To see the other types of publications on this topic, follow the link: Zero-day malware attacks.
Journal articles on the topic 'Zero-day malware attacks'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 46 journal articles for your research on the topic 'Zero-day malware attacks.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Bhaya, Wesam S., and Mustafa A. Ali. "Review on Malware and Malware Detection Using Data Mining Techniques." JOURNAL OF UNIVERSITY OF BABYLON for Pure and Applied Sciences 25, no. 5 (November 29, 2017): 1585–601. http://dx.doi.org/10.29196/jub.v25i5.104.
Full textAbstract:
Malicious software is any type of software or codes which hooks some: private information, data from the computer system, computer operations or(and) merely just to do malicious goals of the author on the computer system, without permission of the computer users. (The short abbreviation of malicious software is Malware). However, the detection of malware has become one of biggest issues in the computer security field because of the current communication infrastructures are vulnerable to penetration from many types of malware infection strategies and attacks. Moreover, malwares are variant and diverse in volume and types and that strictly explode the effectiveness of traditional defense methods like signature approach, which is unable to detect a new malware. However, this vulnerability will lead to a successful computer system penetration (and attack) as well as success of more advanced attacks like distributed denial of service (DDoS) attack. Data mining methods can be used to overcome limitation of signature-based techniques to detect the zero-day malware. This paper provides an overview of malware and malware detection system using modern techniques such as techniques of data mining approach to detect known and unknown malware samples.
2
Emmah, Victor T., Chidiebere Ugwu, and Laeticia N. Onyejegbu. "An Enhanced Classification Model for Likelihood of Zero-Day Attack Detection and Estimation." European Journal of Electrical Engineering and Computer Science 5, no. 4 (August 19, 2021): 69–75. http://dx.doi.org/10.24018/ejece.2021.5.4.350.
Full textAbstract:
The growing threat to sensitive information stored in computer systems and devices is becoming alarming. This is as a result of the proliferation of different malware created on a daily basis to cause zero-day attacks. Most of the malware whose signatures are known can easily be detected and blocked, however, the unknown malwares are the most dangerous. In this paper a zero-day vulnerability model based on deep-reinforcement learning is presented. The technique employs a Monte Carlo Based Pareto Rule (Deep-RL-MCB-PR) approach that exploits a reward learning and training feature with sparse feature generation and adaptive multi-layered recurrent prediction for the detection and subsequent mitigation of zero-day threats. The new model has been applied to the Kyoto benchmark datasets for intrusion detection systems, and compared to an existing system, that uses a multi-layer protection and a rule-based ranking (RBK) approach to detect a zero-day attack likelihood. Experiments were performed using the dataset, and simulation results show that the Deep-RL-MCB-PR technique when measured with the classification accuracy metrics, produced about 67.77%. The dataset was further magnified, and the result of classification accuracy showed about 75.84%. These results account for a better error response when compared to the RBK technique.
3
Krishna, T. Shiva Rama. "Malware Detection using Deep Learning." International Journal for Research in Applied Science and Engineering Technology 9, no. VI (June 20, 2021): 1847–53. http://dx.doi.org/10.22214/ijraset.2021.35426.
Full textAbstract:
Malicious software or malware continues to pose a major security concern in this digital age as computer users, corporations, and governments witness an exponential growth in malware attacks. Current malware detection solutions adopt Static and Dynamic analysis of malware signatures and behaviour patterns that are time consuming and ineffective in identifying unknown malwares. Recent malwares use polymorphic, metamorphic and other evasive techniques to change the malware behaviour’s quickly and to generate large number of malwares. Since new malwares are predominantly variants of existing malwares, machine learning algorithms are being employed recently to conduct an effective malware analysis. This requires extensive feature engineering, feature learning and feature representation. By using the advanced MLAs such as deep learning, the feature engineering phase can be completely avoided. Though some recent research studies exist in this direction, the performance of the algorithms is biased with the training data. There is a need to mitigate bias and evaluate these methods independently in order to arrive at new enhanced methods for effective zero-day malware detection. To fill the gap in literature, this work evaluates classical MLAs and deep learning architectures for malware detection, classification and categorization with both public and private datasets. The train and test splits of public and private datasets used in the experimental analysis are disjoint to each other’s and collected in different timescales. In addition, we propose a novel image processing technique with optimal parameters for MLAs and deep learning architectures. A comprehensive experimental evaluation of these methods indicate that deep learning architectures outperform classical MLAs. Overall, this work proposes an effective visual detection of malware using a scalable and hybrid deep learning framework for real-time deployments. The visualization and deep learning architectures for static, dynamic and image processing-based hybrid approach in a big data environment is a new enhanced method for effective zero-day malware detection.
4
Tran, Hiep, Enrique Campos-Nanez, Pavel Fomin, and James Wasek. "Cyber resilience recovery model to combat zero-day malware attacks." Computers & Security 61 (August 2016): 19–31. http://dx.doi.org/10.1016/j.cose.2016.05.001.
Full text
5
Tayyab, Umm-e.-Hani, Faiza Babar Khan, Muhammad Hanif Durad, Asifullah Khan, and Yeon Soo Lee. "A Survey of the Recent Trends in Deep Learning Based Malware Detection." Journal of Cybersecurity and Privacy 2, no. 4 (September 28, 2022): 800–829. http://dx.doi.org/10.3390/jcp2040041.
Full textAbstract:
Monitoring Indicators of Compromise (IOC) leads to malware detection for identifying malicious activity. Malicious activities potentially lead to a system breach or data compromise. Various tools and anti-malware products exist for the detection of malware and cyberattacks utilizing IOCs, but all have several shortcomings. For instance, anti-malware systems make use of malware signatures, requiring a database containing such signatures to be constantly updated. Additionally, this technique does not work for zero-day attacks or variants of existing malware. In the quest to fight zero-day attacks, the research paradigm shifted from primitive methods to classical machine learning-based methods. Primitive methods are limited in catering to anti-analysis techniques against zero-day attacks. Hence, the direction of research moved towards methods utilizing classic machine learning, however, machine learning methods also come with certain limitations. They may include but not limited to the latency/lag introduced by feature-engineering phase on the entire training dataset as opposed to the real-time analysis requirement. Likewise, additional layers of data engineering to cater to the increasing volume of data introduces further delays. It led to the use of deep learning-based methods for malware detection. With the speedy occurrence of zero-day malware, researchers chose to experiment with few shot learning so that reliable solutions can be produced for malware detection with even a small amount of data at hand for training. In this paper, we surveyed several possible strategies to support the real-time detection of malware and propose a hierarchical model to discover security events or threats in real-time. A key focus in this survey is on the use of Deep Learning-based methods. Deep Learning based methods dominate this research area by providing automatic feature engineering, the capability of dealing with large datasets, enabling the mining of features from limited data samples, and supporting one-shot learning. We compare Deep Learning-based approaches with conventional machine learning based approaches and primitive (statistical analysis based) methods commonly reported in the literature.
6
Cheng, Binlin, Jinjun Liu, Jiejie Chen, Shudong Shi, Xufu Peng, Xingwen Zhang, and Haiqing Hai. "MoG: Behavior-Obfuscation Resistance Malware Detection." Computer Journal 62, no. 12 (June 4, 2019): 1734–47. http://dx.doi.org/10.1093/comjnl/bxz033.
