Safeguarding against malware requires precise machine-learning algorithms to classify harmful apps.The Drebin dataset of 15,036 samples and 215 features yielded significant and reliable results for two hybrid models,C...Safeguarding against malware requires precise machine-learning algorithms to classify harmful apps.The Drebin dataset of 15,036 samples and 215 features yielded significant and reliable results for two hybrid models,CNN+XGBoost and KNN+XGBoost.To address the class imbalance issue,SMOTE(Synthetic Minority Oversampling Technique)was used to preprocess the dataset,creating synthetic samples of the minority class(malware)to balance the training set.XGBoost was then used to choose the most essential features for separating malware from benign programs.The models were trained and tested using 6-fold cross-validation,measuring accuracy,precision,recall,F1 score,and ROC AUC.The results are highly dependable,showing that CNN+XGBoost consistently outperforms KNN+XGBoost with an average accuracy of 98.76%compared to 97.89%.The CNN-based malware classification model,with its higher precision,recall,and F1 scores,is a secure choice.CNN+XGBoost,with its fewer all-fold misclassifications in confusion matrices,further solidifies this security.The calibration curve research,confirming the accuracy and cybersecurity applicability of the models’probability projections,adds to the sense of reliability.This study unequivocally demonstrates that CNN+XGBoost is a reliable and effective malware detection system,underlining the importance of feature selection and hybrid models.展开更多
The proliferation of Internet of Things(IoT)devices has established edge computing as a critical paradigm for real-time data analysis and low-latency processing.Nevertheless,the distributed nature of edge computing pr...The proliferation of Internet of Things(IoT)devices has established edge computing as a critical paradigm for real-time data analysis and low-latency processing.Nevertheless,the distributed nature of edge computing presents substantial security challenges,rendering it a prominent target for sophisticated malware attacks.Existing signature-based and behavior-based detection methods are ineffective against the swiftly evolving nature of malware threats and are constrained by the availability of resources.This paper suggests the Genetic Encoding for Novel Optimization of Malware Evaluation(GENOME)framework,a novel solution that is intended to improve the performance of malware detection and classification in peripheral computing environments.GENOME optimizes data storage and computa-tional efficiency by converting malware artifacts into compact,structured sequences through a Deoxyribonucleic Acid(DNA)encoding mechanism.The framework employs two DNA encoding algorithms,standard and compressed,which substantially reduce data size while preserving high detection accuracy.The Edge-IIoTset dataset was used to conduct experiments that showed that GENOME was able to achieve high classification performance using models such as Random Forest and Logistic Regression,resulting in a reduction of data size by up to 42%.Further evaluations with the CIC-IoT-23 dataset and Deep Learning models confirmed GENOME’s scalability and adaptability across diverse datasets and algorithms.The potential of GENOME to address critical challenges,such as the rapid mutation of malware,real-time processing demands,and resource limitations,is emphasized in this study.GENOME offers comprehensive protection for peripheral computing environments by offering a security solution that is both efficient and scalable.展开更多
The rapid evolution of malware presents a critical cybersecurity challenge,rendering traditional signature-based detection methods ineffective against novel variants.This growing threat affects individuals,organizatio...The rapid evolution of malware presents a critical cybersecurity challenge,rendering traditional signature-based detection methods ineffective against novel variants.This growing threat affects individuals,organizations,and governments,highlighting the urgent need for robust malware detection mechanisms.Conventional machine learning-based approaches rely on static and dynamicmalware analysis and often struggle to detect previously unseen threats due to their dependency on predefined signatures.Although machine learning algorithms(MLAs)offer promising detection capabilities,their reliance on extensive feature engineering limits real-time applicability.Deep learning techniques mitigate this issue by automating feature extraction but may introduce computational overhead,affecting deployment efficiency.This research evaluates classical MLAs and deep learningmodels to enhance malware detection performance across diverse datasets.The proposed approach integrates a novel text and imagebased detection framework,employing an optimized Support Vector Machine(SVM)for textual data analysis and EfficientNet-B0 for image-based malware classification.Experimental analysis,conducted across multiple train-test splits over varying timescales,demonstrates 99.97%accuracy on textual datasets using SVM and 96.7%accuracy on image-based datasets with EfficientNet-B0,significantly improving zero-day malware detection.Furthermore,a comparative analysis with existing competitive techniques,such as Random Forest,XGBoost,and CNN-based(Convolutional Neural Network)classifiers,highlights the superior performance of the proposed model in terms of accuracy,efficiency,and robustness.展开更多
Over the past few years,Malware attacks have become more and more widespread,posing threats to digital assets throughout the world.Although numerous methods have been developed to detect malicious attacks,these malwar...Over the past few years,Malware attacks have become more and more widespread,posing threats to digital assets throughout the world.Although numerous methods have been developed to detect malicious attacks,these malware detection techniques need to be more efficient in detecting new and progressively sophisticated variants of malware.Therefore,the development of more advanced and accurate techniques is necessary for malware detection.This paper introduces a comprehensive Dual-Channel Attention Deep Bidirectional Long Short-Term Memory(DCADBiLSTM)model for malware detection and riskmitigation.The Dual Channel Attention(DCA)mechanism improves themodel’s capability to concentrate on the features that aremost appropriate in the input data,which reduces the false favourable rates.The Bidirectional Long,Short-Term Memory framework helps capture crucial interdependence from past and future circumstances,which is essential for enhancing the model’s understanding of malware behaviour.As soon as malware is detected,the risk mitigation phase is implemented,which evaluates the severity of each threat and helps mitigate threats earlier.The outcomes of the method demonstrate better accuracy of 98.96%,which outperforms traditional models.It indicates the method detects and mitigates several kinds of malware threats,thereby providing a proactive defence mechanism against the emerging challenges in cybersecurity.展开更多
In the current digital era,new technologies are becoming an essential part of our lives.Consequently,the number ofmalicious software ormalware attacks is rapidly growing.There is no doubt,themajority ofmalware attacks...In the current digital era,new technologies are becoming an essential part of our lives.Consequently,the number ofmalicious software ormalware attacks is rapidly growing.There is no doubt,themajority ofmalware attacks can be detected by most antivirus programs.However,such types of antivirus programs are one step behind malicious software.Due to these dilemmas,deep learning become popular in the detection and classification of malicious data.Therefore,researchers have significantly focused on finding solutions for malware attacks by analyzing malicious samples with the help of different techniques and models.In this research,we presented a lightweight attention-based novel deep Convolutional Neural Network(DNN-CNN)model for binary and multi-class malware classification,including benign,trojan horse,ransomware,and spyware.We applied the Principal Component Analysis(PCA)technique for feature extraction for binary classification.We used the Synthetic Minority Oversampling Technique(SMOTE)to handle the imbalanced data during multi-class classification.Our proposed attention-based malware detectionmodel is trained on the benchmarkmalware memory dataset named CIC-MalMem-2022.Theresults indicate that our model obtained high accuracy for binary and multi-class classification,99.5% and 97.9%,respectively.展开更多
