To see the other types of publications on this topic, follow the link: Malware attack detection.
Journal articles on the topic 'Malware attack detection'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Malware attack detection.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Bhaya, Wesam S., and Mustafa A. Ali. "Review on Malware and Malware Detection Using Data Mining Techniques." JOURNAL OF UNIVERSITY OF BABYLON for Pure and Applied Sciences 25, no. 5 (2017): 1585–601. http://dx.doi.org/10.29196/jub.v25i5.104.
Full textAbstract:
Malicious software is any type of software or codes which hooks some: private information, data from the computer system, computer operations or(and) merely just to do malicious goals of the author on the computer system, without permission of the computer users. (The short abbreviation of malicious software is Malware). However, the detection of malware has become one of biggest issues in the computer security field because of the current communication infrastructures are vulnerable to penetration from many types of malware infection strategies and attacks. Moreover, malwares are variant and diverse in volume and types and that strictly explode the effectiveness of traditional defense methods like signature approach, which is unable to detect a new malware. However, this vulnerability will lead to a successful computer system penetration (and attack) as well as success of more advanced attacks like distributed denial of service (DDoS) attack. Data mining methods can be used to overcome limitation of signature-based techniques to detect the zero-day malware. This paper provides an overview of malware and malware detection system using modern techniques such as techniques of data mining approach to detect known and unknown malware samples.
2
Jagriti, Kumari, and B. Sowmya. "Malware Detection in Applications using a Virtual Environment." Research and Applications of Web Development and Design 4, no. 2 (2021): 1–7. https://doi.org/10.5281/zenodo.5509642.
Full textAbstract:
Malware assaults amongst diverse cyber-attack on computers are deemed harmful, as they are passive and sleathy. A malware assault is a cyber-attack that initiates the action of the perpetrator on the system of the victim. Adware, spyware, keyloggers and any other malware may be used to carry out malware attacks. Spyware captures information from companies or individuals and distributes it to harmful users. The Spyware keylogger records, logs and transmits the user's keystrokes to the virus attacker. These threats must be recognised and identified to ensure adequate data protection. Early detection helps to slow the spread of malware. This paper provides a methodology for logging and testing spyware attacks.
3
Vinod Kumar, Boddupally, K. Pranaya Vardhan, Kurceti Subba Rao, and Thipparthy Navya Sree. "IDENTIFICATION OF UNSATURATED ATTACKS IN VIRTUALIZED INFRASTRUCTURES WITH BIG DATA ANALYTICS IN CLOUD COMPUTING." Journal of Nonlinear Analysis and Optimization 14, no. 02 (2023): 286–92. http://dx.doi.org/10.36893/jnao.2023.v14i2.286-292.
Full textAbstract:
Security systems to protect virtualized cloud architecture typically include two types of malware detection and security analysis. Detecting malware typically involves two steps, monitoring the hotspots at various points in the virtualized infrastructure, and then using a regularly updated attack signature database to detect the presence of malware. 'Attack. It allows real-time detection of attacks, the use of special signature databases that are vulnerable to zero- day attacks that do not have attack signatures, and therefore traditional infrastructure. cannot detect complex attacks on virtualized infrastructure. Similarly, security analysis eliminates the need for signature databases using event correlation to detect previously undetected attacks, which are often unmanaged, and the current implementation is scalable in nature. In this article, we recommend BDSA's approach to establish a three-tier system for the continuous detection of future attacks. Initially, network logs from the visiting virtual machine and client application logsare sometimes collected from the visiting virtual machines and stored in HDFS. At this point, the strengths of the attack are removed with a connection scheme and a Map Reduce analyzer. Our BDSA approach uses HDFS distribution management and Spark's map-reduction display capability to address security and speed and volume issues.
4
Alazab, Ammar, Michael Hobbs, Jemal Abawajy, and Ansam Khraisat. "Malware Detection and Prevention System Based on Multi-Stage Rules." International Journal of Information Security and Privacy 7, no. 2 (2013): 29–43. http://dx.doi.org/10.4018/jisp.2013040102.
Full textAbstract:
The continuously rising Internet attacks pose severe challenges to develop an effective Intrusion Detection System (IDS) to detect known and unknown malicious attack. In order to address the problem of detecting known, unknown attacks and identify an attack grouped, the authors provide a new multi stage rules for detecting anomalies in multi-stage rules. The authors used the RIPPER for rule generation, which is capable to create rule sets more quickly and can determine the attack types with smaller numbers of rules. These rules would be efficient to apply for Signature Intrusion Detection System (SIDS) and Anomaly Intrusion Detection System (AIDS).
5
D, Sathya. "A Report on Botnet Detection Techniques for Intrusion Detection Systems." International Journal for Research in Applied Science and Engineering Technology 10, no. 6 (2022): 2022–31. http://dx.doi.org/10.22214/ijraset.2022.44253.
Full textAbstract:
Abstract— A botnet is a malware that degrades the functionality as well as access to a healthy computer system through malware programs. Botnet programs perform DDoS attack, Spam, phishing attacks. Botnet attack takes place in two ways which are peer to peer attacks and command and control attack. The peer-to-peer attack takes place to by passing botnet attacks from one system to another in a peer-to-peer network while the command-and-control attack takes place by a botmaster attack on a server which uses various transactions in exchange with systems on the network and those nodes in the networks function as slaves. The report presents a survey of various techniques of botnet detection models built using several types of machine learning techniques. The report gives the review on various methodologies involved in Botnet Detection and to identify the best methods involved to understand various dataset. We also surveyed on how classification, clustering is used in detection of Botnet to improve the accuracy of the model.
6
Du, Yao, Mengtian Cui, and Xiaochun Cheng. "A Mobile Malware Detection Method Based on Malicious Subgraphs Mining." Security and Communication Networks 2021 (April 17, 2021): 1–11. http://dx.doi.org/10.1155/2021/5593178.
Full textAbstract:
As mobile phone is widely used in social network communication, it attracts numerous malicious attacks, which seriously threaten users’ personal privacy and data security. To improve the resilience to attack technologies, structural information analysis has been widely applied in mobile malware detection. However, the rapid improvement of mobile applications has brought an impressive growth of their internal structure in scale and attack technologies. It makes the timely analysis of structural information and malicious feature generation a heavy burden. In this paper, we propose a new Android malware identification approach based on malicious subgraph mining to improve the detection performance of large-scale graph structure analysis. Firstly, function call graphs (FCGs), sensitive permissions, and application programming interfaces (APIs) are generated from the decompiled files of malware. Secondly, two kinds of malicious subgraphs are generated from malware’s decompiled files and put into the feature set. At last, test applications’ safety can be automatically identified and classified into malware families by matching their FCGs with malicious structural features. To evaluate our approach, a dataset of 11,520 malware and benign applications is established. Experimental results indicate that our approach has better performance than three previous works and Androguard.
7
Ramadhani, Arsabilla, Fauzi Adi Rafrastara, Salma Rosyada, Wildanil Ghozi, and Waleed Mahgoub Osman. "IMPROVING MALWARE DETECTION USING INFORMATION GAIN AND ENSEMBLE MACHINE LEARNING." Jurnal Teknik Informatika (Jutif) 5, no. 6 (2024): 1673–86. https://doi.org/10.52436/1.jutif.2024.5.6.3903.
Full textAbstract:
Malware attacks pose a serious threat to digital systems, potentially causing data and financial losses. The increasing complexity and diversity of malware attack techniques have made traditional detection methods ineffective, thus AI-based approaches are needed to improve the accuracy and efficiency of malware detection, especially for detecting modern malware that uses obfuscation techniques. This study addresses this issue by applying ensemble-based machine learning algorithms to enhance malware detection accuracy. The methodology used involves Random Forest, Gradient Boosting, XGBoost, and AdaBoost, with feature selection using Information Gain. Datasets from VirusTotal and VxHeaven, including both goodware and malware samples. The results show that Gradient Boosting, strengthened with Information Gain, achieved the highest accuracy of 99.1%, indicating a significant improvement in malware detection effectiveness. This study demonstrates that applying Information Gain to Gradient Boosting can improve malware detection accuracy while reducing computational requirements, contributing significantly to the optimization of digital security systems.