Full textAbstract:
Abstract Malware brings a big security threat on the Internet today. With the great increasing malware attacks. Behavior-based detection approaches are one of the major method to detect zero-day malware. Such approaches often use API calls to represent the behavior of malware. Unfortunately, behavior-based approaches suffer from behavior obfuscation attacks. In this paper, we propose a novel malware detection approach that is both effective and efficient. First, we abstract the API call to object operation. And then we generate the object operation dependency graph based on these object operations. Finally, we construct the family dependency graph for a malware family. Our approach use family dependency graph to represent the behavior of malware family. The evaluation results show that our approach can provide a complete resistance to all types of behavior obfuscation attacks, and outperforms existing behavior-based approaches in terms of better effectiveness and efficiency.
7
Priya, P. Mohana, and Abhijit Ranganathan. "Cyber Awareness Learning Imitation Environment (CALIE): A Card Game to provide Cyber Security Awareness for Various Group of Practitioners." International Journal of Advanced Networking and Applications 14, no. 02 (2022): 5334–41. http://dx.doi.org/10.35444/ijana.2022.14203.
Full textAbstract:
Cyber attacks produced a massive impact for all online users, interrupted intended user’s internet services, financial losses, business interruptions for a large-scale industry. A proper cyber security education is must for the employees of an organization. The management prefers active based learning environment to train all non-IT and non-professionals working in an organization. This research work concentrates on development of gaming platform in both local host and in an online mode as a videogame for cyber security education. With this regard, Cyber Awareness Learning Imitation Environment – a card deck gaming environment is proposed where attackers can choose the attack cards to learn various cyber-attacks, defense cards are used for providing the suitable defense mechanism, Instruction card- to be used for learning about how to generate cyber-attacks and recent incident card used to train the players with recent incidents of various cyber-attacks discussed such as malware attack, phishing attack, password attack, Man-in-the-Middle attack, Structured Query Language injection attack, denial of service attack, insider threats, crypto jacking, zero-day exploit and watering hole attack. Questionnaire based feedback report is collected from the players to analyze their understanding about various cyber-attacks.
8
Balaji K. M. and Subbulakshmi T. "Malware Analysis Using Classification and Clustering Algorithms." International Journal of e-Collaboration 18, no. 1 (January 2022): 1–26. http://dx.doi.org/10.4018/ijec.290290.
Full textAbstract:
Malware analysis and detection are important tasks to be accomplished as malware is getting more and more arduous at every instance. The threats and problems posed by the public around the globe are also rapidly increasing. Detection of zero-day attacks and polymorphic viruses is also a challenging task to be done. The increasing threats and problems lead to the need for detection techniques which lead to the well-known and the most common approach called as machine learning. The purpose of this survey is to formulate the most effective feature extraction and classification ways that sums up the most effective methods (which includes algorithms) with maximum accuracy and also to effectively understand the clustering properties of the malware datasets by considering appropriate algorithms. This work also provides an overview on information about malwares used. The experimental results of the proposed model clearly showed that the KNN classifier as the most accurate with 0.962355 accuracy.
9
OPRIȘ, Cristian. "Cybercrime Evolution and Current Threats." International Journal of Information Security and Cybercrime 11, no. 1 (June 28, 2022): 41–48. http://dx.doi.org/10.19107/ijisc.2022.01.05.
Full textAbstract:
Cybercrime may be the biggest global threat in our time. This article reviews the current evolution of cybercrime and highlights some types of cybersecurity attacks: phishing, web-based attacks, malware, Denial of Service, Zero Day Manipulations, Cross-Site Scripting and IoT threats. We take a detailed study on ransomware phenomenon and present security measures that can protect companies and individuals regarding the current threats in cybersecurity field.
10
Kim, Dohoon, Donghee Choi, and Jonghyun Jin. "Method for Detecting Core Malware Sites Related to Biomedical Information Systems." Computational and Mathematical Methods in Medicine 2015 (2015): 1–8. http://dx.doi.org/10.1155/2015/756842.
Full textAbstract:
Most advanced persistent threat attacks target web users through malicious code within landing (exploit) or distribution sites. There is an urgent need to block the affected websites. Attacks on biomedical information systems are no exception to this issue. In this paper, we present a method for locating malicious websites that attempt to attack biomedical information systems. Our approach uses malicious code crawling to rearrange websites in the order of their risk index by analyzing the centrality between malware sites and proactively eliminates the root of these sites by finding the core-hub node, thereby reducing unnecessary security policies. In particular, we dynamically estimate the risk index of the affected websites by analyzing various centrality measures and converting them into a single quantified vector. On average, the proactive elimination of core malicious websites results in an average improvement in zero-day attack detection of more than 20%.
11
Belaissaoui, Mustapha, and József Jurassec. "A Deep Convolutional Neural Network for Image Malware Classification." International Journal of Smart Security Technologies 6, no. 1 (January 2019): 49–60. http://dx.doi.org/10.4018/ijsst.2019010104.
Full textAbstract:
Malware classification and detection is an important factor in computer system security. However, signature-based methods currently used cannot provide an accurate detection of zero-day attacks and polymorphic viruses. This is why there is a need for detection based on machine learning. The purpose of this work is to present a deep neuronal classification method using convolutional and recurrent network layers in order to obtain the best features for classification. The proposed model achieves 98.73% accuracy on the Microsoft malware dataset.
12
Yeboah, Paul Ntim, Stephen Kweku Amuquandoh, and Haruna Balle Baz Musah. "Malware Detection Using Ensemble N-gram Opcode Sequences." International Journal of Interactive Mobile Technologies (iJIM) 15, no. 24 (December 21, 2021): 19–31. http://dx.doi.org/10.3991/ijim.v15i24.25401.
Full textAbstract:
Conventional approaches to tackling malware attacks have proven to be futile at detecting never-before-seen (zero-day) malware. Research however has shown that zero-day malicious files are mostly semantic-preserving variants of already existing malware, which are generated via obfuscation methods. In this paper we propose and evaluate a machine learning based malware detection model using ensemble approach. We employ a strategy of ensemble where multiple feature sets generated from different n-gram sizes of opcode sequences are trained using a single classifier. Model predictions on the trained multi feature sets are weighted and combined on average to make a final verdict on whether a binary file is malicious or benign. To obtain optimal weight combination for the ensemble feature sets, we applied a grid search on a set of pre-defined weights in the range 0 to 1. With a balanced dataset of 2000 samples, an ensemble of n-gram opcode sequences of n sizes 1 and 2 with respective weight pair 0.3 and 0.7 yielded the best detection accuracy of 98.1% using random forest (RF) classifier. Ensemble n-gram sizes 2 and 3 obtained 99.7% as best precision using weight 0.5 for both models.
13
DRĂGHICESCU, Dragoș, Alexandru CARANICA, and Octavian FRATU. "HONEYPOT TECHNOLOGIES FOR MALWARE DETECTION AND ANALYSIS." STRATEGIES XXI - Command and Staff College 17, no. 1 (August 12, 2021): 265–71. http://dx.doi.org/10.53477/2668-2028-21-34.
Full textAbstract:
Abstract: In this paper, we offer a brief summary of latest developments in honeypot technologies, used for malware detection and analysis. This includes not only honeypot software, but also methodologies to analyze captured honeypot data. As such, our focus in this work is to keep track of current developments related to traffic analysis, especially honeypot technologies, as a means of data capture and interpretation of malicious traffic. Zero-day attacks are still very hard to predict, then handle, by any security platform. Means to successfully predict an attack is of paramount importance to the world of cybersecurity. Effective network security administration depends, to a great extent, on the understanding of existing and emerging threats propagated over the web. In order to protect information systems and its users, it is of crucial importance to collect accurate, concise, high-quality information about malicious activities, for security researchers to be able to reverse-engineer, then understand and stop a malicious actor.