The proliferation of malware and the emergence of adversarial samples pose severe threats to global cybersecurity,demanding robust detection mechanisms.Traditional malware detection methods suffer from limited feature...The proliferation of malware and the emergence of adversarial samples pose severe threats to global cybersecurity,demanding robust detection mechanisms.Traditional malware detection methods suffer from limited feature extraction capabilities,while existing Vision Transformer(ViT)-based approaches face high computational complexity due to global self-attention,hindering their efficiency in handling large-scale image data.To address these issues,this paper proposes a novel hybrid enhanced Vision Transformer architecture,HERL-ViT,tailored for malware detection.The detection framework involves five phases:malware image visualization,image segmentation with patch embedding,regional-local attention-based feature extraction,enhanced feature transformation,and classification.Methodologically,HERL-ViT integrates a multi-level pyramid structure to capture multi-scale features,a regionalto-local attention mechanism to reduce computational complexity,an Optimized Position Encoding Generator for dynamic relative position encoding,and enhanced MLP and downsampling modules to balance performance and efficiency.Key contributions include:(1)A unified framework integrating visualization,adversarial training,and hybrid attention for malware detection;(2)Regional-local attention to achieve both global awareness and local detail capture with lower complexity;(3)Optimized PEG to enhance spatial perception and reduce overfitting;(4)Lightweight network design(5.8M parameters)ensuring high efficiency.Experimental results show HERL-ViT achieves 99.2%accuracy(Loss=0.066)on malware classification and 98.9%accuracy(Loss=0.081)on adversarial samples,demonstrating superior performance and robustness compared to state-of-the-art methods.展开更多
Detecting cyber attacks in networks connected to the Internet of Things(IoT)is of utmost importance because of the growing vulnerabilities in the smart environment.Conventional models,such as Naive Bayes and support v...Detecting cyber attacks in networks connected to the Internet of Things(IoT)is of utmost importance because of the growing vulnerabilities in the smart environment.Conventional models,such as Naive Bayes and support vector machine(SVM),as well as ensemble methods,such as Gradient Boosting and eXtreme gradient boosting(XGBoost),are often plagued by high computational costs,which makes it challenging for them to perform real-time detection.In this regard,we suggested an attack detection approach that integrates Visual Geometry Group 16(VGG16),Artificial Rabbits Optimizer(ARO),and Random Forest Model to increase detection accuracy and operational efficiency in Internet of Things(IoT)networks.In the suggested model,the extraction of features from malware pictures was accomplished with the help of VGG16.The prediction process is carried out by the random forest model using the extracted features from the VGG16.Additionally,ARO is used to improve the hyper-parameters of the random forest model of the random forest.With an accuracy of 96.36%,the suggested model outperforms the standard models in terms of accuracy,F1-score,precision,and recall.The comparative research highlights our strategy’s success,which improves performance while maintaining a lower computational cost.This method is ideal for real-time applications,but it is effective.展开更多
In today’s digital world,the Internet of Things(IoT)plays an important role in both local and global economies due to its widespread adoption in different applications.This technology has the potential to offer sever...In today’s digital world,the Internet of Things(IoT)plays an important role in both local and global economies due to its widespread adoption in different applications.This technology has the potential to offer several advantages over conventional technologies in the near future.However,the potential growth of this technology also attracts attention from hackers,which introduces new challenges for the research community that range from hardware and software security to user privacy and authentication.Therefore,we focus on a particular security concern that is associated with malware detection.The literature presents many countermeasures,but inconsistent results on identical datasets and algorithms raise concerns about model biases,training quality,and complexity.This highlights the need for an adaptive,real-time learning framework that can effectively mitigate malware threats in IoT applications.To address these challenges,(i)we propose an intelligent framework based on Two-step Deep Reinforcement Learning(TwStDRL)that is capable of learning and adapting in real-time to counter malware threats in IoT applications.This framework uses exploration and exploitation phenomena during both the training and testing phases by storing results in a replay memory.The stored knowledge allows the model to effectively navigate the environment and maximize cumulative rewards.(ii)To demonstrate the superiority of the TwStDRL framework,we implement and evaluate several machine learning algorithms for comparative analysis that include Support Vector Machines(SVM),Multi-Layer Perceptron,Random Forests,and k-means Clustering.The selection of these algorithms is driven by the inconsistent results reported in the literature,which create doubt about their robustness and reliability in real-world IoT deployments.(iii)Finally,we provide a comprehensive evaluation to justify why the TwStDRL framework outperforms them in mitigating security threats.During analysis,we noted that our proposed TwStDRL scheme achieves an average performance of 99.45%across accuracy,precision,recall,and F1-score,which is an absolute improvement of roughly 3%over the existing malware-detection models.展开更多
Focusing on the sensitive behaviors of malware, such as privacy stealing and money costing, this paper proposes a new method to monitor software behaviors and detect malicious applications on Android platform. Accordi...Focusing on the sensitive behaviors of malware, such as privacy stealing and money costing, this paper proposes a new method to monitor software behaviors and detect malicious applications on Android platform. According to the theory and implementation of Android Binder interprocess communication mechanism, a prototype system that integrates behavior monitoring and intercepting, malware detection, and identification is built in this work. There are 50 different kinds of samples used in the experiment of malware detection, including 40 normal samples and 10 malicious samples. The theoretical analysis and experimental result demonstrate that this system is effective in malware detection and interception, with a true positive rate equal to 100% and a false positive rate less than 3%.展开更多
As the risk of malware is sharply increasing in Android platform,Android malware detection has become an important research topic.Existing works have demonstrated that required permissions of Android applications are ...As the risk of malware is sharply increasing in Android platform,Android malware detection has become an important research topic.Existing works have demonstrated that required permissions of Android applications are valuable for malware analysis,but how to exploit those permission patterns for malware detection remains an open issue.In this paper,we introduce the contrasting permission patterns to characterize the essential differences between malwares and clean applications from the permission aspect Then a framework based on contrasting permission patterns is presented for Android malware detection.According to the proposed framework,an ensemble classifier,Enclamald,is further developed to detect whether an application is potentially malicious.Every contrasting permission pattern is acting as a weak classifier in Enclamald,and the weighted predictions of involved weak classifiers are aggregated to the final result.Experiments on real-world applications validate that the proposed Enclamald classifier outperforms commonly used classifiers for Android Malware Detection.展开更多
The study of malware behaviors,over the last years,has received tremendous attention from researchers for the purpose of reducing malware risks.Most of the investigating experiments are performed using either static a...The study of malware behaviors,over the last years,has received tremendous attention from researchers for the purpose of reducing malware risks.Most of the investigating experiments are performed using either static analysis or behavior analysis.However,recent studies have shown that both analyses are vulnerable to modern malware files that use several techniques to avoid analysis and detection.Therefore,extracted features could be meaningless and a distraction for malware analysts.However,the volatile memory can expose useful information about malware behaviors and characteristics.In addition,memory analysis is capable of detecting unconventional malware,such as in-memory and fileless malware.However,memory features have not been fully utilized yet.Therefore,this work aims to present a new malware detection and classification approach that extracts memory-based features from memory images using memory forensic techniques.The extracted features can expose the malware’s real behaviors,such as interacting with the operating system,DLL and process injection,communicating with command and control site,and requesting higher privileges to perform specific tasks.We also applied feature engineering and converted the features to binary vectors before training and testing the classifiers.The experiments show that the proposed approach has a high classification accuracy rate of 98.5%and a false positive rate as low as 1.24%using the SVM classifier.The efficiency of the approach has been evaluated by comparing it with other related works.Also,a new memory-based dataset consisting of 2502 malware files and 966 benign samples forming 8898 features and belonging to six memory types has been created and published online for research purposes.展开更多