8
Patil, Shruti, Vijayakumar Varadarajan, Devika Walimbe, et al. "Improving the Robustness of AI-Based Malware Detection Using Adversarial Machine Learning." Algorithms 14, no. 10 (2021): 297. http://dx.doi.org/10.3390/a14100297.
Full textAbstract:
Cyber security is used to protect and safeguard computers and various networks from ill-intended digital threats and attacks. It is getting more difficult in the information age due to the explosion of data and technology. There is a drastic rise in the new types of attacks where the conventional signature-based systems cannot keep up with these attacks. Machine learning seems to be a solution to solve many problems, including problems in cyber security. It is proven to be a very useful tool in the evolution of malware detection systems. However, the security of AI-based malware detection models is fragile. With advancements in machine learning, attackers have found a way to work around such detection systems using an adversarial attack technique. Such attacks are targeted at the data level, at classifier models, and during the testing phase. These attacks tend to cause the classifier to misclassify the given input, which can be very harmful in real-time AI-based malware detection. This paper proposes a framework for generating the adversarial malware images and retraining the classification models to improve malware detection robustness. Different classification models were implemented for malware detection, and attacks were established using adversarial images to analyze the model’s behavior. The robustness of the models was improved by means of adversarial training, and better attack resistance is observed.
9
Alzahrani, Mohammad Eid. "Employing Incremental Learning for the Detection of Multiclass New Malware Variants." Indian Journal Of Science And Technology 17, no. 10 (2024): 941–48. http://dx.doi.org/10.17485/ijst/v17i10.2862.
Full textAbstract:
Background/Objectives: The study aims to achieve two main objectives. The first is to reliably identify and categorize malware variations to maintain the security of computer systems. Malware poses a continuous threat to digital information and system integrity, hence the need for effective detection tools. The second objective is to propose a new incremental learning method. This method is designed to adapt over time, continually incorporating new data, which is crucial for identifying and managing multiclass malware variants. Methods: This study utilised an incremental learning technique as the basis of the approach, a type of machine learning whereby a system retains previous knowledge and builds upon the information from the newly acquired data. Particularly, this method is suitable for tackling mutating character of malware dangers. The researchers used various sets of actual world malwares for evaluating the applicability of these ideas which serves as an accurate test environment. Findings: The findings of the research are significant. We utilizing 6 different datasets, which included 158,101 benign and malicious instances, the method demonstrated a high attack detection accuracy of 99.34%. Moreover, the study was successful in identifying a new category of malware variants and distinguishing between 15 different attack categories. These results underscore the effectiveness of the proposed incremental learning method in a real-world scenario. Novelty: This research is unique because of the novel use of a tailored incremental learning technique for dealing with dynamic threat environment of malwares. However, with a new threat they cannot be so well adapted using traditional machine learning methods. On the other hand, the technique put forward in this paper facilitates continuous learning that can be modified to match different types of malicious software as they develop. The ability to evolve and adapt is an important addition to current cybersecurity practices that include malware identification and classification. Keywords: Cybersecurity, Malware Detection, Incremental learning
10
Suryati, One Tika, and Avon Budiono. "Impact Analysis of Malware Based on Call Network API With Heuristic Detection Method." International Journal of Advances in Data and Information Systems 1, no. 1 (2020): 1–8. http://dx.doi.org/10.25008/ijadis.v1i1.176.
Full textAbstract:
Malware is a program that has a negative influence on computer systems that don't have user permissions. The purpose of making malware by hackers is to get profits in an illegal way. Therefore, we need a malware analysis. Malware analysis aims to determine the specifics of malware so that security can be built to protect computer devices. One method for analyzing malware is heuristic detection. Heuristic detection is an analytical method that allows finding new types of malware in a file or application. Many malwares are made to attack through the internet because of technological advancements. Based on these conditions, the malware analysis is carried out using the API call network with the heuristic detection method. This aims to identify the behavior of malware that attacks the network. The results of the analysis carried out are that most malware is spyware, which is lurking user activity and retrieving user data without the user's knowledge. In addition, there is also malware that is adware, which displays advertisements through pop-up windows on computer devices that interfaces with user activity. So that with these results, it can also be identified actions that can be taken by the user to protect his computer device, such as by installing antivirus or antimalware, not downloading unauthorized applications and not accessing unsafe websites.
11
Mohammad, Eid Alzahrani. "Employing Incremental Learning for the Detection of Multiclass New Malware Variants." Indian Journal of Science and Technology 17, no. 10 (2024): 941–48. https://doi.org/10.17485/IJST/v17i10.2862.
Full textAbstract:
Abstract <strong>Background/Objectives:</strong> The study aims to achieve two main objectives. The first is to reliably identify and categorize malware variations to maintain the security of computer systems. Malware poses a continuous threat to digital information and system integrity, hence the need for effective detection tools. The second objective is to propose a new incremental learning method. This method is designed to adapt over time, continually incorporating new data, which is crucial for identifying and managing multiclass malware variants. <strong>Methods:</strong> This study utilised an incremental learning technique as the basis of the approach, a type of machine learning whereby a system retains previous knowledge and builds upon the information from the newly acquired data. Particularly, this method is suitable for tackling mutating character of malware dangers. The researchers used various sets of actual world malwares for evaluating the applicability of these ideas which serves as an accurate test environment. <strong>Findings:</strong> The findings of the research are significant. We utilizing 6 different datasets, which included 158,101 benign and malicious instances, the method demonstrated a high attack detection accuracy of 99.34%. Moreover, the study was successful in identifying a new category of malware variants and distinguishing between 15 different attack categories. These results underscore the effectiveness of the proposed incremental learning method in a real-world scenario.<strong> Novelty:</strong> This research is unique because of the novel use of a tailored incremental learning technique for dealing with dynamic threat environment of malwares. However, with a new threat they cannot be so well adapted using traditional machine learning methods. On the other hand, the technique put forward in this paper facilitates continuous learning that can be modified to match different types of malicious software as they develop. The ability to evolve and adapt is an important addition to current cybersecurity practices that include malware identification and classification. <strong>Keywords:</strong> Cybersecurity, Malware Detection, Incremental learning
12
Gyamfi, Nana Kwame, Nikolaj Goranin, Dainius Ceponis, and Habil Antanas Čenys. "Automated System-Level Malware Detection Using Machine Learning: A Comprehensive Review." Applied Sciences 13, no. 21 (2023): 11908. http://dx.doi.org/10.3390/app132111908.
Full textAbstract:
Malware poses a significant threat to computer systems and networks. This necessitates the development of effective detection mechanisms. Detection mechanisms dependent on signatures for attack detection perform poorly due to high false negatives. This limitation is attributed to the inability to detect zero-day attacks, polymorphic malware, increasing signature base, and detection speed. To achieve rapid detection, automated system-level malware detection using machine learning approaches, leveraging the power of artificial intelligence to identify and mitigate malware attacks, has emerged as a promising solution. This comprehensive review aims to provides a detailed analysis of the status quo in malware detection by exploring the fundamentals of machine learning techniques for malware detection. The review is largely based on the PRISMA approach for article search methods and selection from four databases. Keywords were identified together with inclusion and exclusion criteria. The review seeks feature extraction and selection methods that enhance the accuracy and precision of detection algorithms. Evaluation metrics and common datasets were used to assess the performance of the system-level malware detection techniques. A comparative analysis of different machine learning approaches, emphasizing their strengths, weaknesses, and performance in detecting system-level malware is presented together with the limitations of the detection techniques. The paper concludes with future research opportunities, particularly in applying artificial intelligence, and provides a resource for researchers and cybersecurity professionals seeking to understand and advance automated system-level malware detection using machine learning.
13
Aslan, Ömer, Merve Ozkan-Okay, and Deepti Gupta. "A Review of Cloud-Based Malware Detection System: Opportunities, Advances and Challenges." European Journal of Engineering and Technology Research 6, no. 3 (2021): 1–8. http://dx.doi.org/10.24018/ejers.2021.6.3.2372.
