Search Results (60)

Android’s open-source nature, combined with its large market share, has made it a primary target for malware developers. Consequently, there is a dramatic need for effective Android malware detection methods. This paper suggests a novel fuzzy rank-based fusion approach for Android malware detection (ANDFRF). The suggested ANDFRF primarily consists of two steps: in the first step, five machine learning algorithms, comprising K-Nearest Neighbor (KNN), Support Vector Machine (SVM), Logistic Regression (LR), XGbooost (XGB) and Light Gradient Boosting Machine (LightGBM), were utilized as base classifiers for the initial identification of Android Apps either as goodware or malware apps. Second, the fuzzy rank-based fusion approach was employed to adaptively integrate the classification results obtained from the base machine learning algorithms. By leveraging rankings instead of explicit class labels, the proposed ANDFRF method reduces the impact of anomalies and noisy predictions, leading to more accurate ensemble outcomes. Furthermore, the rankings reflect the relative importance or acceptance of each class across multiple classifiers, providing deeper insights into the ensemble’s decision-making process. The proposed framework was validated on two publicly accessible datasets, CICAndMal2020 and DREBIN, with a 5-fold cross-validation technique. The proposed ensemble framework achieves a classification accuracy of 95.51% and an AUC of 95.40% on the DREBIN dataset. On the CICAndMal2020 LBC dataset, it attains an accuracy of 95.31% and an AUC of 95.30%. Experimental results demonstrate that the proposed scheme is both efficient and effective for Android malware detection. Full article

Android malware detection remains a critical issue for mobile security. Cybercriminals target Android since it is the most popular smartphone operating system (OS). Malware detection, analysis, and classification have become diverse research areas. This paper presents a smart sensing model based on large language models (LLMs) for developing and classifying network traffic-based Android malware. The network traffic that constantly connects Android apps may contain harmful components that may damage these apps. However, one of the main challenges in developing smart sensing systems for malware analysis is the scarcity of traffic data due to privacy concerns. To overcome this, a two-step smart sensing model Syn-detect is proposed. The first step involves generating synthetic TCP malware traffic data with malicious content using GPT-2. These data are then preprocessed and used in the second step, which focuses on malware classification. This phase leverages a fine-tuned LLM, Bidirectional Encoder Representations from Transformers (BERT), with classification layers. BERT is responsible for tokenization, generating word embeddings, and classifying malware. The Syn-detect model was tested on two Android malware datasets: CIC-AndMal2017 and CIC-AAGM2017. The model achieved an accuracy of 99.8% on CIC-AndMal2017 and 99.3% on CIC-AAGM2017. The Matthew’s Correlation Coefficient (MCC) values for the predictions were 99% for CIC-AndMal2017 and 98% for CIC-AAGM2017. These results demonstrate the strong performance of the Syn-detect smart sensing model. Compared to the latest research in Android malware classification, the model outperformed other approaches, delivering promising results. Full article

Smartphones are intricately connected to the modern society. The two widely used mobile phone operating systems, iOS and Android, profoundly affect the lives of millions of people. Android presently holds a market share of close to 71% among these two. As a result, if personal information is not securely protected, it is at tremendous risk. On the other hand, mobile malware has seen a year-on-year increase of more than 42% globally in 2022 mid-year. Any group of human professionals would have a very tough time detecting and removing all of this malware. For this reason, deep learning in particular has been used recently to overcome this problem. Deep learning models, however, were primarily created for picture analysis. Despite the fact that these models have shown promising findings in the field of vision, it has been challenging to fully comprehend what the characteristics recovered by deep learning models are in the area of malware. Furthermore, the actual potential of deep learning for malware analysis has not yet been fully realized due to the translation invariance trait of well-known models based on CNN. In this paper, we present ViTDroid, a novel model based on vision transformers for the deep learning-based analysis of opcode sequences of Android malware samples from large real-world datasets. We have been able to achieve a false positive rate of 0.0019 as compared to the previous best of 0.0021. However, this incremental improvement is not the major contribution of our work. Our model aims to make explainable predictions, i.e., it not only performs the classification of malware with high accuracy, but it also provides insights into the reasons for this classification. The model is able to pinpoint the malicious behavior-causing instructions in the malware samples. This means that our model can actually aid in the field of malware analysis itself by providing insights to human experts, thus leading to further improvements in this field. Full article