Malware is a‘malicious software program that performs multiple cyberattacks on the Internet,involving fraud,scams,nation-state cyberwar,and cybercrime.Such malicious software programs come under different classificat...Malware is a‘malicious software program that performs multiple cyberattacks on the Internet,involving fraud,scams,nation-state cyberwar,and cybercrime.Such malicious software programs come under different classifications,namely Trojans,viruses,spyware,worms,ransomware,Rootkit,botnet malware,etc.Ransomware is a kind of malware that holds the victim’s data hostage by encrypting the information on the user’s computer to make it inaccessible to users and only decrypting it;then,the user pays a ransom procedure of a sum of money.To prevent detection,various forms of ransomware utilize more than one mechanism in their attack flow in conjunction with Machine Learning(ML)algorithm.This study focuses on designing a Learning-Based Artificial Algae Algorithm with Optimal Machine Learning Enabled Malware Detection(LBAAA-OMLMD)approach in Computer Networks.The presented LBAAA-OMLMDmodelmainly aims to detect and classify the existence of ransomware and goodware in the network.To accomplish this,the LBAAA-OMLMD model initially derives a Learning-Based Artificial Algae Algorithm based Feature Selection(LBAAA-FS)model to reduce the curse of dimensionality problems.Besides,the Flower Pollination Algorithm(FPA)with Echo State Network(ESN)Classification model is applied.The FPA model helps to appropriately adjust the parameters related to the ESN model to accomplish enhanced classifier results.The experimental validation of the LBAAA-OMLMD model is tested using a benchmark dataset,and the outcomes are inspected in distinct measures.The comprehensive comparative examination demonstrated the betterment of the LBAAAOMLMD model over recent algorithms.展开更多
Cybersecurity has become the most significant research area in the domain of the Internet of Things(IoT)owing to the ever-increasing number of cyberattacks.The rapid penetration of Android platforms in mobile devices ...Cybersecurity has become the most significant research area in the domain of the Internet of Things(IoT)owing to the ever-increasing number of cyberattacks.The rapid penetration of Android platforms in mobile devices has made the detection of malware attacks a challenging process.Furthermore,Android malware is increasing on a daily basis.So,precise malware detection analytical techniques need a large number of hardware resources that are signifi-cantly resource-limited for mobile devices.In this research article,an optimal Graph Convolutional Neural Network-based Malware Detection and classification(OGCNN-MDC)model is introduced for an IoT-cloud environment.The pro-posed OGCNN-MDC model aims to recognize and categorize malware occur-rences in IoT-enabled cloud platforms.The presented OGCNN-MDC model has three stages in total,such as data pre-processing,malware detection and para-meter tuning.To detect and classify the malware,the GCNN model is exploited in this work.In order to enhance the overall efficiency of the GCNN model,the Group Mean-based Optimizer(GMBO)algorithm is utilized to appropriately adjust the GCNN parameters,and this phenomenon shows the novelty of the cur-rent study.A widespread experimental analysis was conducted to establish the superiority of the proposed OGCNN-MDC model.A comprehensive comparison study was conducted,and the outcomes highlighted the supreme performance of the proposed OGCNN-MDC model over other recent approaches.展开更多
Machine learning(ML)is often used to solve the problem of malware detection and classification,and various machine learning approaches are adapted to the problem of malware classification;still acquiring poor performa...Machine learning(ML)is often used to solve the problem of malware detection and classification,and various machine learning approaches are adapted to the problem of malware classification;still acquiring poor performance by the way of feature selection,and classification.To address the problem,an efficient novel algorithm for adaptive feature-centered XG Boost Ensemble Learner Classifier“AFC-XG Boost”is presented in this paper.The proposed model has been designed to handle varying data sets of malware detection obtained from Kaggle data set.The model turns the XG Boost classifier in several stages to optimize performance.At preprocessing stage,the data set given has been noise removed,normalized and tamper removed using Feature Base Optimizer“FBO”algorithm.The FBO would normalize the data points,as well as perform noise removal according to the feature values and their base information.Similarly,the performance of standard XG Boost has been optimized by adapting the selection using Class Based Principle Component Analysis“CBPCA”algorithm,which performs the selection according to the fitness of any feature for different classes.Based on the selected features,the method generates a regression tree for each feature considered.Based on the generated trees,the method performs classification by computing the tree-level ensemble similarity‘TLES’and the class-level ensemble similarity‘CLES’.Using both methods calculates the value of the class match similarity‘CMS’based on which the malware has been classified.The proposed approach achieves 97% accuracy in malware detection and classification with the less time complexity of 34 s for 75000 samples.展开更多
Mobile malware occupies a considerable proportion of cyberattacks.With the update of mobile device operating systems and the development of software technology,more and more new malware keep appearing.The emergence of...Mobile malware occupies a considerable proportion of cyberattacks.With the update of mobile device operating systems and the development of software technology,more and more new malware keep appearing.The emergence of new malware makes the identification accuracy of existing methods lower and lower.There is an urgent need for more effective malware detection models.In this paper,we propose a new approach to mobile malware detection that is able to detect newly-emerged malware instances.Firstly,we build and train the LSTM-based model on original benign and malware samples investigated by both static and dynamic analysis techniques.Then,we build a generative adversarial network to generate augmented examples,which can emulate the characteristics of newly-emerged malware.At last,we use the augmented examples to retrain the 4th and 5th layers of the LSTM network and the last fully connected layer so that it can discriminate against newly-emerged malware.Actual experiments show that our malware detection achieved a classification accuracy of 99.94%when tested on augmented samples and 86.5%with the samples of newly-emerged malware on real data.展开更多
In recent years,we have witnessed a surge in mobile devices such as smartphones,tablets,smart watches,etc.,most of which are based on the Android operating system.However,because these Android-based mobile devices are...In recent years,we have witnessed a surge in mobile devices such as smartphones,tablets,smart watches,etc.,most of which are based on the Android operating system.However,because these Android-based mobile devices are becoming increasingly popular,they are now the primary target of mobile malware,which could lead to both privacy leakage and property loss.To address the rapidly deteriorating security issues caused by mobile malware,various research efforts have been made to develop novel and effective detection mechanisms to identify and combat them.Nevertheless,in order to avoid being caught by these malware detection mechanisms,malware authors are inclined to initiate adversarial example attacks by tampering with mobile applications.In this paper,several types of adversarial example attacks are investigated and a feasible approach is proposed to fight against them.First,we look at adversarial example attacks on the Android system and prior solutions that have been proposed to address these attacks.Then,we specifically focus on the data poisoning attack and evasion attack models,which may mutate various application features,such as API calls,permissions and the class label,to produce adversarial examples.Then,we propose and design a malware detection approach that is resistant to adversarial examples.To observe and investigate how the malware detection system is influenced by the adversarial example attacks,we conduct experiments on some real Android application datasets which are composed of both malware and benign applications.Experimental results clearly indicate that the performance of Android malware detection is severely degraded when facing adversarial example attacks.展开更多