14
S, Preetha, P. Lalasa, and Pradeepa R. "A Comprehensive Overview on Cybersecurity: Threats and Attacks." Regular issue 10, no. 8 (June 30, 2021): 98–106. http://dx.doi.org/10.35940/ijitee.h9242.0610821.
Full textAbstract:
In the world of evolving technologies, we are being driven by online transaction, AI technologies and automated processes. With the increased use of technologies in our life, the cybercrimes have amplified. Various new attacks, tools and techniques have been developed which allow the attackers to access more complex and well-managed systems, creating damage and even remain untraceable. The statistics about cyber crime tell that as of 2021 January, google has registered around 2 million phishing websites. In 2019 around 93.6% of observed malware was polymorphic, which means it changes the code continuously to evade detection. According to FBI and internet crime complaint center 2020crime report has doubled compared to 2019. International Data Corporation predicts that global spending on cybersecurity solutions will reach $133.7 billion by 2022 as cyber threats continue to increase. Governments around the world have acknowledged to growing cyber-attacks by providing directions to organizations implementing efficient cybersecurity practices. Cybersecurity protects computer systems and networks from creating damage to hardware and software, information disclosure, theft and from the interference or misdirection of the services they provide. The need to understand different kinds of cybercrime. In order to develop necessary measures against cybercrime, we need to understand different kinds of cybercrime. Our paper gives you an overview of various types of cyber-crime like malware, phishing, zero-day exploit, Advanced Persistent Threat (APT). The study provides an overview to different preventive existing solutions proposal and methods to detect attack. A strong understanding of such attacks would benefit us to be cautious and develop effective solutions.
15
Aboaoja, Faitouri A., Anazida Zainal, Fuad A. Ghaleb, Bander Ali Saleh Al-rimy, Taiseer Abdalla Elfadil Eisa, and Asma Abbas Hassan Elnour. "Malware Detection Issues, Challenges, and Future Directions: A Survey." Applied Sciences 12, no. 17 (August 25, 2022): 8482. http://dx.doi.org/10.3390/app12178482.
Full textAbstract:
The evolution of recent malicious software with the rising use of digital services has increased the probability of corrupting data, stealing information, or other cybercrimes by malware attacks. Therefore, malicious software must be detected before it impacts a large number of computers. Recently, many malware detection solutions have been proposed by researchers. However, many challenges limit these solutions to effectively detecting several types of malware, especially zero-day attacks due to obfuscation and evasion techniques, as well as the diversity of malicious behavior caused by the rapid rate of new malware and malware variants being produced every day. Several review papers have explored the issues and challenges of malware detection from various viewpoints. However, there is a lack of a deep review article that associates each analysis and detection approach with the data type. Such an association is imperative for the research community as it helps to determine the suitable mitigation approach. In addition, the current survey articles stopped at a generic detection approach taxonomy. Moreover, some review papers presented the feature extraction methods as static, dynamic, and hybrid based on the utilized analysis approach and neglected the feature representation methods taxonomy, which is considered essential in developing the malware detection model. This survey bridges the gap by providing a comprehensive state-of-the-art review of malware detection model research. This survey introduces a feature representation taxonomy in addition to the deeper taxonomy of malware analysis and detection approaches and links each approach with the most commonly used data types. The feature extraction method is introduced according to the techniques used instead of the analysis approach. The survey ends with a discussion of the challenges and future research directions.
16
Samantray, Om Prakash, and Satya Narayan Tripathy. "An Opcode-Based Malware Detection Model Using Supervised Learning Algorithms." International Journal of Information Security and Privacy 15, no. 4 (October 2021): 18–30. http://dx.doi.org/10.4018/ijisp.2021100102.
Full textAbstract:
There are several malware detection techniques available that are based on a signature-based approach. This approach can detect known malware very effectively but sometimes may fail to detect unknown or zero-day attacks. In this article, the authors have proposed a malware detection model that uses operation codes of malicious and benign executables as the feature. The proposed model uses opcode extract and count (OPEC) algorithm to prepare the opcode feature vector for the experiment. Most relevant features are selected using extra tree classifier feature selection technique and then passed through several supervised learning algorithms like support vector machine, naive bayes, decision tree, random forest, logistic regression, and k-nearest neighbour to build classification models for malware detection. The proposed model has achieved a detection accuracy of 98.7%, which makes this model better than many of the similar works discussed in the literature.
17
Nkongolo, Mike, Jacobus Philippus van Deventer, and Sydney Mambwe Kasongo. "UGRansome1819: A Novel Dataset for Anomaly Detection and Zero-Day Threats." Information 12, no. 10 (September 30, 2021): 405. http://dx.doi.org/10.3390/info12100405.
Full textAbstract:
This research attempts to introduce the production methodology of an anomaly detection dataset using ten desirable requirements. Subsequently, the article presents the produced dataset named UGRansome, created with up-to-date and modern network traffic (netflow), which represents cyclostationary patterns of normal and abnormal classes of threatening behaviours. It was discovered that the timestamp of various network attacks is inferior to one minute and this feature pattern was used to record the time taken by the threat to infiltrate a network node. The main asset of the proposed dataset is its implication in the detection of zero-day attacks and anomalies that have not been explored before and cannot be recognised by known threats signatures. For instance, the UDP Scan attack has been found to utilise the lowest netflow in the corpus, while the Razy utilises the highest one. In turn, the EDA2 and Globe malware are the most abnormal zero-day threats in the proposed dataset. These feature patterns are included in the corpus, but derived from two well-known datasets, namely, UGR’16 and ransomware that include real-life instances. The former incorporates cyclostationary patterns while the latter includes ransomware features. The UGRansome dataset was tested with cross-validation and compared to the KDD99 and NSL-KDD datasets to assess the performance of Ensemble Learning algorithms. False alarms have been minimized with a null empirical error during the experiment, which demonstrates that implementing the Random Forest algorithm applied to UGRansome can facilitate accurate results to enhance zero-day threats detection. Additionally, most zero-day threats such as Razy, Globe, EDA2, and TowerWeb are recognised as advanced persistent threats that are cyclostationary in nature and it is predicted that they will be using spamming and phishing for intrusion. Lastly, achieving the UGRansome balance was found to be NP-Hard due to real life-threatening classes that do not have a uniform distribution in terms of several instances.
18
Sewak, Mohit, Sanjay K. Sahay, and Hemant Rathore. "DRLDO A Novel DRL based De obfuscation System for Defence Against Metamorphic Malware." Defence Science Journal 71, no. 1 (February 1, 2021): 55–65. http://dx.doi.org/10.14429/dsj.71.15780.