Full textAbstract:
Cloud computing has an important role in all aspects of storing information and providing services online. It brings several advantages over traditional storing and sharing schema such as an easy access, on-request storage, scalability and decreasing cost. Using its rapidly developing technologies can bring many advantages to the protection of Internet of Things (IoT), Cyber-Physical Systems (CPS) from a variety of cyber-attacks, where IoT, CPS provides facilities to humans in their daily lives. Since malicious software (malware) is increasing exponentially and there is no well-known approach to detecting malware, the usage of cloud environments to detect malware can be a promising method. A new generation of malware is using advanced obfuscation and packing techniques to escape from detection systems. This situation makes almost impossible to detect complex malware by using a traditional detection approach. The paper presents an extensive review of cloud-based malware detection approach and provides a vision to understand the benefit of cloud for protection of IoT, CPS from cyber-attack. This research explains advantages and disadvantages of cloud environments in detecting malware and also proposes a cloud-based malware detection framework, which uses a hybrid approach to detect malware.
14
Aslan, Ömer, Merve Ozkan-Okay, and Deepti Gupta. "A Review of Cloud-Based Malware Detection System: Opportunities, Advances and Challenges." European Journal of Engineering and Technology Research 6, no. 3 (2021): 1–8. http://dx.doi.org/10.24018/ejeng.2021.6.3.2372.
Full textAbstract:
Cloud computing has an important role in all aspects of storing information and providing services online. It brings several advantages over traditional storing and sharing schema such as an easy access, on-request storage, scalability and decreasing cost. Using its rapidly developing technologies can bring many advantages to the protection of Internet of Things (IoT), Cyber-Physical Systems (CPS) from a variety of cyber-attacks, where IoT, CPS provides facilities to humans in their daily lives. Since malicious software (malware) is increasing exponentially and there is no well-known approach to detecting malware, the usage of cloud environments to detect malware can be a promising method. A new generation of malware is using advanced obfuscation and packing techniques to escape from detection systems. This situation makes almost impossible to detect complex malware by using a traditional detection approach. The paper presents an extensive review of cloud-based malware detection approach and provides a vision to understand the benefit of cloud for protection of IoT, CPS from cyber-attack. This research explains advantages and disadvantages of cloud environments in detecting malware and also proposes a cloud-based malware detection framework, which uses a hybrid approach to detect malware.
15
Zhang, Yunchun, Jiaqi Jiang, Chao Yi, et al. "A Robust CNN for Malware Classification against Executable Adversarial Attack." Electronics 13, no. 5 (2024): 989. http://dx.doi.org/10.3390/electronics13050989.
Full textAbstract:
Deep-learning-based malware-detection models are threatened by adversarial attacks. This paper designs a robust and secure convolutional neural network (CNN) for malware classification. First, three CNNs with different pooling layers, including global average pooling (GAP), global max pooling (GMP), and spatial pyramid pooling (SPP), are proposed. Second, we designed an executable adversarial attack to construct adversarial malware by changing the meaningless and unimportant segments within the Portable Executable (PE) header file. Finally, to consolidate the GMP-based CNN, a header-aware loss algorithm based on the attention mechanism is proposed to defend the executive adversarial attack. The experiments showed that the GMP-based CNN achieved better performance in malware detection than other CNNs with around 98.61% accuracy. However, all CNNs were vulnerable to the executable adversarial attack and a fast gradient-based attack with a 46.34% and 34.65% accuracy decline on average, respectively. Meanwhile, the improved header-aware CNN achieved the best performance with an evasion ratio of less than 5.0%.
16
Wang, Fangwei, Yuanyuan Lu, Changguang Wang, and Qingru Li. "Binary Black-Box Adversarial Attacks with Evolutionary Learning against IoT Malware Detection." Wireless Communications and Mobile Computing 2021 (August 30, 2021): 1–9. http://dx.doi.org/10.1155/2021/8736946.
Full textAbstract:
5G is about to open Pandora’s box of security threats to the Internet of Things (IoT). Key technologies, such as network function virtualization and edge computing introduced by the 5G network, bring new security threats and risks to the Internet infrastructure. Therefore, higher detection and defense against malware are required. Nowadays, deep learning (DL) is widely used in malware detection. Recently, research has demonstrated that adversarial attacks have posed a hazard to DL-based models. The key issue of enhancing the antiattack performance of malware detection systems that are used to detect adversarial attacks is to generate effective adversarial samples. However, numerous existing methods to generate adversarial samples are manual feature extraction or using white-box models, which makes it not applicable in the actual scenarios. This paper presents an effective binary manipulation-based attack framework, which generates adversarial samples with an evolutionary learning algorithm. The framework chooses some appropriate action sequences to modify malicious samples. Thus, the modified malware can successfully circumvent the detection system. The evolutionary algorithm can adaptively simplify the modification actions and make the adversarial sample more targeted. Our approach can efficiently generate adversarial samples without human intervention. The generated adversarial samples can effectively combat DL-based malware detection models while preserving the consistency of the executable and malicious behavior of the original malware samples. We apply the generated adversarial samples to attack the detection engines of VirusTotal. Experimental results illustrate that the adversarial samples generated by our method reach an evasion success rate of 47.8%, which outperforms other attack methods. By adding adversarial samples in the training process, the MalConv network is retrained. We show that the detection accuracy is improved by 10.3%.
17
Li, Deqiang, Qianmu Li, Yanfang (Fanny) Ye, and Shouhuai Xu. "Arms Race in Adversarial Malware Detection: A Survey." ACM Computing Surveys 55, no. 1 (2023): 1–35. http://dx.doi.org/10.1145/3484491.
Full textAbstract:
Malicious software (malware) is a major cyber threat that has to be tackled with Machine Learning (ML) techniques because millions of new malware examples are injected into cyberspace on a daily basis. However, ML is vulnerable to attacks known as adversarial examples. In this article, we survey and systematize the field of Adversarial Malware Detection (AMD) through the lens of a unified conceptual framework of assumptions, attacks, defenses, and security properties. This not only leads us to map attacks and defenses to partial order structures, but also allows us to clearly describe the attack-defense arms race in the AMD context. We draw a number of insights, including: knowing the defender’s feature set is critical to the success of transfer attacks; the effectiveness of practical evasion attacks largely depends on the attacker’s freedom in conducting manipulations in the problem space; knowing the attacker’s manipulation set is critical to the defender’s success; and the effectiveness of adversarial training depends on the defender’s capability in identifying the most powerful attack. We also discuss a number of future research directions.
18
Imran, Muhammad, Annalisa Appice, and Donato Malerba. "Evaluating Realistic Adversarial Attacks against Machine Learning Models for Windows PE Malware Detection." Future Internet 16, no. 5 (2024): 168. http://dx.doi.org/10.3390/fi16050168.
Full textAbstract:
During the last decade, the cybersecurity literature has conferred a high-level role to machine learning as a powerful security paradigm to recognise malicious software in modern anti-malware systems. However, a non-negligible limitation of machine learning methods used to train decision models is that adversarial attacks can easily fool them. Adversarial attacks are attack samples produced by carefully manipulating the samples at the test time to violate the model integrity by causing detection mistakes. In this paper, we analyse the performance of five realistic target-based adversarial attacks, namely Extend, Full DOS, Shift, FGSM padding + slack and GAMMA, against two machine learning models, namely MalConv and LGBM, learned to recognise Windows Portable Executable (PE) malware files. Specifically, MalConv is a Convolutional Neural Network (CNN) model learned from the raw bytes of Windows PE files. LGBM is a Gradient-Boosted Decision Tree model that is learned from features extracted through the static analysis of Windows PE files. Notably, the attack methods and machine learning models considered in this study are state-of-the-art methods broadly used in the machine learning literature for Windows PE malware detection tasks. In addition, we explore the effect of accounting for adversarial attacks on securing machine learning models through the adversarial training strategy. Therefore, the main contributions of this article are as follows: (1) We extend existing machine learning studies that commonly consider small datasets to explore the evasion ability of state-of-the-art Windows PE attack methods by increasing the size of the evaluation dataset. (2) To the best of our knowledge, we are the first to carry out an exploratory study to explain how the considered adversarial attack methods change Windows PE malware to fool an effective decision model. (3) We explore the performance of the adversarial training strategy as a means to secure effective decision models against adversarial Windows PE malware files generated with the considered attack methods. Hence, the study explains how GAMMA can actually be considered the most effective evasion method for the performed comparative analysis. On the other hand, the study shows that the adversarial training strategy can actually help in recognising adversarial PE malware generated with GAMMA by also explaining how it changes model decisions.