One of the most common types of threats to the digital world is malicious software.It is of great importance to detect and prevent existing and new malware before it damages information assets.Machine learning approac...One of the most common types of threats to the digital world is malicious software.It is of great importance to detect and prevent existing and new malware before it damages information assets.Machine learning approaches are used effectively for this purpose.In this study,we present a model in which supervised and unsupervised learning algorithms are used together.Clustering is used to enhance the prediction performance of the supervised classifiers.The aim of the proposed model is to make predictions in the shortest possible time with high accuracy and f1 score.In the first stage of the model,the data are clustered with the k-means algorithm.In the second stage,the prediction is made with the combination of the classifier with the best prediction performance for the related cluster.While choosing the best classifiers for the given clusters,triple combinations of ten machine learning algorithms(kernel support vector machine,k-nearest neighbor,naive Bayes,decision tree,random forest,extra gradient boosting,categorical boosting,adaptive boosting,extra trees,and gradient boosting)are used.The selected triple classifier combination is positioned in two stages.The prediction time of the model is improved by positioning the classifier with the slowest prediction time in the second stage.The selected triple classifier combination is positioned in two tiers.The prediction time of the model is improved by positioning the classifier with the highest prediction time in the second tier.It is seen that clustering before classification improves prediction performance,which is presented using Blue Hexagon Open Dataset for Malware Analysis(BODMAS),Elastic Malware Benchmark for Empowering Researchers(EMBER)2018 and Kaggle malware detection datasets.The model has 99.74%accuracy and 99.77%f1 score for the BODMAS dataset,99.04%accuracy and 98.63%f1 score for the Kaggle malware detection dataset,and 96.77%accuracy and 96.77%f1 score for the EMBER 2018 dataset.In addition,the tiered positioning of classifiers shortened the average prediction time by 76.13%for the BODMAS dataset and 95.95%for the EMBER 2018 dataset.The proposed method’s prediction performance is better than the rest of the studies in the literature in which BODMAS and EMBER 2018 datasets are used.展开更多
Detecting malware on mobile devices using the Android operating system has become a critical challenge in the field of cybersecurity,in the context of the rapid increase in the number of malware variants and the frequ...Detecting malware on mobile devices using the Android operating system has become a critical challenge in the field of cybersecurity,in the context of the rapid increase in the number of malware variants and the frequency of attacks targeting Android devices.In this paper,we propose a novel intelligent computational method to enhance the effectiveness of Android malware detection models.The proposed method combines two main techniques:(1)constructing a malware behavior profile and(2)extracting features from the malware behavior profile using graph neural networks.Specifically,to effectively construct an Android malware behavior profile,this paper proposes an information enrichment technique for the function call graph of malware files,based on new graph-structured features and semantic features of the malware’s source code.Additionally,to extract significant features from the constructed behavior profile,the study proposes using the GraphSAGE graph neural network.With this novel intelligent computational method,a variety of significant features of the malware have been effectively represented,synthesized,and extracted.The approach to detecting Android malware proposed in this paper is a new study and has not been explored in previous research.The experimental results on a dataset of 40,819 Android software indicate that the proposed method performs well across all metrics,with particularly impressive accuracy and recall scores of 99.03%and 99.19%,respectively,which outperforms existing state-of-the-art methods.展开更多
Malicious software(malware)is one of the main cyber threats that organizations and Internet users are currently facing.Malware is a software code developed by cybercriminals for damage purposes,such as corrupting the ...Malicious software(malware)is one of the main cyber threats that organizations and Internet users are currently facing.Malware is a software code developed by cybercriminals for damage purposes,such as corrupting the system and data as well as stealing sensitive data.The damage caused by malware is substantially increasing every day.There is a need to detect malware efficiently and automatically and remove threats quickly from the systems.Although there are various approaches to tackle malware problems,their prevalence and stealthiness necessitate an effective method for the detection and prevention of malware attacks.The deep learning-based approach is recently gaining attention as a suitable method that effectively detects malware.In this paper,a novel approach based on deep learning for detecting malware proposed.Furthermore,the proposed approach deploys novel feature selection,feature co-relation,and feature representations to significantly reduce the feature space.The proposed approach has been evaluated using a Microsoft prediction dataset with samples of 21,736 malware composed of 9 malware families.It achieved 96.01%accuracy and outperformed the existing techniques of malware detection.展开更多
Malware is an ever-present and dynamic threat to networks and computer systems in cybersecurity,and because of its complexity and evasiveness,it is challenging to identify using traditional signature-based detection a...Malware is an ever-present and dynamic threat to networks and computer systems in cybersecurity,and because of its complexity and evasiveness,it is challenging to identify using traditional signature-based detection approaches.The study article discusses the growing danger to cybersecurity that malware hidden in PDF files poses,highlighting the shortcomings of conventional detection techniques and the difficulties presented by adversarial methodologies.The article presents a new method that improves PDF virus detection by using document analysis and a Logistic Model Tree.Using a dataset from the Canadian Institute for Cybersecurity,a comparative analysis is carried out with well-known machine learning models,such as Credal Decision Tree,Naïve Bayes,Average One Dependency Estimator,Locally Weighted Learning,and Stochastic Gradient Descent.Beyond traditional structural and JavaScript-centric PDF analysis,the research makes a substantial contribution to the area by boosting precision and resilience in malware detection.The use of Logistic Model Tree,a thorough feature selection approach,and increased focus on PDF file attributes all contribute to the efficiency of PDF virus detection.The paper emphasizes Logistic Model Tree’s critical role in tackling increasing cybersecurity threats and proposes a viable answer to practical issues in the sector.The results reveal that the Logistic Model Tree is superior,with improved accuracy of 97.46%when compared to benchmark models,demonstrating its usefulness in addressing the ever-changing threat landscape.展开更多
文摘Safeguarding against malware requires precise machine-learning algorithms to classify harmful apps.The Drebin dataset of 15,036 samples and 215 features yielded significant and reliable results for two hybrid models,CNN+XGBoost and KNN+XGBoost.To address the class imbalance issue,SMOTE(Synthetic Minority Oversampling Technique)was used to preprocess the dataset,creating synthetic samples of the minority class(malware)to balance the training set.XGBoost was then used to choose the most essential features for separating malware from benign programs.The models were trained and tested using 6-fold cross-validation,measuring accuracy,precision,recall,F1 score,and ROC AUC.The results are highly dependable,showing that CNN+XGBoost consistently outperforms KNN+XGBoost with an average accuracy of 98.76%compared to 97.89%.The CNN-based malware classification model,with its higher precision,recall,and F1 scores,is a secure choice.CNN+XGBoost,with its fewer all-fold misclassifications in confusion matrices,further solidifies this security.The calibration curve research,confirming the accuracy and cybersecurity applicability of the models’probability projections,adds to the sense of reliability.This study unequivocally demonstrates that CNN+XGBoost is a reliable and effective malware detection system,underlining the importance of feature selection and hybrid models.