Full textAbstract:
In this paper, we propose a novel mechanism to normalise metamorphic and obfuscated malware down at the opcode level and hence create an advanced metamorphic malware de-obfuscation and defence system. We name this system as DRLDO, for deep reinforcement learning based de-obfuscator. With the inclusion of the DRLDO as a sub-component, an existing Intrusion Detection System could be augmented with defensive capabilities against ‘zero-day’ attack from obfuscated and metamorphic variants of existing malware. This gains importance, not only because there exists no system till date that use advance DRL to intelligently and automatically normalise obfuscation down even to the opcode level, but also because the DRLDO system does not mandate any changes to the existing IDS. The DRLDO system does not even mandate the IDS’ classifier to be retrained with any new dataset containing obfuscated samples. Hence DRLDO could be easily retrofitted into any existing IDS deployment. We designed, developed, and conducted experiments on the system to evaluate the same against multiple-simultaneous attacks from obfuscations generated from malware samples from a standardised dataset that contain multiple generations of malware. Experimental results prove that DRLDO was able to successfully make the otherwise undetectable obfuscated variants of the malware detectable by an existing pre-trained malware classifier. The detection probability was raised well above the cut-off mark to 0.6 for the classifier to detect the obfuscated malware unambiguously. Further, the de-obfuscated variants generated by DRLDO achieved a very high correlation (of ≈ 0.99) with the base malware. This observation validates that the DRLDO system is actually learning to de-obfuscate and not exploiting a trivial trick.
19
NAKAO, Koji, Daisuke INOUE, Masashi ETO, and Katsunari YOSHIOKA. "Practical Correlation Analysis between Scan and Malware Profiles against Zero-Day Attacks Based on Darknet Monitoring." IEICE Transactions on Information and Systems E92-D, no. 5 (2009): 787–98. http://dx.doi.org/10.1587/transinf.e92.d.787.
Full text
20
Čeponis, Dainius, and Nikolaj Goranin. "Evaluation of Deep Learning Methods Efficiency for Malicious and Benign System Calls Classification on the AWSCTD." Security and Communication Networks 2019 (November 11, 2019): 1–12. http://dx.doi.org/10.1155/2019/2317976.
Full textAbstract:
The increasing amount of malware and cyberattacks on a host level increases the need for a reliable anomaly-based host IDS (HIDS) that would be able to deal with zero-day attacks and would ensure low false alarm rate (FAR), which is critical for the detection of such activity. Deep learning methods such as convolutional neural networks (CNNs) and recurrent neural networks (RNNs) are considered to be highly suitable for solving data-driven security solutions. Therefore, it is necessary to perform the comparative analysis of such methods in order to evaluate their efficiency in attack classification as well as their ability to distinguish malicious and benign activity. In this article, we present the results achieved with the AWSCTD (attack-caused Windows OS system calls traces dataset), which can be considered as the most exhaustive set of host-level anomalies at the moment, including 112.56 million system calls from 12110 executable malware samples and 3145 benign software samples with 16.3 million system calls. The best results were obtained with CNNs with up to 90.0% accuracy for family classification and 95.0% accuracy for malicious/benign determination. RNNs demonstrated slightly inferior results. Furthermore, CNN tuning via an increase in the number of layers should make them practically applicable for host-level anomaly detection.
21
Hamad, Mohammad, Zain A. H. Hammadeh, Selma Saidi, and Vassilis Prevelakis. "Temporal-based intrusion detection for IoV." it - Information Technology 62, no. 5-6 (December 16, 2020): 227–39. http://dx.doi.org/10.1515/itit-2020-0009.
Full textAbstract:
AbstractThe Internet of Vehicle (IoV) is an extension of Vehicle-to-Vehicle (V2V) communication that can improve vehicles’ fully autonomous driving capabilities. However, these communications are vulnerable to many attacks. Therefore, it is critical to provide run-time mechanisms to detect malware and stop the attackers before they manage to gain a foothold in the system. Anomaly-based detection techniques are convenient and capable of detecting off-nominal behavior by the component caused by zero-day attacks. One significant critical aspect when using anomaly-based techniques is ensuring the correct definition of the observed component’s normal behavior. In this paper, we propose using the task’s temporal specification as a baseline to define its normal behavior and identify temporal thresholds that give the system the ability to predict malicious tasks. By applying our solution on one use-case, we got temporal thresholds 20–40 % less than the one usually used to alarm the system about security violations. Using our boundaries ensures the early detection of off-nominal temporal behavior and provides the system with a sufficient amount of time to initiate recovery actions.
22
Singh, Raman, Harish Kumar, Ravinder Kumar Singla, and Ramachandran Ramkumar Ketti. "Internet attacks and intrusion detection system." Online Information Review 41, no. 2 (April 10, 2017): 171–84. http://dx.doi.org/10.1108/oir-12-2015-0394.
Full textAbstract:
Purpose The paper addresses various cyber threats and their effects on the internet. A review of the literature on intrusion detection systems (IDSs) as a means of mitigating internet attacks is presented, and gaps in the research are identified. The purpose of this paper is to identify the limitations of the current research and presents future directions for intrusion/malware detection research. Design/methodology/approach The paper presents a review of the research literature on IDSs, prior to identifying research gaps and limitations and suggesting future directions. Findings The popularity of the internet makes it vulnerable against various cyber-attacks. Ongoing research on intrusion detection methods aims to overcome the limitations of earlier approaches to internet security. However, findings from the literature review indicate a number of different limitations of existing techniques: poor accuracy, high detection time, and low flexibility in detecting zero-day attacks. Originality/value This paper provides a review of major issues in intrusion detection approaches. On the basis of a systematic and detailed review of the literature, various research limitations are discovered. Clear and concise directions for future research are provided.
23
Park, Jong Hyuk. "Symmetry-Adapted Machine Learning for Information Security." Symmetry 12, no. 6 (June 22, 2020): 1044. http://dx.doi.org/10.3390/sym12061044.
Full textAbstract:
Nowadays, data security is becoming an emerging and challenging issue due to the growth in web-connected devices and significant data generation from information and communication technology (ICT) platforms. Many existing types of research from industries and academic fields have presented their methodologies for supporting defense against security threats. However, these existing approaches have failed to deal with security challenges in next-generation ICT systems due to the changing behaviors of security threats and zero-day attacks, including advanced persistent threat (APT), ransomware, and supply chain attacks. The symmetry-adapted machine-learning approach can support an effective way to deal with the dynamic nature of security attacks by the extraction and analysis of data to identify hidden patterns of data. It offers the identification of unknown and new attack patterns by extracting hidden data patterns in next-generation ICT systems. Therefore, we accepted twelve articles for this Special Issue that explore the deployment of symmetry-adapted machine learning for information security in various application areas. These areas include malware classification, intrusion detection systems, image watermarking, color image watermarking, battlefield target aggregation behavior recognition models, Internet Protocol (IP) cameras, Internet of Things (IoT) security, service function chains, indoor positioning systems, and cryptoanalysis.
24
Marhusin, Fadzli, and Christopher John Lokan. "A Preemptive Behaviour-based Malware Detection through Analysis of API Calls Sequence Inspired by Human Immune System." International Journal of Engineering & Technology 7, no. 4.15 (October 7, 2018): 113. http://dx.doi.org/10.14419/ijet.v7i4.15.21431.
Full textAbstract:
This study detects malware as it begins to execute and propose a data mining approach for malware detection using sequences of API calls in a Windows environment. We begin with some background of the study and the influence of Human Immune System in our detection mechanism, i.e. the Natural Killer (NK) and Suppressor (S) Cells. We apply the K = 10 crosses fold data validation against the dataset. We use the n-grams technique to form the data for the purpose of establishing the Knowledge Bases and for the detection stage. The detection algorithm integrates the NK and S to work in unison and statistically determine on whether a particular executable deemed as benign or malicious. The results show that we could preemptively detect malware and benign programs at the very early beginning of their execution upon inspecting the first few hundreds of the targeted API Calls. Depending on the speed of the processor and the ongoing running processes, this could just happen in a split of a second or a few. This research is as part of our initiative to build a behaviour based component of a cyber defence and this will enhance our readiness to combat zero-day attacks.