Industrial control systems (ICSs) are critical components automating the processes and operations of electromechanical systems. These systems are vulnerable to cyberattacks and can be the targets of malicious activities. With increased internet connectivity and integration with the Internet of Things (IoT), ICSs become more vulnerable to cyberattacks, which can have serious consequences, such as service interruption, financial losses, and security hazards. Threat actors target these systems with sophisticated attacks that can cause devastating damage. Cybersecurity vulnerabilities in ICSs have recently led to increasing cyberattacks and malware exploits. Hence, this paper proposes to develop a security solution with dynamic and adaptive deceptive patching strategies based on studies on the use of deceptive patches against attackers in industrial control systems. Within the present study’s scope, brief information on the adversarial training method and window size manipulation will be presented. It will emphasize how these methods can be integrated into industrial control systems and how they can increase cybersecurity by combining them with deceptive patch solutions. The discussed techniques represent an approach to improving the network and system security by making it more challenging for attackers to predict their targets and attack methods. The acquired results demonstrate that the suggested hybrid method improves the application of deception to software patching prediction, reflecting enhanced patch security. Full article

The key point in the process of agent-based management in e-service for malware detection (according to accuracy criteria) is a decision-making process. To determine the optimal e-service for malware detection, two concepts were investigated: Fuzzy Logic (FL) and Probabilistic Neural Networks (PNN). In this study, three evolutionary variants of fuzzy partitioning, including regular, hierarchical fuzzy partitioning, and k-means, were used to automatically process the design of the fuzzy partition. Also, this study demonstrates the application of a feature selection method to reduce the dimensionality of the data by removing irrelevant features to create fuzzy logic in a dataset. The behaviors of malware are analyzed by fuzzifying relevant features for pattern recognition. The Apriori algorithm was applied to the fuzzified features to find the fuzzy-based rules, and these rules were used for predicting the output of malware detection e-services. Probabilistic neural networks were also used to find the ideal agent-based model for numerous classification problems. The numerical results show that the agent-based management performances trained with the clustering method achieve an accuracy of 100% with the PNN-MCD model. This is followed by the FL model, which classifies on the basis of linguistic variables and achieves an average accuracy of 82%. Full article

Reports produced by popular malware analysis services showed a disparity in samples available for different malware families. The unequal distribution between such classes can be attributed to several factors, such as technological advances and the application domain that seeks to infect a computer virus. Recent studies have demonstrated the effectiveness of deep learning (DL) algorithms when learning multi-class classification tasks using imbalanced datasets. This can be achieved by updating the learning function such that correct and incorrect predictions performed on the minority class are more rewarded or penalized, respectively. This procedure can be logically implemented by leveraging the deep reinforcement learning (DRL) paradigm through a proper formulation of the Markov decision process (MDP). This paper proposes SINNER, i.e., a DRL-based multi-class classifier that approaches the data imbalance problem at the algorithmic level by exploiting a redesigned reward function, which modifies the traditional MDP model used to learn this task. Based on the experimental results, the proposed formula appears to be successful. In addition, SINNER has been compared to several DL-based models that can handle class skew without relying on data-level techniques. Using three out of four datasets sourced from the existing literature, the proposed model achieved state-of-the-art classification performance. Full article

For malicious purposes, attackers hide malware in the software used by their victims. New malware is continuously being shared on the Internet, which differs both in terms of the type of malware and method of damage. When new malware is discovered, it is possible to check whether there has been similar malware in the past and to use the old malware to counteract the new malware; however, it is difficult to check the maliciousness and similarity of all software. Thus, deep learning technology can be used to efficiently detect and classify malware. This study improves this technology’s accuracy by converting static features, which are binary data, into images and by converting time-series data, such as API call sequences, which are dynamic data with different lengths for each datum, into data with fixed lengths. We propose a system that combines AI-based malware detection and classification systems trained on both static and dynamic features. The experimental results showed a detection accuracy of 99.34%, a classification accuracy of 95.1%, and a prediction speed of approximately 0.1 s. Full article