基金supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)(Project Nos.RS-2024-00438551,30%,2022-11220701,30%,2021-0-01816,30%)the National Research Foundation of Korea(NRF)grant funded by the Korean Government(Project No.RS2023-00208460,10%).
文摘The proliferation of Internet of Things(IoT)devices has established edge computing as a critical paradigm for real-time data analysis and low-latency processing.Nevertheless,the distributed nature of edge computing presents substantial security challenges,rendering it a prominent target for sophisticated malware attacks.Existing signature-based and behavior-based detection methods are ineffective against the swiftly evolving nature of malware threats and are constrained by the availability of resources.This paper suggests the Genetic Encoding for Novel Optimization of Malware Evaluation(GENOME)framework,a novel solution that is intended to improve the performance of malware detection and classification in peripheral computing environments.GENOME optimizes data storage and computa-tional efficiency by converting malware artifacts into compact,structured sequences through a Deoxyribonucleic Acid(DNA)encoding mechanism.The framework employs two DNA encoding algorithms,standard and compressed,which substantially reduce data size while preserving high detection accuracy.The Edge-IIoTset dataset was used to conduct experiments that showed that GENOME was able to achieve high classification performance using models such as Random Forest and Logistic Regression,resulting in a reduction of data size by up to 42%.Further evaluations with the CIC-IoT-23 dataset and Deep Learning models confirmed GENOME’s scalability and adaptability across diverse datasets and algorithms.The potential of GENOME to address critical challenges,such as the rapid mutation of malware,real-time processing demands,and resource limitations,is emphasized in this study.GENOME offers comprehensive protection for peripheral computing environments by offering a security solution that is both efficient and scalable.
基金supported and funded by the Deanship of Scientific Research at Imam Mohammad Ibn Saud Islamic University(IMSIU)(grant number IMSIU-DDRSP2504).
文摘The rapid evolution of malware presents a critical cybersecurity challenge,rendering traditional signature-based detection methods ineffective against novel variants.This growing threat affects individuals,organizations,and governments,highlighting the urgent need for robust malware detection mechanisms.Conventional machine learning-based approaches rely on static and dynamicmalware analysis and often struggle to detect previously unseen threats due to their dependency on predefined signatures.Although machine learning algorithms(MLAs)offer promising detection capabilities,their reliance on extensive feature engineering limits real-time applicability.Deep learning techniques mitigate this issue by automating feature extraction but may introduce computational overhead,affecting deployment efficiency.This research evaluates classical MLAs and deep learningmodels to enhance malware detection performance across diverse datasets.The proposed approach integrates a novel text and imagebased detection framework,employing an optimized Support Vector Machine(SVM)for textual data analysis and EfficientNet-B0 for image-based malware classification.Experimental analysis,conducted across multiple train-test splits over varying timescales,demonstrates 99.97%accuracy on textual datasets using SVM and 96.7%accuracy on image-based datasets with EfficientNet-B0,significantly improving zero-day malware detection.Furthermore,a comparative analysis with existing competitive techniques,such as Random Forest,XGBoost,and CNN-based(Convolutional Neural Network)classifiers,highlights the superior performance of the proposed model in terms of accuracy,efficiency,and robustness.
基金funded by the Deanship of Scientific Research(DSR)at King Abdulaziz University,Jeddah,under grant No.(IPP:421-611-2025).
文摘Over the past few years,Malware attacks have become more and more widespread,posing threats to digital assets throughout the world.Although numerous methods have been developed to detect malicious attacks,these malware detection techniques need to be more efficient in detecting new and progressively sophisticated variants of malware.Therefore,the development of more advanced and accurate techniques is necessary for malware detection.This paper introduces a comprehensive Dual-Channel Attention Deep Bidirectional Long Short-Term Memory(DCADBiLSTM)model for malware detection and riskmitigation.The Dual Channel Attention(DCA)mechanism improves themodel’s capability to concentrate on the features that aremost appropriate in the input data,which reduces the false favourable rates.The Bidirectional Long,Short-Term Memory framework helps capture crucial interdependence from past and future circumstances,which is essential for enhancing the model’s understanding of malware behaviour.As soon as malware is detected,the risk mitigation phase is implemented,which evaluates the severity of each threat and helps mitigate threats earlier.The outcomes of the method demonstrate better accuracy of 98.96%,which outperforms traditional models.It indicates the method detects and mitigates several kinds of malware threats,thereby providing a proactive defence mechanism against the emerging challenges in cybersecurity.
基金funded by Naif Arab University for Security Sciences under grant No.NAUSS-23-R11.
文摘In the current digital era,new technologies are becoming an essential part of our lives.Consequently,the number ofmalicious software ormalware attacks is rapidly growing.There is no doubt,themajority ofmalware attacks can be detected by most antivirus programs.However,such types of antivirus programs are one step behind malicious software.Due to these dilemmas,deep learning become popular in the detection and classification of malicious data.Therefore,researchers have significantly focused on finding solutions for malware attacks by analyzing malicious samples with the help of different techniques and models.In this research,we presented a lightweight attention-based novel deep Convolutional Neural Network(DNN-CNN)model for binary and multi-class malware classification,including benign,trojan horse,ransomware,and spyware.We applied the Principal Component Analysis(PCA)technique for feature extraction for binary classification.We used the Synthetic Minority Oversampling Technique(SMOTE)to handle the imbalanced data during multi-class classification.Our proposed attention-based malware detectionmodel is trained on the benchmarkmalware memory dataset named CIC-MalMem-2022.Theresults indicate that our model obtained high accuracy for binary and multi-class classification,99.5% and 97.9%,respectively.