25
Li, Wei, Peng Liu, and Hao Chen. "Research and Implementation of Malicious Code Behavior Analysis." Applied Mechanics and Materials 182-183 (June 2012): 1938–42. http://dx.doi.org/10.4028/www.scientific.net/amm.182-183.1938.
Full textAbstract:
Along with the rapidly development of network technology, viruses, Trojans and other malicious code is updating unprecedented quickly, which constantly threatening the collective as well as the personal information safety.Analysis of malware based on the code behavioral characteristics aims at telling whether the code is malicious or not, which can effectively solve the problem caused by Zero-Day attacks that traditional anti-virus technology can hardly prevent. This paper studies how to monitor and record the API calling sequence when a program is running, and how to get the eigenvectors of behavior by means of analyzing the calling sequence of sensitive APIs, which makes the behavior of malicious code can be tracked, and providing supports and theoretical basis for addressing the potential threat of malicious code.
26
Umar, Rusydi, Imam Riadi, and Ridho Surya Kusuma. "Analysis of Conti Ransomware Attack on Computer Network with Live Forensic Method." IJID (International Journal on Informatics for Development) 10, no. 1 (June 30, 2021): 53–61. http://dx.doi.org/10.14421/ijid.2021.2423.
Full textAbstract:
Ransomware viruses have become a dangerous threat increasing rapidly in recent years. One of the variants is Conti ransomware that can spread infection and encrypt data simultaneously. Attacks become a severe threat and damage the system, namely by encrypting data on the victim's computer, spreading it to other computers on the same computer network, and demanding a ransom. The working principle of this Ransomware acts by utilizing Registry Query, which covers all forms of behavior in accessing, deleting, creating, manipulating data, and communicating with C2 (Command and Control) servers. This study analyzes the Conti virus attack through a network forensic process based on network behavior logs. The research process consists of three stages, the first stage is simulating attacks on the host computer, the second stage is carrying network forensics by using live forensics methods, and the third stage is analysing malware by using statistical and dynamic analysis. The results of this study provide forensic data and virus behavior when running on RAM and computer networks so that the data obtained makes it possible to identify ransomware traffic on the network and deal with zero-day, especially ransomware threats. It is possible to do so because the analysis is an initial step in generating virus signatures based on network indicators.
27
Khraisat, Ansam, Iqbal Gondal, Peter Vamplew, Joarder Kamruzzaman, and Ammar Alazab. "Hybrid Intrusion Detection System Based on the Stacking Ensemble of C5 Decision Tree Classifier and One Class Support Vector Machine." Electronics 9, no. 1 (January 17, 2020): 173. http://dx.doi.org/10.3390/electronics9010173.
Full textAbstract:
Cyberttacks are becoming increasingly sophisticated, necessitating the efficient intrusion detection mechanisms to monitor computer resources and generate reports on anomalous or suspicious activities. Many Intrusion Detection Systems (IDSs) use a single classifier for identifying intrusions. Single classifier IDSs are unable to achieve high accuracy and low false alarm rates due to polymorphic, metamorphic, and zero-day behaviors of malware. In this paper, a Hybrid IDS (HIDS) is proposed by combining the C5 decision tree classifier and One Class Support Vector Machine (OC-SVM). HIDS combines the strengths of SIDS) and Anomaly-based Intrusion Detection System (AIDS). The SIDS was developed based on the C5.0 Decision tree classifier and AIDS was developed based on the one-class Support Vector Machine (SVM). This framework aims to identify both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the benchmark datasets, namely, Network Security Laboratory-Knowledge Discovery in Databases (NSL-KDD) and Australian Defence Force Academy (ADFA) datasets. Studies show that the performance of HIDS is enhanced, compared to SIDS and AIDS in terms of detection rate and low false-alarm rates.
28
Demertzis, Konstantinos, Konstantinos Tsiknas, Dimitrios Takezis, Charalabos Skianis, and Lazaros Iliadis. "Darknet Traffic Big-Data Analysis and Network Management for Real-Time Automating of the Malicious Intent Detection Process by a Weight Agnostic Neural Networks Framework." Electronics 10, no. 7 (March 25, 2021): 781. http://dx.doi.org/10.3390/electronics10070781.
Full textAbstract:
Attackers are perpetually modifying their tactics to avoid detection and frequently leverage legitimate credentials with trusted tools already deployed in a network environment, making it difficult for organizations to proactively identify critical security risks. Network traffic analysis products have emerged in response to attackers’ relentless innovation, offering organizations a realistic path forward for combatting creative attackers. Additionally, thanks to the widespread adoption of cloud computing, Device Operators (DevOps) processes, and the Internet of Things (IoT), maintaining effective network visibility has become a highly complex and overwhelming process. What makes network traffic analysis technology particularly meaningful is its ability to combine its core capabilities to deliver malicious intent detection. In this paper, we propose a novel darknet traffic analysis and network management framework to real-time automating the malicious intent detection process, using a weight agnostic neural networks architecture. It is an effective and accurate computational intelligent forensics tool for network traffic analysis, the demystification of malware traffic, and encrypted traffic identification in real time. Based on a weight agnostic neural networks (WANNs) methodology, we propose an automated searching neural net architecture strategy that can perform various tasks such as identifying zero-day attacks. By automating the malicious intent detection process from the darknet, the advanced proposed solution is reducing the skills and effort barrier that prevents many organizations from effectively protecting their most critical assets.
29
Al-Rushdan, Huthifh, Mohammad Shurman, and Sharhabeel Alnabelsi. "On Detection and Prevention of Zero-Day Attack Using Cuckoo Sandbox in Software-Defined Networks." International Arab Journal of Information Technology 17, no. 4A (July 31, 2020): 662–70. http://dx.doi.org/10.34028/iajit/17/4a/11.
Full textAbstract:
Networks attacker may identify the network vulnerability within less than one day; this kind of attack is known as zero-day attack. This undiscovered vulnerability by vendors empowers the attacker to affect or damage the network operation, because vendors have less than one day to fix this new exposed vulnerability. The existing defense mechanisms against the zero-day attacks focus on the prevention effort, in which unknown or new vulnerabilities typically cannot be detected. To the best of our knowledge the protection mechanism against zero-day attack is not widely investigated for Software-Defined Networks (SDNs). Thus, in this work we are motivated to develop a new zero-day attack detection and prevention mechanism for SDNs by modifying Cuckoo sandbox tool. The mechanism is implemented and tested under UNIX system. The experiments results show that our proposed mechanism successfully stops the zero-day malwares by isolating the infected clients, in order to prevent the malwares from spreading to other clients. Moreover, results show the effectiveness of our mechanism in terms of detection accuracy and response time
30
Singh, Abhay Pratap. "A Study on Zero Day Malware Attack." IJARCCE 6, no. 1 (January 30, 2017): 391–92. http://dx.doi.org/10.17148/ijarcce.2017.6179.
Full text
31
Demertzis, Konstantinos, Panayiotis Kikiras, Nikos Tziritas, Salvador Sanchez, and Lazaros Iliadis. "The Next Generation Cognitive Security Operations Center: Network Flow Forensics Using Cybersecurity Intelligence." Big Data and Cognitive Computing 2, no. 4 (November 22, 2018): 35. http://dx.doi.org/10.3390/bdcc2040035.