Cybercrime threat intelligence enables proactive measures against threat actors and informed, data-driven security decisions. This study proposes a practical implementation of cybercrime threat intelligence in the Arab world by integrating Indicators of Compromise and collecting security alerts from honeypot systems and open-source intelligence. The data collected are stored on the Malware Information Sharing Platform, an open-source platform used to create and share Indicators of Compromise. This study highlights the intuitive interface of the Malware Information Sharing Platform for data analysis, threat identification, and the correlation of Indicators of Compromise. In addition, machine learning techniques are applied to improve predictive accuracy and identify patterns in the data. The decision tree classifier achieves a high accuracy of 99.79%, and the results reveal significant potential cyber-threats, demonstrating the effectiveness of the platform in providing actionable information to prevent, detect, and respond to cybercrime. This approach aims to improve the security posture of the Arab region. Full article

The advent of the Internet of Things brought a new age of interconnected device functionality, ranging from personal devices and smart houses to industrial control systems. However, increased security risks have emerged in its wake, in particular self-replicating malware that exploits weak device security. Studies modeling malware epidemics aim to predict malware behavior in essential ways, usually assuming a number of simplifications, but they invariably simplify the single most important subdynamics of malware: random propagation. In our previous work, we derived and presented the first exact mathematical model of random propagation, defined as the subdynamics of propagation of a malware model. The propagation dynamics were derived for the SIS model in discrete form. In this work, we generalize the methodology of derivation and extend it to any Markov chain model of malware based on random propagation. We also propose a second method of derivation based on modifying the simplest form of the model and adjusting it for more complex models. We validated the two methodologies on three malware models, using simulations to confirm the exactness of the propagation dynamics. Stochastic errors of less than 0.2% were found in all simulations. In comparison, the standard nonlinear model of propagation (present in ∼95% of studies) has an average error of 5% and a maximum of 9.88% against simulations. Moreover, our model has a low mathematical trade-off of only two additional operations, being a proper substitute to the standard literature model whenever the dynamical equations are solved numerically. Full article

The widespread integration of smartphones into modern society has profoundly impacted various aspects of our lives, revolutionizing communication, work, entertainment, and access to information. Among the diverse range of smartphones available, those operating on the Android platform dominate the market as the most widely adopted type. With a commanding 70% share in the global mobile operating systems market, the Android OS has played a pivotal role in the surge of malware attacks targeting the Android ecosystem in recent years. This underscores the pressing need for innovative methods to detect Android malware. In this context, our study pioneers the application of rough set theory in Android malware detection. Adopting rough set theory offers distinct advantages, including its ability to effectively select attributes and handle qualitative and quantitative features. We utilize permissions, API calls, system commands, and opcodes in conjunction with rough set theory concepts to facilitate the identification of Android malware. By leveraging a Discernibility Matrix, we assign ranks to these diverse features and subsequently calculate their reducts–streamlined subsets of attributes that enhance overall detection effectiveness while minimizing complexity. Our approach encompasses deploying various Machine Learning (ML) algorithms, such as Support Vector Machines (SVM), K-Nearest Neighbor, Random Forest, and Logistic Regression, for malware detection. The results of our experiments demonstrate an impressive overall accuracy of 97%, surpassing numerous state-of-the-art detection techniques proposed in existing literature. Full article

Machine learning (ML) has found widespread application in various domains. Additionally, ML-based techniques have been employed to address security issues in technology, with numerous studies showcasing their potential and effectiveness in tackling security problems. Over the years, ML methods for identifying malicious software have been developed across various security domains. However, recent research has highlighted the susceptibility of ML models to small input perturbations, known as adversarial examples, which can significantly alter model predictions. While prior studies on adversarial examples primarily focused on ML models for image processing, they have progressively extended to other applications, including security. Interestingly, adversarial attacks have proven to be particularly effective in the realm of malware classification. This study aims to explore the transparency of malware classification and develop an explanation method for malware classifiers. The challenge at hand is more complex than those associated with explainable AI for homogeneous data due to the intricate data structure of malware compared to traditional image datasets. The research revealed that existing explanations fall short in interpreting heterogeneous data. Our employed methods demonstrated that current malware detectors, despite high classification accuracy, may provide a misleading sense of security and measuring classification accuracy is insufficient for validating detectors. Full article

Most research on malware focuses mainly on its detection, without paying attention to its propagation trends. However, modeling the spread of malware is an important research problem because it allows us to predict how malware will evolve and to take steps to prevent its propagation, hence the interest in analyzing this spread from a statistical point of view. This work proposes a malware propagation prediction methodology based on multivariate statistical techniques such as HJ-Biplot in combination with closed queuing networks. Datasets generated using individual-based SIRS models are used to validate the proposed methodology, although any other model could have been chosen to test its validity. Experimental results show that the proposed model can effectively predict and classify malware and discover the influence of different model parameters on the malware propagation situation. Full article