基金funded by the Special Project of Langfang Key Research and Development under Grant No.2023011005Bthe Technology Innovation Platform Construction Project of North China Institute of Aerospace Engineering under Grant No.CXPT-2023-02.
文摘The proliferation of malware and the emergence of adversarial samples pose severe threats to global cybersecurity,demanding robust detection mechanisms.Traditional malware detection methods suffer from limited feature extraction capabilities,while existing Vision Transformer(ViT)-based approaches face high computational complexity due to global self-attention,hindering their efficiency in handling large-scale image data.To address these issues,this paper proposes a novel hybrid enhanced Vision Transformer architecture,HERL-ViT,tailored for malware detection.The detection framework involves five phases:malware image visualization,image segmentation with patch embedding,regional-local attention-based feature extraction,enhanced feature transformation,and classification.Methodologically,HERL-ViT integrates a multi-level pyramid structure to capture multi-scale features,a regionalto-local attention mechanism to reduce computational complexity,an Optimized Position Encoding Generator for dynamic relative position encoding,and enhanced MLP and downsampling modules to balance performance and efficiency.Key contributions include:(1)A unified framework integrating visualization,adversarial training,and hybrid attention for malware detection;(2)Regional-local attention to achieve both global awareness and local detail capture with lower complexity;(3)Optimized PEG to enhance spatial perception and reduce overfitting;(4)Lightweight network design(5.8M parameters)ensuring high efficiency.Experimental results show HERL-ViT achieves 99.2%accuracy(Loss=0.066)on malware classification and 98.9%accuracy(Loss=0.081)on adversarial samples,demonstrating superior performance and robustness compared to state-of-the-art methods.
基金funded by Institutional Fund Projects under grant no.(IFPDP-261-22)。
文摘Detecting cyber attacks in networks connected to the Internet of Things(IoT)is of utmost importance because of the growing vulnerabilities in the smart environment.Conventional models,such as Naive Bayes and support vector machine(SVM),as well as ensemble methods,such as Gradient Boosting and eXtreme gradient boosting(XGBoost),are often plagued by high computational costs,which makes it challenging for them to perform real-time detection.In this regard,we suggested an attack detection approach that integrates Visual Geometry Group 16(VGG16),Artificial Rabbits Optimizer(ARO),and Random Forest Model to increase detection accuracy and operational efficiency in Internet of Things(IoT)networks.In the suggested model,the extraction of features from malware pictures was accomplished with the help of VGG16.The prediction process is carried out by the random forest model using the extracted features from the VGG16.Additionally,ARO is used to improve the hyper-parameters of the random forest model of the random forest.With an accuracy of 96.36%,the suggested model outperforms the standard models in terms of accuracy,F1-score,precision,and recall.The comparative research highlights our strategy’s success,which improves performance while maintaining a lower computational cost.This method is ideal for real-time applications,but it is effective.
基金supported by Princess Nourah bint Abdulrahman University Researchers Supporting Project number(PNURSP2025R104)Princess Nourah bint Abdulrahman University,Riyadh,Saudi Arabia。
文摘In today’s digital world,the Internet of Things(IoT)plays an important role in both local and global economies due to its widespread adoption in different applications.This technology has the potential to offer several advantages over conventional technologies in the near future.However,the potential growth of this technology also attracts attention from hackers,which introduces new challenges for the research community that range from hardware and software security to user privacy and authentication.Therefore,we focus on a particular security concern that is associated with malware detection.The literature presents many countermeasures,but inconsistent results on identical datasets and algorithms raise concerns about model biases,training quality,and complexity.This highlights the need for an adaptive,real-time learning framework that can effectively mitigate malware threats in IoT applications.To address these challenges,(i)we propose an intelligent framework based on Two-step Deep Reinforcement Learning(TwStDRL)that is capable of learning and adapting in real-time to counter malware threats in IoT applications.This framework uses exploration and exploitation phenomena during both the training and testing phases by storing results in a replay memory.The stored knowledge allows the model to effectively navigate the environment and maximize cumulative rewards.(ii)To demonstrate the superiority of the TwStDRL framework,we implement and evaluate several machine learning algorithms for comparative analysis that include Support Vector Machines(SVM),Multi-Layer Perceptron,Random Forests,and k-means Clustering.The selection of these algorithms is driven by the inconsistent results reported in the literature,which create doubt about their robustness and reliability in real-world IoT deployments.(iii)Finally,we provide a comprehensive evaluation to justify why the TwStDRL framework outperforms them in mitigating security threats.During analysis,we noted that our proposed TwStDRL scheme achieves an average performance of 99.45%across accuracy,precision,recall,and F1-score,which is an absolute improvement of roughly 3%over the existing malware-detection models.
基金Supported by the National Natural Science Foundation of China(61103220)the Fundamental Research Funds for the Central Universities (6082013)+1 种基金the National Natural Science Foundation of Hubei(2011CDB456)Chenguang Program(2012710367)
文摘Focusing on the sensitive behaviors of malware, such as privacy stealing and money costing, this paper proposes a new method to monitor software behaviors and detect malicious applications on Android platform. According to the theory and implementation of Android Binder interprocess communication mechanism, a prototype system that integrates behavior monitoring and intercepting, malware detection, and identification is built in this work. There are 50 different kinds of samples used in the experiment of malware detection, including 40 normal samples and 10 malicious samples. The theoretical analysis and experimental result demonstrate that this system is effective in malware detection and interception, with a true positive rate equal to 100% and a false positive rate less than 3%.
基金This work was supported by Deakin Cyber Security Research Cluster National Natural Science Foundation of China under Grant Nos. 61304067 and 61202211 +1 种基金 Guangxi Key Laboratory of Trusted Software No. kx201325 the Fundamental Research Funds for the Central Universities under Grant No 31541311314.
文摘As the risk of malware is sharply increasing in Android platform,Android malware detection has become an important research topic.Existing works have demonstrated that required permissions of Android applications are valuable for malware analysis,but how to exploit those permission patterns for malware detection remains an open issue.In this paper,we introduce the contrasting permission patterns to characterize the essential differences between malwares and clean applications from the permission aspect Then a framework based on contrasting permission patterns is presented for Android malware detection.According to the proposed framework,an ensemble classifier,Enclamald,is further developed to detect whether an application is potentially malicious.Every contrasting permission pattern is acting as a weak classifier in Enclamald,and the weighted predictions of involved weak classifiers are aggregated to the final result.Experiments on real-world applications validate that the proposed Enclamald classifier outperforms commonly used classifiers for Android Malware Detection.
基金supported in part by Universiti Kebangsaan Malaysia(UKM)under Grant GUP-2019-062 and Grant GP-2019-K005539in part by the Ministry of Education Malaysia under Grant FRGS/1/2018/ICT04/UKM/02/3.