Full textAbstract:
A Security Operations Center (SOC) can be defined as an organized and highly skilled team that uses advanced computer forensics tools to prevent, detect and respond to cybersecurity incidents of an organization. The fundamental aspects of an effective SOC is related to the ability to examine and analyze the vast number of data flows and to correlate several other types of events from a cybersecurity perception. The supervision and categorization of network flow is an essential process not only for the scheduling, management, and regulation of the network’s services, but also for attacks identification and for the consequent forensics’ investigations. A serious potential disadvantage of the traditional software solutions used today for computer network monitoring, and specifically for the instances of effective categorization of the encrypted or obfuscated network flow, which enforces the rebuilding of messages packets in sophisticated underlying protocols, is the requirements of computational resources. In addition, an additional significant inability of these software packages is they create high false positive rates because they are deprived of accurate predicting mechanisms. For all the reasons above, in most cases, the traditional software fails completely to recognize unidentified vulnerabilities and zero-day exploitations. This paper proposes a novel intelligence driven Network Flow Forensics Framework (NF3) which uses low utilization of computing power and resources, for the Next Generation Cognitive Computing SOC (NGC2SOC) that rely solely on advanced fully automated intelligence methods. It is an effective and accurate Ensemble Machine Learning forensics tool to Network Traffic Analysis, Demystification of Malware Traffic and Encrypted Traffic Identification.
32
Venkatraman, Sitalakshmi, and Mamoun Alazab. "Use of Data Visualisation for Zero-Day Malware Detection." Security and Communication Networks 2018 (December 2, 2018): 1–13. http://dx.doi.org/10.1155/2018/1728303.
Full textAbstract:
With the explosion of Internet of Things (IoT) worldwide, there is an increasing threat from malicious software (malware) attackers that calls for efficient monitoring of vulnerable systems. Large amounts of data collected from computer networks, servers, and mobile devices need to be analysed for malware proliferation. Effective analysis methods are needed to match with the scale and complexity of such a data-intensive environment. In today’s Big Data contexts, visualisation techniques can support malware analysts going through the time-consuming process of analysing suspicious activities thoroughly. This paper takes a step further in contributing to the evolving realm of visualisation techniques used in the information security field. The aim of the paper is twofold: (1) to provide a comprehensive overview of the existing visualisation techniques for detecting suspicious behaviour of systems and (2) to design a novel visualisation using similarity matrix method for establishing malware classification accurately. The prime motivation of our proposal is to identify obfuscated malware using visualisation of the extended x86 IA-32 (opcode) similarity patterns, which are hard to detect with the existing approaches. Our approach uses hybrid models wherein static and dynamic malware analysis techniques are combined effectively along with visualisation of similarity matrices in order to detect and classify zero-day malware efficiently. Overall, the high accuracy of classification achieved with our proposed method can be visually observed since different malware families exhibit significantly dissimilar behaviour patterns.
33
Mala, V., and K. Meena. "Hybrid classification model to detect advanced intrusions using data mining techniques." International Journal of Engineering & Technology 7, no. 2.4 (March 10, 2018): 10. http://dx.doi.org/10.14419/ijet.v7i2.4.10031.
Full textAbstract:
Traditional signature based approach fails in detecting advanced malwares like stuxnet, flame, duqu etc. Signature based comparison and correlation are not up to the mark in detecting such attacks. Hence, there is crucial to detect these kinds of attacks as early as possible. In this research, a novel data mining based approach were applied to detect such attacks. The main innovation lies on Misuse signature detection systems based on supervised learning algorithm. In learning phase, labeled examples of network packets systems calls are (gave) provided, on or after which algorithm can learn about the attack which is fast and reliable to known. In order to detect advanced attacks, unsupervised learning methodologies were employed to detect the presence of zero day/ new attacks. The main objective is to review, different intruder detection methods. To study the role of Data Mining techniques used in intruder detection system. Hybrid –classification model is utilized to detect advanced attacks.
34
Verma, Sushma, and S. K. Muttoo. "An Android Malware Detection Framework-based on Permissions and Intents." Defence Science Journal 66, no. 6 (October 31, 2016): 618. http://dx.doi.org/10.14429/dsj.66.10803.
Full textAbstract:
With an exponential growth in smartphone applications targeting useful services such as banks, healthcare, m-commerce, security has become a primary concern. The applications downloaded from unofficial sources pose a security threat as they lack mechanisms for validation of the applications. The malware infected applications may lead to several threats such as leaking user’s private information, enforcing malicious deductions for sending premium SMS, getting root privilege of the android system and so on. Existing anti-viruses depend on signature databases that need to be updated from time to time and are unable to detect zero-day malware. The Android Operating system allows inter-application communication through the use of component reuse by using intents. Unfortunately, message passing is also an application attack surface. A hybrid method for android malware detection by analysing the permissions and intent-filters of the manifest files of the applications is presented. A malware detection framework is developed based on machine learning algorithms and on the basis of the decision tree obtained from ID3 and J48 classifiers available in WEKA. Both algorithms gave same results with an error percentage of 6 per cent. The system improves detection of zero day malware.
35
Alshamrani, Sultan S. "Design and Analysis of Machine Learning Based Technique for Malware Identification and Classification of Portable Document Format Files." Security and Communication Networks 2022 (September 21, 2022): 1–10. http://dx.doi.org/10.1155/2022/7611741.
Full textAbstract:
Modern day antivirus software, which is available commercially, is incapable of providing the protection from the malicious portable document format (PDF) files and thus considered as a threat to system security. In order to mitigate the same to some extent, a new PDF malware classification system based on machine learning (ML) is introduced in this paper. The novelty of this system is that it will be inspecting the given PDF file both statistically and dynamically, which in turn will increase the accuracy of finding the correct nature of the document. This method is nonsignature-based and hence can possibly distinguish obscure and zero-day malware. The experiment is carried out for this system by deploying five different classifier algorithms to find out the best fit for the system. The best fit approach is analyzed by calculating the true positive rate (TPR), precision, false positive rate (FPR), false negative rate (FNR), and F1-score for each of these classifier algorithms. Comparison of this work is carried out with previously existing PDF classification systems. A malicious attack on to the proposed system is also implemented, which will in turn obfuscate the malicious code inside the PDF file by making it hidden during the parsing phase by the PDF parser. It has been inferred that the proposed approach achieved F1-measure of 0.986 by using the random forest (RF) classifier in comparison to state-of-the-art where F1-measure was 0.978. Thus, our approach is quite effective in the identification of the malwares when embedded in the PDF file in comparison to the existing systems.
36
Feng, Bo, Qiang Li, Yuede Ji, Dong Guo, and Xiangyu Meng. "Stopping the Cyberattack in the Early Stage: Assessing the Security Risks of Social Network Users." Security and Communication Networks 2019 (July 11, 2019): 1–14. http://dx.doi.org/10.1155/2019/3053418.
Full textAbstract:
Online social networks have become an essential part of our daily life. While we are enjoying the benefits from the social networks, we are inevitably exposed to the security threats, especially the serious Advanced Persistent Threat (APT) attack. The attackers can launch targeted cyberattacks on a user by analyzing its personal information and social behaviors. Due to the wide variety of social engineering techniques and undetectable zero-day exploits being used by attackers, the detection techniques of intrusion are increasingly difficult. Motivated by the fact that the attackers usually penetrate the social network to either propagate malwares or collect sensitive information, we propose a method to assess the security risk of the user being attacked so that we can take defensive measures such as security education, training, and awareness before users are attacked. In this paper, we propose a novel user analysis model to find potential victims by analyzing a large number of users’ personal information and social behaviors in social networks. For each user, we extract three kinds of features, i.e., statistical features, social-graph features, and semantic features. These features will become the input of our user analysis model, and the security risk score will be calculated. The users with high security risk score will be alarmed so that the risk of being attacked can be reduced. We have implemented an effective user analysis model and evaluated it on a real-world dataset collected from a social network, namely, Sina Weibo (Weibo). The results show that our model can effectively assess the risk of users’ activities in social networks with a high area under the ROC curve of 0.9607.
