threats to global cybersecurity,demanding robust detection mechanisms.Traditional malware detection methods suffer from limited feature extraction capabilities,while existing Vision Transformer(ViT)-based approaches face high computational complexity due to global self-attention,hindering their efficiency in handling large-scale image data.To address these issues,this paper proposes a novel hybrid enhanced Vision Transformer architecture,HERL-ViT,tailored for malware detection.The detection framework involves five phases:malware image visualization,image segmentation with patch embedding,regional-local attention-based feature extraction,enhanced feature transformation,and classification.Methodologically,HERL-ViT integrates a multi-level pyramid structure to capture multi-scale features,a regionalto-local attention mechanism to reduce computational complexity,an Optimized Position Encoding Generator for dynamic relative position encoding,and enhanced MLP and downsampling modules to balance performance and efficiency.Key contributions include:(1)A unified framework integrating visualization,adversarial training,and hybrid attention for malware detection;(2)Regional-local attention to achieve both global awareness and local detail capture with lower complexity;(3)Optimized PEG to enhance spatial perception and reduce overfitting;(4)Lightweight network design(5.8M parameters)ensuring high efficiency.Experimental results show HERL-ViT achieves 99.2%accuracy(Loss=0.066)on malware classification and 98.9%accuracy(Loss=0.081)on adversarial samples,demonstrating superior performance and robustness compared to state-of-the-art methods.
基金supported and funded by the Deanship of Scientific Research at Imam Mohammad Ibn Saud Islamic University(IMSIU)(grant number IMSIU-DDRSP2504).
文摘The rapid evolution of malware presents a critical cybersecurity challenge,rendering traditional signature-based detection methods ineffective against novel variants.This growing threat affects individuals,organizations,and governments,highlighting the urgent need for robust malware detection mechanisms.Conventional machine learning-based approaches rely on static and dynamicmalware analysis and often struggle to detect previously unseen threats due to their dependency on predefined signatures.Although machine learning algorithms(MLAs)offer promising detection capabilities,their reliance on extensive feature engineering limits real-time applicability.Deep learning techniques mitigate this issue by automating feature extraction but may introduce computational overhead,affecting deployment efficiency.This research evaluates classical MLAs and deep learningmodels to enhance malware detection performance across diverse datasets.The proposed approach integrates a novel text and imagebased detection framework,employing an optimized Support Vector Machine(SVM)for textual data analysis and EfficientNet-B0 for image-based malware classification.Experimental analysis,conducted across multiple train-test splits over varying timescales,demonstrates 99.97%accuracy on textual datasets using SVM and 96.7%accuracy on image-based datasets with EfficientNet-B0,significantly improving zero-day malware detection.Furthermore,a comparative analysis with existing competitive techniques,such as Random Forest,XGBoost,and CNN-based(Convolutional Neural Network)classifiers,highlights the superior performance of the proposed model in terms of accuracy,efficiency,and robustness.
文摘The growing complexity of cyber threats requires innovative machine learning techniques,and image-based malware classification opens up new possibilities.Meanwhile,existing research has largely overlooked the impact of noise and obfuscation techniques commonly employed by malware authors to evade detection,and there is a critical gap in using noise simulation as a means of replicating real-world malware obfuscation techniques and adopting denoising framework to counteract these challenges.This study introduces an image denoising technique based on a U-Net combined with a GAN framework to address noise interference and obfuscation challenges in image-based malware analysis.The proposed methodology addresses existing classification limitations by introducing noise addition,which simulates obfuscated malware,and denoising strategies to restore robust image representations.To evaluate the approach,we used multiple CNN-based classifiers to assess noise resistance across architectures and datasets,measuring significant performance variation.Our denoising technique demonstrates remarkable performance improvements across two multi-class public datasets,MALIMG and BIG-15.For example,the MALIMG classification accuracy improved from 23.73%to 88.84%with denoising applied after Gaussian noise injection,demonstrating robustness.This approach contributes to improving malware detection by offering a robust framework for noise-resilient classification in noisy conditions.
基金funded by Institutional Fund Projects under grant no.(IFPDP-261-22)。
文摘Detecting cyber attacks in networks connected to the Internet of Things(IoT)is of utmost importance because of the growing vulnerabilities in the smart environment.Conventional models,such as Naive Bayes and support vector machine(SVM),as well as ensemble methods,such as Gradient Boosting and eXtreme gradient boosting(XGBoost),are often plagued by high computational costs,which makes it challenging for them to perform real-time detection.In this regard,we suggested an attack detection approach that integrates Visual Geometry Group 16(VGG16),Artificial Rabbits Optimizer(ARO),and Random Forest Model to increase detection accuracy and operational efficiency in Internet of Things(IoT)networks.In the suggested model,the extraction of features from malware pictures was accomplished with the help of VGG16.The prediction process is carried out by the random forest model using the extracted features from the VGG16.Additionally,ARO is used to improve the hyper-parameters of the random forest model of the random forest.With an accuracy of 96.36%,the suggested model outperforms the standard models in terms of accuracy,F1-score,precision,and recall.The comparative research highlights our strategy’s success,which improves performance while maintaining a lower computational cost.This method is ideal for real-time applications,but it is effective.
文摘The growing threat of malware,particularly in the Portable Executable(PE)format,demands more effective methods for detection and classification.Machine learning-based approaches exhibit their potential but often neglect semantic segmentation of malware files that can improve classification performance.This research applies deep learning to malware detection,using Convolutional Neural Network(CNN)architectures adapted to work with semantically extracted data to classify malware into malware families.Starting from the Malconv model,this study introduces modifications to adapt it to multi-classification tasks and improve its performance.It proposes a new innovative method that focuses on byte extraction from Portable Executable(PE)malware files based on their semantic location,resulting in higher accuracy in malware classification than traditional methods using full-byte sequences.This novel approach evaluates the importance of each semantic segment to improve classification accuracy.The results revealed that the header segment of PE files provides the most valuable information for malware identification,outperforming the other sections,and achieving an average classification accuracy of 99.54%.The above reaffirms the effectiveness of the semantic segmentation approach and highlights the critical role header data plays in improving malware detection and classification accuracy.