文摘The study of malware behaviors,over the last years,has received tremendous attention from researchers for the purpose of reducing malware risks.Most of the investigating experiments are performed using either static analysis or behavior analysis.However,recent studies have shown that both analyses are vulnerable to modern malware files that use several techniques to avoid analysis and detection.Therefore,extracted features could be meaningless and a distraction for malware analysts.However,the volatile memory can expose useful information about malware behaviors and characteristics.In addition,memory analysis is capable of detecting unconventional malware,such as in-memory and fileless malware.However,memory features have not been fully utilized yet.Therefore,this work aims to present a new malware detection and classification approach that extracts memory-based features from memory images using memory forensic techniques.The extracted features can expose the malware’s real behaviors,such as interacting with the operating system,DLL and process injection,communicating with command and control site,and requesting higher privileges to perform specific tasks.We also applied feature engineering and converted the features to binary vectors before training and testing the classifiers.The experiments show that the proposed approach has a high classification accuracy rate of 98.5%and a false positive rate as low as 1.24%using the SVM classifier.The efficiency of the approach has been evaluated by comparing it with other related works.Also,a new memory-based dataset consisting of 2502 malware files and 966 benign samples forming 8898 features and belonging to six memory types has been created and published online for research purposes.
基金Princess Nourah bint Abdulrahman University Researchers Supporting Project number(PNURSP2022R319)PrincessNourah bint Abdulrahman University,Riyadh,Saudi Arabia.The authors would like to thank the Deanship of Scientific Research at Umm Al-Qura University for supporting this work by Grant Code:22UQU4310373DSR34The authors are thankful to the Deanship of Scientific Research at Najran University for funding thiswork under theResearch Groups Funding program Grant Code(NU/RG/SERC/11/4).
文摘Malware is a‘malicious software program that performs multiple cyberattacks on the Internet,involving fraud,scams,nation-state cyberwar,and cybercrime.Such malicious software programs come under different classifications,namely Trojans,viruses,spyware,worms,ransomware,Rootkit,botnet malware,etc.Ransomware is a kind of malware that holds the victim’s data hostage by encrypting the information on the user’s computer to make it inaccessible to users and only decrypting it;then,the user pays a ransom procedure of a sum of money.To prevent detection,various forms of ransomware utilize more than one mechanism in their attack flow in conjunction with Machine Learning(ML)algorithm.This study focuses on designing a Learning-Based Artificial Algae Algorithm with Optimal Machine Learning Enabled Malware Detection(LBAAA-OMLMD)approach in Computer Networks.The presented LBAAA-OMLMDmodelmainly aims to detect and classify the existence of ransomware and goodware in the network.To accomplish this,the LBAAA-OMLMD model initially derives a Learning-Based Artificial Algae Algorithm based Feature Selection(LBAAA-FS)model to reduce the curse of dimensionality problems.Besides,the Flower Pollination Algorithm(FPA)with Echo State Network(ESN)Classification model is applied.The FPA model helps to appropriately adjust the parameters related to the ESN model to accomplish enhanced classifier results.The experimental validation of the LBAAA-OMLMD model is tested using a benchmark dataset,and the outcomes are inspected in distinct measures.The comprehensive comparative examination demonstrated the betterment of the LBAAAOMLMD model over recent algorithms.
基金Princess Nourah bint Abdulrahman University Researchers Supporting Project number(PNURSP2022R237)Princess Nourah bint Abdulrahman University,Riyadh,Saudi ArabiaThe authors would like to thank the Deanship of Scientific Research at Umm Al-Qura University for supporting this work by Grant Code:(22UQU4331004DSR13).
文摘Cybersecurity has become the most significant research area in the domain of the Internet of Things(IoT)owing to the ever-increasing number of cyberattacks.The rapid penetration of Android platforms in mobile devices has made the detection of malware attacks a challenging process.Furthermore,Android malware is increasing on a daily basis.So,precise malware detection analytical techniques need a large number of hardware resources that are signifi-cantly resource-limited for mobile devices.In this research article,an optimal Graph Convolutional Neural Network-based Malware Detection and classification(OGCNN-MDC)model is introduced for an IoT-cloud environment.The pro-posed OGCNN-MDC model aims to recognize and categorize malware occur-rences in IoT-enabled cloud platforms.The presented OGCNN-MDC model has three stages in total,such as data pre-processing,malware detection and para-meter tuning.To detect and classify the malware,the GCNN model is exploited in this work.In order to enhance the overall efficiency of the GCNN model,the Group Mean-based Optimizer(GMBO)algorithm is utilized to appropriately adjust the GCNN parameters,and this phenomenon shows the novelty of the cur-rent study.A widespread experimental analysis was conducted to establish the superiority of the proposed OGCNN-MDC model.A comprehensive comparison study was conducted,and the outcomes highlighted the supreme performance of the proposed OGCNN-MDC model over other recent approaches.
文摘Machine learning(ML)is often used to solve the problem of malware detection and classification,and various machine learning approaches are adapted to the problem of malware classification;still acquiring poor performance by the way of feature selection,and classification.To address the problem,an efficient novel algorithm for adaptive feature-centered XG Boost Ensemble Learner Classifier“AFC-XG Boost”is presented in this paper.The proposed model has been designed to handle varying data sets of malware detection obtained from Kaggle data set.The model turns the XG Boost classifier in several stages to optimize performance.At preprocessing stage,the data set given has been noise removed,normalized and tamper removed using Feature Base Optimizer“FBO”algorithm.The FBO would normalize the data points,as well as perform noise removal according to the feature values and their base information.Similarly,the performance of standard XG Boost has been optimized by adapting the selection using Class Based Principle Component Analysis“CBPCA”algorithm,which performs the selection according to the fitness of any feature for different classes.Based on the selected features,the method generates a regression tree for each feature considered.Based on the generated trees,the method performs classification by computing the tree-level ensemble similarity‘TLES’and the class-level ensemble similarity‘CLES’.Using both methods calculates the value of the class match similarity‘CMS’based on which the malware has been classified.The proposed approach achieves 97% accuracy in malware detection and classification with the less time complexity of 34 s for 75000 samples.
基金Funding Statement:This work was supported by the National Nature Science Foundation of China(Nos.U1836110,1836208).
文摘Mobile malware occupies a considerable proportion of cyberattacks.With the update of mobile device operating systems and the development of software technology,more and more new malware keep appearing.The emergence of new malware makes the identification accuracy of existing methods lower and lower.There is an urgent need for more effective malware detection models.In this paper,we propose a new approach to mobile malware detection that is able to detect newly-emerged malware instances.Firstly,we build and train the LSTM-based model on original benign and malware samples investigated by both static and dynamic analysis techniques.Then,we build a generative adversarial network to generate augmented examples,which can emulate the characteristics of newly-emerged malware.At last,we use the augmented examples to retrain the 4th and 5th layers of the LSTM network and the last fully connected layer so that it can discriminate against newly-emerged malware.Actual experiments show that our malware detection achieved a classification accuracy of 99.94%when tested on augmented samples and 86.5%with the samples of newly-emerged malware on real data.