37
Selján, Gábor. "The Remarkable 10th Anniversary of Stuxnet." Academic and Applied Research in Military and Public 19, no. 3 (2020): 85–98. http://dx.doi.org/10.32565/aarms.2020.3.6.
Full textAbstract:
It has been ten years since Stuxnet, a highly sophisticated malware that was originally aimed at Iran’s nuclear facilities, was uncovered in 2010. Stuxnet is considered to be the first cyber weapon, used by a nation state threat actor in a politically motivated cyberattack. It has significantly changed the cybersecurity landscape, since it was the first publicly known malware that could cause physical damage to real processes or equipment. Its complexity and level of sophistication, due to the exploitation of four different zero-day vulnerabilities in Windows and the usage of two stolen certificates, has triggered a paradigm shift in the cybersecurity industry. The recently uncovered cyber espionage campaign known as SolarStorm is a worthy anniversary celebration for Stuxnet. Especially because now the tables have turned. This campaign targeted the United States Government and its interests with a highly sophisticated supply chain attack through the exploitation of the SolarWinds Orion Platform used by thousands of public and private sector customers for infrastructure monitoring and management. In this article, I attempt to summarise the key points about the malware deployed in the SolarStorm campaign that can be drawn from reports available at the time of the writing.
38
"Leveraging Machine Learning Algorithms For Zero-Day Ransomware Attack." International Journal of Engineering and Advanced Technology 8, no. 6 (August 30, 2019): 4104–7. http://dx.doi.org/10.35940/ijeat.f8694.088619.
Full textAbstract:
Current global huge cyber protection attacks resulting from Infected Encryption ransomware structures over all international locations and businesses with millions of greenbacks lost in paying compulsion abundance. This type of malware encrypts consumer files, extracts consumer files, and charges higher ransoms to be paid for decryption of keys. An attacker could use different types of ransomware approach to steal a victim's files. Some of ransomware attacks like Scareware, Mobile ransomware, WannaCry, CryptoLocker, Zero-Day ransomware attack etc. A zero-day vulnerability is a software program security flaw this is regarded to the software seller however doesn’t have patch in vicinity to restore a flaw. Despite the fact that machine learning algorithms are already used to find encryption Ransomware. This is based on the analysis of a large number of PE file data Samples (benign software and ransomware utility) makes use of supervised machine learning algorithms for ascertain Zero-day attacks. This work was done on a Microsoft Windows operating system (the most attacked os through encryption ransomware) and estimated it. We have used four Supervised learning Algorithms, Random Forest Classifier , K-Nearest Neighbor, Support Vector Machine and Logistic Regression. Tests using machine learning algorithms evaluate almost null false positives with a 99.5% accuracy with a random forest algorithm.
39
Ben abdel ouahab, Ikram, Mohammed Bouhorma, Lotfi El Aachak, and Anouar Abdelhakim Boudhir. "Towards a new Cyberdefense generation: Proposition of an Intelligent Cybersecurity Framework for malware attacks." Recent Advances in Computer Science and Communications 13 (November 17, 2020). http://dx.doi.org/10.2174/2666255813999201117093512.
Full textAbstract:
Objective: Newborn malware increase significantly in recent years, becoming more dangerous for many applications. So, researchers are focusing more on solutions that serve the defense of new malwares trends and variance, especially zero-day malware attacks. The prime goal of our proposition is to reach a high security level by defending against malware attacks effectively using advanced techniques. Methods: In this paper, we propose an Intelligent Cybersecurity Framework specialized on malware attacks in a layered architecture. After receiving the unknown malware, the Framework Core layer use malware visualization technique to process unknown samples of the malicious software. Then, we classify malware samples into their families using: K-Nearest Neighbor, Decision Tree and Random Forest algorithms. Classification results are given in the last layer, and based on a Malware Behavior Database we are able to warn users by giving them a detail report on the malicious behavior of the given malware family. The proposed Intelligent Cybersecurity Framework is implemented in a graphic user interface easy to use. Results: Comparing machine learning classifiers, Random Forest algorithm gives best results in the classification task with a precision of 97,6%. Conclusion: However, we need to take into account results of the other classifiers for more reliability. Finally, obtained results are as efficient as fast that meets cybersecurity frameworks general requirements.
40
"Improving Malware Detection Classification Accuracy with Feature Selection Methods and Ensemble-based Machine Learning Methods." International Journal of Innovative Technology and Exploring Engineering 9, no. 2 (December 10, 2019): 2055–59. http://dx.doi.org/10.35940/ijitee.b8009.129219.
Full textAbstract:
Malware is evolving serious threats to internet security. The classification of malware is extremely crucial in recent days. The traditional models are failed to achieve to get effective accuracy rate and the machine learning models are the basic models that accomplish the task of classification in a certain way, but in recent decades malware attacks are very drastic and difficult to achieve zero-day attacks. To compete with new malware, ensemble methods are highly effective and give better results of accuracy. In this paper, we propose a framework that combines the exploit of both feature selection methods and ensemble learning classifiers and gives better results of classification. In the experimental results, we prove that this combination of methods gives better classification with high accuracy of 100% with the Random Forest ensemble classifier
41
Reddy, K. Nagi, Neha Hasan, Bashar Abdullah, Mohd Mustaqeem, and Tabassum Ara. "intelligent robust malware detection by implementing deep learning." International journal of health sciences, June 27, 2022, 2835–43. http://dx.doi.org/10.53730/ijhs.v6ns6.9818.
Full textAbstract:
Malicious software (ransom ware) cyber attacks in frequency and severity, posing an increasingly serious threat to computer systems everywhere. Malware detection is a hot study area as several multiple computers, organisations, and governments have been affected by an exponential rise in malware attacks. Dynamic and static assessment of malicious characteristics and behaviour patterns is time expensive and useless in real-time malware detection, according to current technologies. It is becoming increasingly common for malicious apps to use polymorphic and adaptive techniques to rapidly modify their behaviour and develop a number of new malicious apps. In order to undertake an effective malware analysis, machine learning techniques (MLAs) are increasingly being used to create new malware varieties. This approach is time-consuming since it requires considerable feature engineering, learning and representation of features. Moreover the feature extraction process could be effectively eliminated by using advanced MLAs like deep learning. These methods have been shown to perform better with a biased training dataset, which restricts their practical application in real-time scenarios. A new improved approach for successful zero-day malware detection must be developed in order to eliminate biases and analyze these approaches autonomously.
42
"A New Hybrid Strategy for Malware Detection Classification with Multiple Feature Selection Methods and Ensemble Learning Methods." International Journal of Engineering and Advanced Technology 9, no. 2 (December 30, 2019): 4013–18. http://dx.doi.org/10.35940/ijeat.b4666.129219.