19
John Oluwafemi Ogun. "Advancements in automated malware analysis: evaluating the efficacy of open-source tools in detecting and mitigating emerging malware threats to US businesses." International Journal of Science and Research Archive 12, no. 2 (2024): 1958–64. http://dx.doi.org/10.30574/ijsra.2024.12.2.1488.
Full textAbstract:
Malware, short for malicious software, represents a significant and evolving threat to computer systems, targeting individuals, corporations, and governments globally. This paper explores the multifaceted nature of malware, which includes viruses, worms, Trojans, and more, and delves into how they compromise systems by disrupting services, stealing sensitive data, and denying access. Modern malware is increasingly sophisticated, evading traditional detection methods and posing challenges to cybersecurity professionals. This review outlines key methodologies in malware analysis, including MARE (Malware Analysis Reverse Engineering) and SAMA (Systematic Approach to Malware Analysis), which offer systematic frameworks for understanding and mitigating malware threats. Additionally, the paper highlights the challenges of malware analysis, such as the complexity of advanced malware variants and the limitations of current detection techniques. By examining the types of malwares, from ransomware to keyloggers, and discussing the signs of an attack, the paper underscores the importance of ongoing research and the development of more robust analytical tools. The insights provided aim to enhance the preparedness of IT professionals in combating emerging threats, emphasizing the necessity of a comprehensive understanding of malware behavior for effective defense strategies.
20
Christiana, Abikoye Oluwakemi, Benjamin Aruwa Gyunka, and Akande Noah. "Android Malware Detection through Machine Learning Techniques: A Review." International Journal of Online and Biomedical Engineering (iJOE) 16, no. 02 (2020): 14. http://dx.doi.org/10.3991/ijoe.v16i02.11549.
Full textAbstract:
<p class="0abstract">The open source nature of Android Operating System has attracted wider adoption of the system by multiple types of developers. This phenomenon has further fostered an exponential proliferation of devices running the Android OS into different sectors of the economy. Although this development has brought about great technological advancements and ease of doing businesses (e-commerce) and social interactions, they have however become strong mediums for the uncontrolled rising cyberattacks and espionage against business infrastructures and the individual users of these mobile devices. Different cyberattacks techniques exist but attacks through malicious applications have taken the lead aside other attack methods like social engineering. Android malware have evolved in sophistications and intelligence that they have become highly resistant to existing detection systems especially those that are signature-based. Machine learning techniques have risen to become a more competent choice for combating the kind of sophistications and novelty deployed by emerging Android malwares. The models created via machine learning methods work by first learning the existing patterns of malware behaviour and then use this knowledge to separate or identify any such similar behaviour from unknown attacks. This paper provided a comprehensive review of machine learning techniques and their applications in Android malware detection as found in contemporary literature.</p>
21
Chen, Hongyi, Jinshu Su, Linbo Qiao, and Qin Xin. "Malware Collusion Attack against SVM: Issues and Countermeasures." Applied Sciences 8, no. 10 (2018): 1718. http://dx.doi.org/10.3390/app8101718.
Full textAbstract:
Android has become the most popular mobile platform, and a hot target for malware developers. At the same time, researchers have come up with numerous ways to deal with malware. Among them, machine learning based methods are quite effective in Android malware detection, the accuracy of which can be as high as 98%. Thus, malware developers have the incentives to develop more advanced malware to evade detection. This paper presents an adversary attack scenario (Collusion Attack) that will compromise current machine learning based malware detection methods, especially Support Vector Machines (SVM). The malware developers can perform this attack easily by splitting malicious payload into two or more apps. Meanwhile, attackers may hide their malicious behavior by using advanced techniques (Evasion Attack), such as obfuscation, etc. According to our simulation, 87.4% of apps can evade Linear SVM by Collusion Attack. When performing Collusion and Evasion Attack simultaneously, the evasion rate can reach 100% at a low cost. Thus, we proposed a method to deal with this issue. This approach, realized in a tool, called ColluDroid, can identify the collusion apps by analyzing the communication between apps. In addition, it can integrate secure learning methods (e.g., Sec-SVM) to fight against Evasion Attack. The evaluation results show that ColluDroid is effective in finding out the collusion apps and ColluDroid-Sec-SVM has the best performance in the presence of both Collusion and Evasion Attack.
22
Maulana, Reza, Deris Stiawan, and Rahmat Budiarto. "Detection of android malware with deep learning method using convolutional neural network model." Computer Science and Information Technologies 6, no. 1 (2025): 68–79. https://doi.org/10.11591/csit.v6i1.p68-79.
Full textAbstract:
Android malware is an application that targets Android devices to steal crucial data, including money or confidential information from Android users. Recent years have seen a surge in research on Android malware, as its types continue to evolve, and cybersecurity requires periodic improvements. This research focuses on detecting Android malware attack patterns using deep learning and convolutional neural network (CNN) models, which classify and detect malware attack patterns on Android devices into two categories: malware and non-malware. This research contributes to understanding how effective the CNN models are by comparing the ratio of data used with several epochs. We effectively use CNN models to detect malware attack patterns. The results show that the deep learning method with the CNN model can manage unstructured data. The research results indicate that the CNN model demonstrates a minimal error rate during evaluation. The comparison of accuracy, precision, recall, F1 Score, and area under the curve (AUC) values demonstrates the recognition of malware attack patterns, reaching an average of 92% accuracy in data testing. This provides a holistic understanding of the model's performance and its practical utility in detecting Android malware.
23
Prakash, Surbhi, and AK Mohapatra. "Robust Analysis of XXE Attack Produced by Malware." International Journal of Membrane Science and Technology 10, no. 1 (2023): 674–85. http://dx.doi.org/10.15379/ijmst.v10i1.2630.
Full textAbstract:
Malware Analysis is one of the major growing sections in the cyber security area. Various trends and types have been introduced in the industry for example static malware analysis, Dynamic malware analysis, hybrid malware analysis and machine learning-based malware analysis techniques. There is various malware introduced for example virus, Worms, ransomware, spyware, botnets, etc. Security threats have increased drastically over the period. From viruses, spyware, worms, trojans, and ransomware to many zero-day Malware is reported and exploited in different platforms. Platforms like Windows, Android, and Cloud (Iaas or Paas). The Phenomenon is like attackers always making targets to humans via social engineering methodology or Phishing. When we talk about humans, the first thing that comes to mind of an attacker is the platform from which they will be able to concentrate on the target. The basic approach used mainly in detecting Malware in any platform is signature-based detection, which is quite beneficial. Still, as Malware is designed to be more obfuscated, detecting those malicious activities using a signature-based approach takes a lot of work. After the signature-based method, the behavior-based process is used to detect Malware. As some drawbacks appeared in both approaches, then, researchers found methodologies that can use Machine Learning Algorithms, for example, KNN, Random Forest, Nearest Neighbor, etc.
24
White, Darring. "Advxai in Malware Analysis Framework: Balancing Explainability with Security." International Journal on Soft Computing, Artificial Intelligence and Applications 14, no. 1 (2025): 11–18. https://doi.org/10.5121/ijscai.2025.14102.
Full textAbstract:
With the increased use of Artificial Intelligence (AI) in malware analysis there is also an increased need to understand the decisions models make when identifying malicious artifacts. Explainable AI (XAI) becomes the answer to interpreting the decision-making process that AI malware analysis models use to determine malicious benign samples to gain trust that in a production environment, the system is able to catch malware. With any cyber innovation brings a new set of challenges and literature soon came out about XAI as a new attack vector. Adversarial XAI (AdvXAI) is a relatively new concept but with AI applications in many sectors, it is crucial to quickly respond to the attack surface that it creates. This paper seeks to conceptualize a theoretical framework focused on addressing AdvXAI in malware analysis in an effort to balance explainability with security. Following this framework, designing a machine with an AI malware detection and analysis model will ensure that it can effectively analyze malware, explain how it came to its decision, and be built securely to avoid adversarial attacks and manipulations. The framework focuses on choosing malware datasets to train the model, choosing the AI model, choosing an XAI technique, implementing AdvXAI defensive measures, and continually evaluating the model. This framework will significantly contribute to automated malware detection and XAI efforts allowing for secure systems that are resilient to adversarial attacks.