文摘In recent years,we have witnessed a surge in mobile devices such as smartphones,tablets,smart watches,etc.,most of which are based on the Android operating system.However,because these Android-based mobile devices are becoming increasingly popular,they are now the primary target of mobile malware,which could lead to both privacy leakage and property loss.To address the rapidly deteriorating security issues caused by mobile malware,various research efforts have been made to develop novel and effective detection mechanisms to identify and combat them.Nevertheless,in order to avoid being caught by these malware detection mechanisms,malware authors are inclined to initiate adversarial example attacks by tampering with mobile applications.In this paper,several types of adversarial example attacks are investigated and a feasible approach is proposed to fight against them.First,we look at adversarial example attacks on the Android system and prior solutions that have been proposed to address these attacks.Then,we specifically focus on the data poisoning attack and evasion attack models,which may mutate various application features,such as API calls,permissions and the class label,to produce adversarial examples.Then,we propose and design a malware detection approach that is resistant to adversarial examples.To observe and investigate how the malware detection system is influenced by the adversarial example attacks,we conduct experiments on some real Android application datasets which are composed of both malware and benign applications.Experimental results clearly indicate that the performance of Android malware detection is severely degraded when facing adversarial example attacks.
文摘One of the most common types of threats to the digital world is malicious software.It is of great importance to detect and prevent existing and new malware before it damages information assets.Machine learning approaches are used effectively for this purpose.In this study,we present a model in which supervised and unsupervised learning algorithms are used together.Clustering is used to enhance the prediction performance of the supervised classifiers.The aim of the proposed model is to make predictions in the shortest possible time with high accuracy and f1 score.In the first stage of the model,the data are clustered with the k-means algorithm.In the second stage,the prediction is made with the combination of the classifier with the best prediction performance for the related cluster.While choosing the best classifiers for the given clusters,triple combinations of ten machine learning algorithms(kernel support vector machine,k-nearest neighbor,naive Bayes,decision tree,random forest,extra gradient boosting,categorical boosting,adaptive boosting,extra trees,and gradient boosting)are used.The selected triple classifier combination is positioned in two stages.The prediction time of the model is improved by positioning the classifier with the slowest prediction time in the second stage.The selected triple classifier combination is positioned in two tiers.The prediction time of the model is improved by positioning the classifier with the highest prediction time in the second tier.It is seen that clustering before classification improves prediction performance,which is presented using Blue Hexagon Open Dataset for Malware Analysis(BODMAS),Elastic Malware Benchmark for Empowering Researchers(EMBER)2018 and Kaggle malware detection datasets.The model has 99.74%accuracy and 99.77%f1 score for the BODMAS dataset,99.04%accuracy and 98.63%f1 score for the Kaggle malware detection dataset,and 96.77%accuracy and 96.77%f1 score for the EMBER 2018 dataset.In addition,the tiered positioning of classifiers shortened the average prediction time by 76.13%for the BODMAS dataset and 95.95%for the EMBER 2018 dataset.The proposed method’s prediction performance is better than the rest of the studies in the literature in which BODMAS and EMBER 2018 datasets are used.
文摘Detecting malware on mobile devices using the Android operating system has become a critical challenge in the field of cybersecurity,in the context of the rapid increase in the number of malware variants and the frequency of attacks targeting Android devices.In this paper,we propose a novel intelligent computational method to enhance the effectiveness of Android malware detection models.The proposed method combines two main techniques:(1)constructing a malware behavior profile and(2)extracting features from the malware behavior profile using graph neural networks.Specifically,to effectively construct an Android malware behavior profile,this paper proposes an information enrichment technique for the function call graph of malware files,based on new graph-structured features and semantic features of the malware’s source code.Additionally,to extract significant features from the constructed behavior profile,the study proposes using the GraphSAGE graph neural network.With this novel intelligent computational method,a variety of significant features of the malware have been effectively represented,synthesized,and extracted.The approach to detecting Android malware proposed in this paper is a new study and has not been explored in previous research.The experimental results on a dataset of 40,819 Android software indicate that the proposed method performs well across all metrics,with particularly impressive accuracy and recall scores of 99.03%and 99.19%,respectively,which outperforms existing state-of-the-art methods.
基金This research was funded by the Deputyship for Research and Innovation,Ministry of Education in Saudi Arabia through Project Number 1385.
文摘Malicious software(malware)is one of the main cyber threats that organizations and Internet users are currently facing.Malware is a software code developed by cybercriminals for damage purposes,such as corrupting the system and data as well as stealing sensitive data.The damage caused by malware is substantially increasing every day.There is a need to detect malware efficiently and automatically and remove threats quickly from the systems.Although there are various approaches to tackle malware problems,their prevalence and stealthiness necessitate an effective method for the detection and prevention of malware attacks.The deep learning-based approach is recently gaining attention as a suitable method that effectively detects malware.In this paper,a novel approach based on deep learning for detecting malware proposed.Furthermore,the proposed approach deploys novel feature selection,feature co-relation,and feature representations to significantly reduce the feature space.The proposed approach has been evaluated using a Microsoft prediction dataset with samples of 21,736 malware composed of 9 malware families.It achieved 96.01%accuracy and outperformed the existing techniques of malware detection.
基金This research work was funded by Institutional Fund Projects under Grant No.(IFPIP:211-611-1443).
文摘Malware is an ever-present and dynamic threat to networks and computer systems in cybersecurity,and because of its complexity and evasiveness,it is challenging to identify using traditional signature-based detection approaches.The study article discusses the growing danger to cybersecurity that malware hidden in PDF files poses,highlighting the shortcomings of conventional detection techniques and the difficulties presented by adversarial methodologies.The article presents a new method that improves PDF virus detection by using document analysis and a Logistic Model Tree.Using a dataset from the Canadian Institute for Cybersecurity,a comparative analysis is carried out with well-known machine learning models,such as Credal Decision Tree,Naïve Bayes,Average One Dependency Estimator,Locally Weighted Learning,and Stochastic Gradient Descent.Beyond traditional structural and JavaScript-centric PDF analysis,the research makes a substantial contribution to the area by boosting precision and resilience in malware detection.The use of Logistic Model Tree,a thorough feature selection approach,and increased focus on PDF file attributes all contribute to the efficiency of PDF virus detection.The paper emphasizes Logistic Model Tree’s critical role in tackling increasing cybersecurity threats and proposes a viable answer to practical issues in the sector.The results reveal that the Logistic Model Tree is superior,with improved accuracy of 97.46%when compared to benchmark models,demonstrating its usefulness in addressing the ever-changing threat landscape.