Full textAbstract:
A dramatic increase in malware in our day-to-day life causes a noteworthy problem in cyber security. The traditional approaches and signature-based models are not sufficient to defense with the new malware. To achieve zero-day attacks of malware, these approaches are not much competent to face new malware. To enhance the compete for the mechanism of classifying new malware the machine learning approaches are highly effective. To classify new malware with the high dimensionality of data leads to reduce the quality of output and low-performance results. In this paper, we propose a new hybrid strategy that combines the power of feature selection methods along with ensemble learning methods to improve accuracy for high dimensionality of data. This hybrid approach having three stages, preprocessing, feature selection and classification. Three different types of feature selection methods: ExtraTreesClassifier, Percentile and KBest feature selection methods are used to select the best features (dimensionality reduction) and four ensemble classifiers: AdaBoost, Gradient Boosting, Random Forest and Bagging are used for classification. The accuracy of ensemble classifiers are increased with this hybrid model and produces better results of classification with 91.50% accuracy. For dealing with the high dimensionality of data this hybrid approach is very effective and gives better results
43
Celdrán, Alberto Huertas, Pedro Miguel Sánchez Sánchez, Miguel Azorín Castillo, Gérôme Bovet, Gregorio Martínez Pérez, and Burkhard Stiller. "Intelligent and behavioral-based detection of malware in IoT spectrum sensors." International Journal of Information Security, July 29, 2022. http://dx.doi.org/10.1007/s10207-022-00602-w.
Full textAbstract:
AbstractThe number of Cyber-Physical Systems (CPS) available in industrial environments is growing mainly due to the evolution of the Internet-of-Things (IoT) paradigm. In such a context, radio frequency spectrum sensing in industrial scenarios is one of the most interesting applications of CPS due to the scarcity of the spectrum. Despite the benefits of operational platforms, IoT spectrum sensors are vulnerable to heterogeneous malware. The usage of behavioral fingerprinting and machine learning has shown merit in detecting cyberattacks. Still, there exist challenges in terms of (i) designing, deploying, and evaluating ML-based fingerprinting solutions able to detect malware attacks affecting real IoT spectrum sensors, (ii) analyzing the suitability of kernel events to create stable and precise fingerprints of spectrum sensors, and (iii) detecting recent malware samples affecting real IoT spectrum sensors of crowdsensing platforms. Thus, this work presents a detection framework that applies device behavioral fingerprinting and machine learning to detect anomalies and classify different botnets, rootkits, backdoors, ransomware and cryptojackers affecting real IoT spectrum sensors. Kernel events from CPU, memory, network, file system, scheduler, drivers, and random number generation have been analyzed, selected, and monitored to create device behavioral fingerprints. During testing, an IoT spectrum sensor of the ElectroSense platform has been infected with ten recent malware samples (two botnets, three rootkits, three backdoors, one ransomware, and one cryptojacker) to measure the detection performance of the framework in two different network configurations. Both supervised and semi-supervised approaches provided promising results when detecting and classifying malicious behaviors from the eight previous malware and seven normal behaviors. In particular, the framework obtained 0.88–0.90 true positive rate when detecting the previous malicious behaviors as unseen or zero-day attacks and 0.94–0.96 F1-score when classifying them.
44
"Machine Learning and Data Mining Methods for Cyber Security: A Survey." Mesopotamian Journal of Cyber Security, November 25, 2022, 47–56. http://dx.doi.org/10.58496/mjcs/2022/006.
Full textAbstract:
Data mining and machine learning (ML) methods are used more than ever in cyber security. The use of machine learning (ML) is one of the potential solutions that may be successful against zero-day attacks, starting with categorising IP traffic and filtering harmful traffic for intrusion detection. In this field, certain published systematic reviews were taken into consideration. Recent systematic reviews may incorporate older and more recent works in the topic of investigation.. Both security professionals and hackers use data mining capabilities. Applications for data mining may be used to analyze programme activity, surfing patterns, and other factors to identify potential cyber-attacks in the future. The new study uses statistical traffic features, ML, and data mining approaches. This research performs a concentrated literature review on machine learning and its usage in cyber analytics for email filtering, traffic categorization, and intrusion detection. Each approach was identified, and a summary was provided based on the relevancy and quantity of citations. Some well-known datasets are also discussed since they are a crucial component of ML techniques. On when to utilize a certain algorithm is also offered some advice. Four ML algorithms have been evaluated on MODBUS data gathered from a gas pipeline. Using ML algorithms, other assaults have been categorized, and then the effectiveness of each approach has been evaluated. This study demonstrates the use of ML and data mining for threat research and detection, focusing on malware detection with high accuracy and short detection times.
45
Nirmala, Baby, Raed Abueid, and Munef Abdullah Ahmed. "Big Data Distributed Support Vector Machine." Mesopotamian Journal of Big Data, February 22, 2022, 12–22. http://dx.doi.org/10.58496/mjbd/2022/002.
Full textAbstract:
Data mining and machine learning (ML) methods are being used more than ever before in cyber security. The use of machine learning (ML) is one of the potential solutions that may be successful against zero day attacks, starting with the categorization of IP traffic and filtering harmful traffic for intrusion detection. In this field, certain published systematic reviews were taken into consideration. Contemporary systematic reviews may incorporate both older and more recent works in the topic of investigation. All of the papers we looked at were thus recent. Data from 2016 to 2021 were utilized in the study. Both security professionals and hackers use data mining capabilities. Applications for data mining may be used to analyze programme activity, surfing patterns, and other factors to identify potential cyber-attacks in the future. Utilizing statistical traffic features, ML, and data mining approaches, new study is being conducted. This research conducts a concentrated literature review on machine learning and its usage in cyber analytics for email filtering, traffic categorization, and intrusion detection. Each approach was identified and a summary provided based on the relevancy and quantity of citations. Some well-known datasets are also discussed since they are a crucial component of ML techniques. On when to utilize a certain algorithm is also offered some advice. On MODBUS data gathered from a gas pipeline, four ML algorithms have been evaluated. Using ML algorithms, different assaults have been categorized, and then the effectiveness of each approach has been evaluated. This study demonstrates the use of ML and data mining for threat research and detection, with a focus on malware detection with high accuracy and short detection times.
46
Park, Sunoo, Michael Specter, Neha Narula, and Ronald L. Rivest. "Going from bad to worse: from Internet voting to blockchain voting." Journal of Cybersecurity 7, no. 1 (January 1, 2021). http://dx.doi.org/10.1093/cybsec/tyaa025.
Full textAbstract:
Abstract Voters are understandably concerned about election security. News reports of possible election interference by foreign powers, of unauthorized voting, of voter disenfranchisement, and of technological failures call into question the integrity of elections worldwide. This article examines the suggestions that “voting over the Internet” or “voting on the blockchain” would increase election security, and finds such claims to be wanting and misleading. While current election systems are far from perfect, Internet- and blockchain-based voting would greatly increase the risk of undetectable, nation-scale election failures. Online voting may seem appealing: voting from a computer or smartphone may seem convenient and accessible. However, studies have been inconclusive, showing that online voting may have little to no effect on turnout in practice, and it may even increase disenfranchisement. More importantly, given the current state of computer security, any turnout increase derived from Internet- or blockchain-based voting would come at the cost of losing meaningful assurance that votes have been counted as they were cast, and not undetectably altered or discarded. This state of affairs will continue as long as standard tactics such as malware, zero day, and denial-of-service attacks continue to be effective. This article analyzes and systematizes prior research on the security risks of online and electronic voting, and shows that not only do these risks persist in blockchain-based voting systems, but blockchains may introduce ‘additional’ problems for voting systems. Finally, we suggest questions for critically assessing security risks of new voting system proposals.