25
Zhang, Shuhui, Changdong Hu, Lianhai Wang, Miodrag J. Mihaljevic, Shujiang Xu, and Tian Lan. "A Malware Detection Approach Based on Deep Learning and Memory Forensics." Symmetry 15, no. 3 (2023): 758. http://dx.doi.org/10.3390/sym15030758.
Full textAbstract:
As cyber attacks grow more complex and sophisticated, new types of malware become more dangerous and challenging to detect. In particular, fileless malware injects malicious code into the physical memory directly without leaving attack traces on disk files. This type of attack is well concealed, and it is difficult to find the malicious code in the static files. For malicious processes in memory, signature-based detection methods are becoming increasingly ineffective. Facing these challenges, this paper proposes a malware detection approach based on convolutional neural network and memory forensics. As the malware has many symmetric features, the saved training model can detect malicious code with symmetric features. The method includes collecting executable static malicious and benign samples, running the collected samples in a sandbox, and building a dataset of portable executables in memory through memory forensics. When a process is running, not all the program content is loaded into memory, so binary fragments are utilized for malware analysis instead of the entire portable executable (PE) files. PE file fragments are selected with different lengths and locations. We conducted several experiments on the produced dataset to test our model. The PE file with 4096 bytes of header fragment has the highest accuracy. We achieved a prediction accuracy of up to 97.48%. Moreover, an example of fileless attack is illustrated at the end of the paper. The results show that the proposed method can detect malicious codes effectively, especially the fileless attack. Its accuracy is better than that of common machine learning methods.
26
Harrsheeta, Sasikumar. "DDoS Attack Detection and Classification using Machine Learning Models with Real-Time Dataset Created." International Journal of Recent Technology and Engineering (IJRTE) 9, no. 5 (2021): 145–53. https://doi.org/10.35940/ijrte.E5217.019521.
Full textAbstract:
<strong>Abstract</strong>: Distributed Denial of Service (DDoS) attack is one of the common attack that is predominant in the cyber world. DDoS attack poses a serious threat to the internet users and affects the availability of services to legitimate users. DDOS attack is characterized by the blocking a particular service by paralyzing the victim’s resources so that they cannot be used to legitimate purpose leading to server breakdown. DDoS uses networked devices into remotely controlled bots and generates attack. The proposed system detects the DDoS attack and malware with high detection accuracy using machine learning algorithms. The real time traffic is generated using virtual instances running in a private cloud. The DDoS attack is detected by considering the various SNMP parameters and classifying using machine learning technique like bagging, boosting and ensemble models. Also, the various types of malware on the networked devices are prevent from being used as a bot for DDOS attack generation.
27
Kaushik, Dr Priyanka. "Unleashing the Power of Multi-Agent Deep Learning: Cyber-Attack Detection in IoT." International Journal for Global Academic & Scientific Research 2, no. 2 (2023): 23–45. http://dx.doi.org/10.55938/ijgasr.v2i2.46.
Full textAbstract:
Detecting botnet and malware cyber-attacks is a critical task in ensuring the security of computer networks. Traditional methods for identifying such attacks often involve static rules and signatures, which can be easily evaded by attackers. Dl is a subdivision of ML, has shown promise in enhancing the accuracy of detecting botnets and malware by analyzing large amounts of network traffic data and identifying patterns that are difficult to detect with traditional methods. In order to identify abnormal traffic patterns that can be a sign of botnet or malware activity, deep learning models can be taught to learn the intricate interactions and correlations between various network traffic parameters, such as packet size, time intervals, and protocol headers. The models can also be trained to detect anomalies in network traffic, which could indicate the presence of unknown malware. The threat of malware and botnet assaults has increased in frequency with the growth of the IoT. In this research, we offer a unique LSTM and GAN-based method for identifying such attacks. We utilise our model to categorise incoming traffic as either benign or malicious using a dataset of network traffic data from various IoT devices. Our findings show how well our method works by attaining high accuracy in identifying botnet and malware cyberattacks in IoT networks. This study makes a contribution to the creation of stronger and more effective security systems for shielding IoT devices from online dangers. One of the major advantages of using deep learning for botnet and malware detection is its ability to adapt to new and previously unknown attack patterns, making it a useful tool in the fight against constantly evolving cyber threats. However, DL models require large quantity of labeled data for training, and their performance can be affected by the quality and quantity of the data used. Deep learning holds great potential for improving the accuracy and effectiveness of botnet and malware detection, and its continued development and application could lead to significant advancements in the field of cybersecurity.
28
Zi Wei, Yee, Marina Md-Arshad, Adlina Abdul Samad, and Norafida Ithnin. "Comparing Malware Attack Detection using Machine Learning Techniques in IoT Network Traffic." International Journal of Innovative Computing 13, no. 1 (2023): 21–27. http://dx.doi.org/10.11113/ijic.v13n1.384.
Full textAbstract:
Most IoT devices are designed and built for cheap and basic functions, therefore, the security aspects of these devices are not taken seriously. Yet, IoT devices tend to play an important role in this era, where the amount of IoT devices is predicted to exceed the number of traditional computing devices such as desktops and laptops. This causes more and more cybersecurity attacks to target IoT devices and malware attack is known to be the most common attack in IoT networks. However, most research only focuses on malware detection in traditional computing devices. The purpose of this research is to compare the performance of Random Forest and Naïve Bayes algorithm in terms of accuracy, precision, recall and F1-score in classifying the malware attack and benign traffic in IoT network traffic. Research is conducted with the Aposemat IoT-23 dataset, a labelled dataset that contains IoT malware infection traffic and IoT benign traffic. To determine the data in IoT network traffic packets that are useful for threat detection, a study is conducted and the threat data is cleaned up and prepared using RStudio and RapidMiner Studio. Random Forest and Naïve Bayes algorithm is used to train and classify the cleaned dataset. Random Forest can prevent the model from overfitting while Naïve Bayes requires less training time. Lastly, the accuracy, precision, recall and F1-score of the machine learning algorithms are compared and discussed. The research result displays the Random Forest as the best machine learning algorithm in classifying the malware attack traffic.
29
Sen, Saurabh Kumar, and Anuradha Deolase. "Analyse Cyberattack at Organizations using Logistic Regression Algorithm." International Journal for Research in Applied Science and Engineering Technology 10, no. 3 (2022): 518–25. http://dx.doi.org/10.22214/ijraset.2022.40663.
Full textAbstract:
Abstract: Ransomware cyberattacks have grown in severity, effectiveness to cause damage, and ease of execution during the last decade. Advanced ransomware detection technologies must be included with traditional anti-malware procedures. The results of a study and analysis of ransomware attack risk are presented in this work, with the goal of identifying the characteristics that separate ransomware from other malware and benign executable files with the help of detected logs. The ransomware's normal behaviour and structure are determined by statically and dynamically analysing the executable binaries. Ransomware-specific features are extracted from executable files using dynamic and static analysis techniques. This study shows that graph representation of attacks with a collection of datasets for malware detection improves when using machine learning techniques. Keywords: Ransomware, Malware Detection, Static Analysis, Dynamic Analysis, Anti-malware, Machine learning etc.
30
Almehmadi, Lamia, Abdullah Basuhail, Daniyal Alghazzawi, and Osama Rabie. "Framework for Malware Triggering Using Steganography." Applied Sciences 12, no. 16 (2022): 8176. http://dx.doi.org/10.3390/app12168176.
Full textAbstract:
Teaching offensive security (ethical hacking) is becoming a required component of information security curricula to develop better cybersecurity practitioners. Many academics and industry professionals believe that a good knowledge of the attacks a system can face is required to protect a system. The early detection of an attack is critical to effectively defending a system. We can’t wait for threats to be discovered in the wild to begin planning our defenses. For our study, we designed and developed an offensive model that aims to remain concealed in an image until it reaches the target location. Our attack approach exploits image steganography, which involves embedding malicious code and a geolocation code into a digital image. This study aimed to discover new ways to attack computer systems and stimulate awareness of such attacks among browser developers, thus encouraging them to handle images with more care. In our experiments, both stego-image analysis and geolocation techniques are tested. Our experience has confirmed that converting indiscriminate attacks into targeted attacks is possible.