The rapid advancement of technology has led to the pervasive presence of electronic devices in our lives, enabling convenience and connectivity. Cryptography offers solutions, but vulnerabilities persist due to physical attacks like malware. This led to the emergence of Physical Unclonable Functions (PUFs). PUFs leverage the inherent disorder in physical systems to generate unique responses to challenges. Strong PUFs, susceptible to modeling attacks, can be predicted by malicious parties using machine learning and algebraic techniques. Weak PUFs, with minimal challenges, face similar threats if built upon strong PUFs. Despite some weaknesses, PUFs serve as security components in various protocols. Modeling attacks’ success depends on suitable models and machine learning algorithms. Logistic Regression and Random Forest Classifier are potent in this context. Deep learning techniques, including Convolutional Neural Networks (CNNs) and Artificial Neural Networks (ANNs), exhibit promise, particularly in one-dimensional data scenarios. Experimental results indicate CNN’s superiority, achieving precision, recall, and accuracy exceeding 90%, demonstrating its effectiveness in breaking PUF security. This signifies the potential of deep learning techniques in breaking PUF security. In conclusion, this paper highlights the urgent need for improved security measures in the face of evolving technology. It proposes the utilization of deep learning techniques, particularly CNNs, to strengthen the security of PUFs against modeling attacks. The presented findings underscore the critical importance of reevaluating PUF security protocols in the era of ever-advancing technological threats. Full article

Android OS devices are the most widely used mobile devices globally. The open-source nature and less restricted nature of the Android application store welcome malicious apps, which present risks for such devices. It is found in the security department report that static features such as Android permissions, manifest files, and API calls could significantly reduce malware app attacks on Android devices. Therefore, an automated method for malware detection should be installed on Android devices to detect malicious apps. These automated malware detection methods are developed using machine learning methods. Previously, many studies on Android OS malware detection using different feature selection approaches have been proposed, indicating that feature selection is a widely used concept in Android malware detection. The feature dependency and the correlation of the features enable the malicious behavior of an app to be detected. However, more robust feature selection using automated methods is still needed to improve Android malware detection methods. Therefore, this study proposed an automated ANN-method-based Android malware detection method. To validate the proposed method, two public datasets were used in this study, namely the CICInvestAndMal2019 and Drebin/AMD datasets. Both datasets were preprocessed via their static features to normalize the features as binary values. Binary values indicate that certain permissions in any app are enabled (1) or disabled (0). The transformed feature sets were given to the ANN classifier, and two main experiments were conducted. In Experiment 1, the ANN classifier used a simple input layer, whereas a five-fold cross-validation method was applied for validation. In Experiment 2, the proposed ANN classifier used a proposed feature selection layer. It includes selected features only based on correlation or dependency with respect to benign or malware apps. The proposed ANN-method-based results are significant, improved, and robust and were better than those presented in previous studies. The overall results of using the five-fold method on the CICInvestAndMal2019 dataset were a 95.30% accuracy, 96% precision, 98% precision, and 92% F1-score. Likewise, on the AMD/Drebin dataset, the overall scores were a 99.60% accuracy, 100% precision and recall, and 99% F1-score. Furthermore, the computational cost of both experiments was calculated to prove the performance improvement brought about by the proposed ANN classifier compared to the simple ANN method with the same time of training and prediction. Full article

Universal adversarial perturbations are image-agnostic and model-independent noise that, when added to any image, can mislead the trained deep convolutional neural networks into the wrong prediction. Since these universal adversarial perturbations can seriously jeopardize the security and integrity of practical deep learning applications, the existing techniques use additional neural networks to detect the existence of these noises at the input image source. In this paper, we demonstrate an attack strategy that, when activated by rogue means (e.g., malware, trojan), can bypass these existing countermeasures by augmenting the adversarial noise at the AI hardware accelerator stage. We demonstrate the accelerator-level universal adversarial noise attack on several deep learning models using co-simulation of the software kernel of the Conv2D function and the Verilog RTL model of the hardware under the FuseSoC environment. Full article