31
Sudarsan, Paka, V. N. V. S. K. Vinay, Rejeti Pavan Satya Kumar, and Burugupalli Jagadeesh. "Detection of Malware in Android Application using Machine Learning." INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 09, no. 04 (2025): 1–9. https://doi.org/10.55041/ijsrem44095.
Full textAbstract:
Malware is a piece of software which contains malicious data which damage or disrupt a device's normal use it is intentionally created to exploit systems without the user's knowledge. Since there is a rapid increase in mobile usage especially android ones has changed the way user access information and perform daily tasks as there is a large increase in human usage, malware also gets proportionately increased With the increasing complexity and diversity of malware, it is difficult for traditional methods to identify them This study explain nature of malware and various forms, including viruses, worms, Trojans, ransomware, adware, spyware, and rootkits. Where each attack has a different way of injecting malware into android environment. Since traditional methods tries to identify known malware signatures, they tend to fail in predicting new attacks The primary objective of this paper is to utilise ML models especially logistic regression as it is a binary classification model which can handle classification problems well, and make a effective malware prediction model. Index Terms - Malware, machine learning, android applications, logistic regression
32
Kong, Zixiao, Jingfeng Xue, Zhenyan Liu, Yong Wang, and Weijie Han. "MalDBA: Detection for Query-Based Malware Black-Box Adversarial Attacks." Electronics 12, no. 7 (2023): 1751. http://dx.doi.org/10.3390/electronics12071751.
Full textAbstract:
The increasing popularity of Industry 4.0 has led to more and more security risks, and malware adversarial attacks emerge in an endless stream, posing great challenges to user data security and privacy protection. In this paper, we investigate the stateful detection method for artificial intelligence deep learning-based malware black-box attacks, i.e., determining the presence of adversarial attacks rather than detecting whether the input samples are malicious or not. To this end, we propose the MalDBA method for experiments on the VirusShare dataset. We find that query-based black-box attacks produce a series of highly similar historical query results (also known as intermediate samples). By comparing the similarity among these intermediate samples and the trend of prediction scores returned by the detector, we can detect the presence of adversarial samples in indexed samples and thus determine whether an adversarial attack has occurred, and then protect user data security and privacy. The experimental results show that the attack detection rate can reach 100%. Compared to similar studies, our method does not require heavy feature extraction tasks or image conversion and can be operated on complete PE files without requiring a strong hardware platform.
33
Urooj, Umara, Bander Ali Saleh Al-rimy, Mazen Gazzan, et al. "A Wide and Weighted Deep Ensemble Model for Behavioral Drifting Ransomware Attacks." Mathematics 13, no. 7 (2025): 1037. https://doi.org/10.3390/math13071037.
Full textAbstract:
Ransomware is a type of malware that leverages encryption to execute its attacks. Its continuous evolution underscores its dynamic and ever-changing nature. The evolving variants use varying timelines to launch attacks and associate them with varying attack patterns. Detecting early evolving variants also leads to incomplete attack patterns. To develop an early detection model for behavioral drifting ransomware attacks, a detection model should be able to detect evolving ransomware variants. To consider the behavioral drifting problem of ransomware attacks, a model should be able to generalize the behavior of significant features comprehensively. Existing solutions were developed by using either a whole attack pattern or a fraction of an attack pattern. Likewise, they were also designed using historical data, which can make these solutions outdated or suffer from low accuracy for behavioral drift ransomware attacks. The detection models created using a fraction of the pre-encryption data also can not generalize the attack behavior of evolving ransomware variants. There is a need to develop an early detection model that can detect evolving ransomware variants with varying pre-encryption phases. The proposed model can detect the evolving ransomware variants by comprehensively generalizing significant attack patterns.
34
Singh, Abhay Pratap, and Mahendra Singh. "Real time malware detection in encrypted network traffic using machine learning with time based features." Journal of Discrete Mathematical Sciences & Cryptography 26, no. 3 (2023): 841–50. http://dx.doi.org/10.47974/jdmsc-1760.
Full textAbstract:
With the increasing amount of Internet users, malware attacks are also growing. The purpose of malicious authors creating malware is to attack, damage, or impair electronic devices. In recent times, malware authors are also using HTTPs traffic; therefore, detecting malware in HTTPs traffic is intriguing since network traffic is enciphered. As the network traffic is enciphered, it is an arduous job to identify benign and malicious traffic. It also poses a significant challenge for firewalls and anti-malware software. Hence, it is essential to monitor the network traffic for detecting malware and threats in this way that maintains the encryption integrity. In this paper, a machine learning based model was proposed, which can effectively and efficiently detect malware without deciphering the network traffic. The prime objective of the research work is to apply several of ML techniques to detect malware in real-time utilizing time-based features. The proposed methodology can classify malware attacks in less than one second, achieving an accuracy of 99% on the Central Processing Unit (CPU) and Graphics Processing Unit (GPU) platform, which is sufficient for detecting malware in real-time.
35
Saavedra de la Cueva, Marcela Estefania, Juan Carlos Pazmiño Quiñonez, and Luis Enrique Yulán Mendoza. "Optimización del Análisis de Malware en Laboratorios Virtualizados." Revista Científica Élite 7, no. 1 (2025): 1–12. https://doi.org/10.69603/itsqmet.vol7.n1.2025.105.
Full textAbstract:
Current research socializes malware analysis in virtualized environments, highlighting the relevance of static and dynamic analysis approaches in today's cybersecurity. It aims to provide a controlled environment to assess threats and develop more effective defense strategies against sophisticated cyber-attacks. The methodology includes a test lab that simulates computer attacks using technologies such as VMware, Kali Linux, and Wireshark, employing Venom RAT malware to study the behavior of attacks and their interaction with compromised systems. The main results highlight the importance of dynamic methodologies for malware detection, and how machine learning solutions can improve detection, although they face challenges due to unbalanced data. In conclusion, this experimental approach strengthens cyber protection strategies and facilitates a deep understanding of attack techniques, contributing to strengthening resilience against emerging threats.
36
Do Xuan, Cho, and Duc Duong. "Optimization of APT attack detection based on a model combining ATTENTION and deep learning." Journal of Intelligent & Fuzzy Systems 42, no. 4 (2022): 4135–51. http://dx.doi.org/10.3233/jifs-212570.
Full textAbstract:
Nowadays, early detecting and warning Advanced Persistent Threat (APT) attacks is a major challenge for intrusion monitoring and prevention systems. Current studies and proposals for APT attack detection often focus on combining machine-learning techniques and APT malware behavior analysis techniques based on network traffic. To improve the efficiency of APT attack detection, this paper proposes a new approach based on a combination of deep learning networks and ATTENTION networks. The proposed process for APT attack detection in this study is as follows: Firstly, all data of network traffic is pre-processed, and analyzed by the CNN-LSTM deep learning network, which is a combination of Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM). Then, instead of being used directly for classification, this data is analyzed and evaluated by the ATTENTION network. Finally, the output data of the ATTENTION network is classified to identify APT attacks. The optimization proposal for detecting APT attacks in this study is a novel proposal. It hasn’t been proposed and applied by any research. Some scenarios for comparing and evaluating the method proposed in this study with other approaches (implemented in section 4.4) show the superior effectiveness of our proposed approach. The results prove that the proposed method not only has scientific significance but also has practical significance because the model combining deep learning with ATTENTION network has helped improve the efficiency of analyzing and detecting APT malware based on network traffic.
37
SaeedAlmarri and Paul Sant Dr. "Optimised Malware Detection in Digital Forensics." International Journal of Network Security & Its Applications (IJNSA) 6, no. 1 (2014): 01–15. https://doi.org/10.5281/zenodo.5900306.
Full textAbstract:
On the Internet, malware is one of the most serious threats to system security. Most complex issues and problems on any systems are caused by malware and spam. Networks and systems can be accessed and compromised by malware known as botnets, which compromise other systems through a coordinated attack. Such malware uses anti-forensic techniques to avoid detection and investigation. To prevent systems from the malicious activity of this malware, a new framework is required that aims to develop an optimised technique for malware detection. Hence, this paper demonstrates new approaches to perform malware analysis in forensic investigations and discusses how such a framework may be developed.
38
Nguyen, Duc Viet, and Dinh Quan Dang. "Proposing A New Approach for Detecting Malware Based on the Event Analysis Technique." International Journal of Innovative Technology and Exploring Engineering (IJITEE) 12, no. 8 (2023): 21–27. https://doi.org/10.35940/ijitee.H9651.0712823.
Full textAbstract:
<strong>Abstract: </strong>The attack technique by the malware distribution form is a dangerous, difficult to detect and prevent attack method. Current malware detection studies and proposals are often based on two main methods: using sign sets and analyzing abnormal behaviors using machine learning or deep learning techniques. This paper will propose a method to detect malware on Endpoints based on Event IDs using deep learning. Event IDs are behaviors of malware tracked and collected on Endpoints' operating system kernel. The malware detection proposal based on Event IDs is a new research approach that has not been studied and proposed much. To achieve this purpose, this paper proposes to combine different data mining methods and deep learning algorithms. The data mining process is presented in detail in section 2 of the paper.
39
Albishry, Nabeel, Rayed AlGhamdi, Abdulmohsen Almalawi, Asif Irshad Khan, Pravin R. Kshirsagar, and BaruDebtera. "An Attribute Extraction for Automated Malware Attack Classification and Detection Using Soft Computing Techniques." Computational Intelligence and Neuroscience 2022 (April 25, 2022): 1–13. http://dx.doi.org/10.1155/2022/5061059.
Full textAbstract:
Malware has grown in popularity as a method of conducting cyber assaults in former decades as a result of numerous new deception methods employed by malware. To preserve networks, information, and intelligence, malware must be detected as soon as feasible. This article compares various attribute extraction techniques with distinct machine learning algorithms for static malware classification and detection. The findings indicated that merging PCA attribute extraction and SVM classifier results in the highest correct rate with the fewest possible attributes, and this paper discusses sophisticated malware, their detection techniques, and how and where to defend systems and data from malware attacks. Overall, 96% the proposed method determines the malware more accurately than the existing methods.
40
Albishry, Nabeel, Rayed AlGhamdi, Abdulmohsen Almalawi, Asif Irshad Khan, Pravin R. Kshirsagar, and BaruDebtera. "An Attribute Extraction for Automated Malware Attack Classification and Detection Using Soft Computing Techniques." Computational Intelligence and Neuroscience 2022 (April 25, 2022): 1–13. http://dx.doi.org/10.1155/2022/5061059.
Full textAbstract:
Malware has grown in popularity as a method of conducting cyber assaults in former decades as a result of numerous new deception methods employed by malware. To preserve networks, information, and intelligence, malware must be detected as soon as feasible. This article compares various attribute extraction techniques with distinct machine learning algorithms for static malware classification and detection. The findings indicated that merging PCA attribute extraction and SVM classifier results in the highest correct rate with the fewest possible attributes, and this paper discusses sophisticated malware, their detection techniques, and how and where to defend systems and data from malware attacks. Overall, 96% the proposed method determines the malware more accurately than the existing methods.
41
Jasi, Teba Ali, and Muna M. Taher Jawhar. "Detecting network attacks Model based on a long short-term memory LSTM." Technium: Romanian Journal of Applied Sciences and Technology 4, no. 8 (2022): 64–72. http://dx.doi.org/10.47577/technium.v4i8.7225.
Full textAbstract:
Nowadays, network-connected devices such as mobile phones and IoT devices are increasing, the types and numbers of these devices are increasing, the impact of successful attacks is increasing and the fear is growing due to the security effects when using them. In addition, a broader attack surface is available to identify and respond to these network attacks, different systems are used to prevent and stop Some of these systems consist of two layers, the first layer which provides Security and Intrusion Prevention is the firewall, while the second layer is the network intrusion detection system or attack detection system, if only the first layer represented by the firewall is used we cannot prevent attack, that's why attack detection or malware detection systems are used along with a firewall.
42
Senanayake, Janaka, Harsha Kalutarage, and Mhd Omar Al-Kadri. "Android Mobile Malware Detection Using Machine Learning: A Systematic Review." Electronics 10, no. 13 (2021): 1606. http://dx.doi.org/10.3390/electronics10131606.
Full textAbstract:
With the increasing use of mobile devices, malware attacks are rising, especially on Android phones, which account for 72.2% of the total market share. Hackers try to attack smartphones with various methods such as credential theft, surveillance, and malicious advertising. Among numerous countermeasures, machine learning (ML)-based methods have proven to be an effective means of detecting these attacks, as they are able to derive a classifier from a set of training examples, thus eliminating the need for an explicit definition of the signatures when developing malware detectors. This paper provides a systematic review of ML-based Android malware detection techniques. It critically evaluates 106 carefully selected articles and highlights their strengths and weaknesses as well as potential improvements. Finally, the ML-based methods for detecting source code vulnerabilities are discussed, because it might be more difficult to add security after the app is deployed. Therefore, this paper aims to enable researchers to acquire in-depth knowledge in the field and to identify potential future research and development directions.
43
Arti Deshpande. "Leveraging Signature Patterns and Machine Learning for Detecting HTTP Header Manipulation Attacks." Journal of Information Systems Engineering and Management 10, no. 9s (2025): 636–50. https://doi.org/10.52783/jisem.v10i9s.1290.
Full textAbstract:
Hypertext Transfer Protocol (HTTP) injection is a security vulnerability in which attackers manipulate HTTP Headers for malicious intent which facilitate various types of attacks like Downgrade-attack, Session fixation, Session hijacking, Cross-site scripting (XSS), Script injection, Referer forgery, Host header injection and Cache poisoning. These HTTP header manipulations can also be used for phishing and malware attacks. This study proposes leveraging signature attack patterns enhanced with Machine Learning (ML) and Deep Learning (DL) for detection of malicious header. HTTP request headers will be intercepted using Mitmproxy, and known attacks such as Downgrade attacks, Session fixation, Session hijacking, Token manipulation, Script injection will be detected based on their unique signatures. Malicious Internet Protocol (IP) addresses in the headers are detected using a blacklist sourced from the IPsum GitHub repository. Additionally, the malicious classifier model utilizes a hybrid approach for feature extraction based on Natural Language Processing (NLP) and traditional methods followed by generation of adversarial samples using Generative Adversarial Network (GAN). Multiple supervised ML and DL models are employed to classify URLs as phishing, malware, or benign and detect the specific attack type such as Referer forgery, Host header injection and other malware-related activities. The dataset is sourced from trusted repositories like Phishing URL dataset by Mendeley, Malicious URLs dataset from Kaggle and IPSum GitHub repository to construct a curated dataset. Adversarial samples generated using GAN are augmented in the dataset used for training the model to make it resistant to adversarial attack. The detection of Malicious HTTP headers using the proposed model is evaluated using performance metrics.
44
Bellizzi, Jennifer, Eleonora Losiouk, Mauro Conti, Christian Colombo, and Mark Vella. "VEDRANDO: A Novel Way to Reveal Stealthy Attack Steps on Android through Memory Forensics." Journal of Cybersecurity and Privacy 3, no. 3 (2023): 364–95. http://dx.doi.org/10.3390/jcp3030019.
Full textAbstract:
The ubiquity of Android smartphones makes them targets of sophisticated malware, which maintain long-term stealth, particularly by offloading attack steps to benign apps. Such malware leaves little to no trace in logs, and the attack steps become difficult to discern from benign app functionality. Endpoint detection and response (EDR) systems provide live forensic capabilities that enable anomaly detection techniques to detect anomalous behavior in application logs after an app hijack. However, this presents a challenge, as state-of-the-art EDRs rely on device and third-party application logs, which may not include evidence of attack steps, thus prohibiting anomaly detection techniques from exposing anomalous behavior. While, theoretically, all the evidence resides in volatile memory, its ephemerality necessitates timely collection, and its extraction requires device rooting or app repackaging. We present VEDRANDO, an enhanced EDR for Android that accomplishes (i) the challenge of timely collection of volatile memory artefacts and (ii) the detection of a class of stealthy attacks that hijack benign applications. VEDRANDO leverages memory forensics and app virtualization techniques to collect timely evidence from memory, which allows uncovering attack steps currently uncollected by the state-of-the-art EDRs. The results showed that, with less than 5% CPU overhead compared to normal usage, VEDRANDO could uniquely collect and fully reconstruct the stealthy attack steps of ten realistic messaging hijack attacks using standard anomaly detection techniques, without requiring device or app modification.
45
Mujtaba, Ahmad, Mehrunisa Zulfiqar, Muhammad Umar Azhar, Sadaqat Ali, Asfar Ali, and Hamayun Khan. "ML-based Fileless Malware Threats Analysis for the Detection of Cyber security Attack based on Memory Forensics: A Survey." Asian Bulletin of Big Data Management 5, no. 1 (2025): 1–14. https://doi.org/10.62019/abbdm.v5i1.289.
Full textAbstract:
The rapid advancements in cyber-attack strategies are in parallel with the measures for detection, analysis, and prevention. Attackers have recently developed fileless malware that can simply bypass existing security mechanisms. The high complexity of malware and the attacks rises in today’s world because malware increases the chance of cyberwar in many countries, the rise of one of the most sophisticated fileless malware is now increasing day by day and the present challenges for traditional malware detection and analysis are used that does not provide the complete information on Fileless malware. It evades conventional signature and firewall detection systems by hiding and directly injecting its malicious code into RAM, leaving no or minimum traces on the file system. This review paper explores the crucial artifacts in memory forensics that lead to a critical approach to addressing the challenges mentioned so that the investigator can detect and analyze the critical threats. Also, it highlights the method that helps the investigators analyze every aspect of the malicious or embedded code. This will help us to improve the detection criteria and the accuracy of the results. This study also helps the examiners in the examination of the processes and different types of analysis i.e. strings, anomaly detection, and the critical techniques used for retrieving malware artifacts. This review also includes the limitations of the existing tools and methodologies and the new evolving techniques and tactics used by the malware to hide its footprints. By identifying these gaps these papers provide robust farmwork for the enhancement of malware analysis tools and procedures to help the examiners in the analysis and examination of malware
46
Suryati, One Tika, and Avon Budiono. "Impact Analysis of Malware Based on Call Network API With Heuristic Detection Method." International Journal of Advances in Data and Information Systems 1, no. 1 (2020): 8. http://dx.doi.org/10.25008/ijadis.v1i1.2.
Full textAbstract:
Malware is a program that has a negative influence on computer systems that do not have user permission. The purpose of malware by hackers is to gain profit in an illegal way. Therefore we need a malware analysis that aims to find out the specifics of malware so that security can be built to protect computer devices. One method for analyzing malware is heuristic detection. Heuristic detection is an analytical method that allows to find new types of malware in a file or application. A lot of malware is created to attack through the internet because of technological advances. Under these conditions, a malware analysis is performed using the call network API with the heuristic detection method. This aims to identify the behavior of malware that attacks the network. The results of the analysis carried out is that most malware is spyware, which is lurking for user activity and retrieving user data without the user's knowledge. In addition, there is also malware that is as adware, which displays advertisements through pop-up windows on computer devices that interfere with user activity. So with these results, it can also be identified actions that can be taken by users to protect their computer devices, such as by installing antivirus or antimalware, not downloading unauthorized applications and not accessing insecure websites.
47
Duc Viet, Nguyen, and Dang Dinh Quan. "Proposing A New Approach for Detecting Malware Based on the Event Analysis Technique." International Journal of Innovative Technology and Exploring Engineering 12, no. 8 (2023): 21–27. http://dx.doi.org/10.35940/ijitee.h9651.0712823.
Full textAbstract:
The attack technique by the malware distribution form is a dangerous, difficult to detect and prevent attack method. Current malware detection studies and proposals are often based on two main methods: using sign sets and analyzing abnormal behaviors using machine learning or deep learning techniques. This paper will propose a method to detect malware on Endpoints based on Event IDs using deep learning. Event IDs are behaviors of malware tracked and collected on Endpoints' operating system kernel. The malware detection proposal based on Event IDs is a new research approach that has not been studied and proposed much. To achieve this purpose, this paper proposes to combine different data mining methods and deep learning algorithms. The data mining process is presented in detail in section 2 of the paper.
48
Moussaileb, Routa, Nora Cuppens, Jean-Louis Lanet, and Hélène Le Bouder. "A Survey on Windows-based Ransomware Taxonomy and Detection Mechanisms." ACM Computing Surveys 54, no. 6 (2021): 1–36. http://dx.doi.org/10.1145/3453153.
Full textAbstract:
Ransomware remains an alarming threat in the 21st century. It has evolved from being a simple scare tactic into a complex malware capable of evasion. Formerly, end-users were targeted via mass infection campaigns. Nevertheless, in recent years, the attackers have focused on targeted attacks, since the latter are profitable and can induce severe damage. A vast number of detection mechanisms have been proposed in the literature. We provide a systematic review of ransomware countermeasures starting from its deployment on the victim machine until the ransom payment via cryptocurrency. We define four stages of this malware attack: Delivery, Deployment, Destruction, and Dealing. Then, we assign the corresponding countermeasures for each phase of the attack and cluster them by the techniques used. Finally, we propose a roadmap for researchers to fill the gaps found in the literature in ransomware’s battle.
49
AMALRAJ VICTOIRE, Dr T. "Protecting Sensitive Data on USB Drives: An AI-Driven Solution for Malware Detection and Data Privacy." International Scientific Journal of Engineering and Management 04, no. 06 (2025): 1–9. https://doi.org/10.55041/isjem04159.
Full textAbstract:
Abstract: USB drives, external hard drives and memory cards are commonly used for transferring and storing data. These devices are highly portable, easy to use, and can be used virtually anywhere that data is stored. One of the most common modes of covert data theft is by using malware injection attacks, which is when malicious code is injected into a system to secretly collect and/or steal sensitive data. Since these attacks are quite sneaky and can bypass conventional security measures, they can be exploited for unauthorized access of sensitive data. Existing systems tend to focus on either detecting malware or data backup separately. This lack of comprehensive approach does not allow sensitive data to be protected from such attacks. To bridge the gap, this paper presents an integrated security solution that employs deep neural networks (DNN) to detect a malware injection attack, CloudConceal, a secure backup or recovery system, and Data Masking using Tokenization to obfuscate sensitive data stored on USB drives. The DNN model discovers suspicious system activity such as file access and creation of process by analyzing features such as API calls, byte sequences, and metadata of system logs. After finding a malware attack, sensitive data is automatically transported to CloudConceal to create encrypted copies of the data and to recover in case of data loss or compromise of any kind. Besides this, the proposed system obfuscates sensitive information on USB drives in a way that replaces original data with tokens. In return, unauthorized users cannot reach the actual content. This integrated model offers a framework to protect sensitive data from covert data theft, strengthen sensitive data security, and safeguard its availability and integrity. Keywords: USB security, covert data theft, malware injection attacks, Deep Neural Networks (DNN), AI-driven malware detection, CloudConceal, secure backup and recovery, data masking, tokenization, portable storage protection, data privacy, system activity monitoring, encrypted data, sensitive data protection, cybersecurity.
50
Ehsan, Adeel, Cagatay Catal, and Alok Mishra. "Detecting Malware by Analyzing App Permissions on Android Platform: A Systematic Literature Review." Sensors 22, no. 20 (2022): 7928. http://dx.doi.org/10.3390/s22207928.
Full textAbstract:
Smartphone adaptation in society has been progressing at a very high speed. Having the ability to run on a vast variety of devices, much of the user base possesses an Android phone. Its popularity and flexibility have played a major role in making it a target of different attacks via malware, causing loss to users, both financially and from a privacy perspective. Different malware and their variants are emerging every day, making it a huge challenge to come up with detection and preventive methodologies and tools. Research has spawned in various directions to yield effective malware detection mechanisms. Since malware can adopt different ways to attack and hide, accurate analysis is the key to detecting them. Like any usual mobile app, malware requires permission to take action and use device resources. There are 235 total permissions that the Android app can request on a device. Malware takes advantage of this to request unnecessary permissions, which would enable those to take malicious actions. Since permissions are critical, it is important and challenging to identify if an app is exploiting permissions and causing damage. The focus of this article is to analyze the identified studies that have been conducted with a focus on permission analysis for malware detection. With this perspective, a systematic literature review (SLR) has been produced. Several papers have been retrieved and selected for detailed analysis. Current challenges and different analyses were presented using the identified articles.