ABSTRACT
To provide the ease control and remote monitoring, Internet of Things (IoT) plays an important role in smart devices. The IoT system ranges from smart city to healthcare sector, and supply chain management. This extent of advancement generated a huge amount of data which may be the reason of malware threats of the IoT system. IoT Malware is a threat which may affects all sectors such as business, network, telecoms, media, military, etc. The recent report claimed the proliferation of global cost of malware estimated that till 2023 it would be around 8 trillion dollars annually which may double due to coronavirus outbreak. The analysis of IoT malware needs serious concern as now warfare and digital retaliation can cause serious damage than the war lead on ground. The major aim of this paper is performing the critical analysis of an IoT malware named Emotet. The IoT malware analysis can be categorized in two types such as static and dynamic malware analysis. Static analysis is the process of analyzing malware or binary without executing it. It is considered a more effective method when it comes to the diversity of processor architecture. While dynamic analysis is based on the detection of malware and its behavior with real-time execution. This paper focused on the testbed and Analysis of Emotet malware statically and dynamically using distinguished malware analysis tools. © 2023 IEEE.
ABSTRACT
Organizations regardless of their size are rapidly transforming, adopting and embracing digitalization amid the COVID pandemic. The pandemic forced organizations to ratio- nalize offline operations and swift towards online operations. Many organizations have digitized their services and have witnessed increasing Multistage cyber-attacks. Further, a lot of organizations have enabled remote access to the enterprise resources and services. As a result, organizations are striving to defend against Multistage cyber-attacks. These multistage attacks often spread across many stages, which is best described by MITRE Adversarial Tactics, Techniques, and Common Knowl- edge (ATT&CK) Framework. There are many research efforts for static detection of malicious binaries but very few or limited research targeting run-time detection of malicious processes in the system. Detection of these malicious processes are key for identifying new variants of multistage attacks or malware in the real world. This paper proposes a system for detecting multistage attacks in real-time or run-time by leveraging Machine learning and MITRE ATT&CK Framework. Machine learning facilitates detecting the malicious process in the system, and the MITRE ATT&CK framework offers insight into adversary techniques. Combination of these two is very effective in detecting multistage attacks and identifying individual stages. The proposed system shows promising results when tested on real-time/latest malware. Test result shows that our system can achieve 95.83% of accuracy. This paper discusses the challenges in detection of runtime malware, dataset generation © 2022 IEEE.
ABSTRACT
The malicious actors continuously produce malicious Android applications with a COVID-19 theme in the context of the pandemic. Users frequently grant the necessary permissions to install those phoney apps without paying much attention. Android permissions are essential points of weakness. Major privacy issues often result from this vulnerability. Hackers with malicious intent have viewed the COVID-19 pandemic as an opportunity to conduct malware attacks to profit financially and advance their nefarious goals. Through COVID-19-related content, people are becoming victims of phishing scams. The android malware seen explicitly during the pandemic of Covid-19 is discussed in this study, and we next analyze malware detection methods with a focus on these Covid-19-Themed malware mobile applications. This research paper attempts to identify dangerous android permissions and the malware families that erupted during the Covid-19 outbreak. © 2023 IEEE.
ABSTRACT
Malware has recently grown exponentially in recent years and poses a serious threat to individual users, corporations, banks, and government agencies. This can be seen from the growth of Advanced Persistent Threats (APTs) that make use of advance and sophisticated malware. With the wide availability of computer-automated tools such as constructors, email flooders, and spoofers. Thus, it is now easy for users who are not technically inclined to create variations in existing malware. Researchers have developed various defense techniques in response to these threats, such as static and dynamic malware analyses. These techniques are ineffective at detecting new malware in the main memory of the computer and otherwise require considerable effort and domain-specific expertise. Moreover, recent techniques of malware detection require a long time for training and occupy a large amount of memory due to their reliance on multiple factors. In this paper, we propose a computer vision-based technique for detecting malware that resides in the main computer memory in which our technique is faster or memory efficient. It works by taking portable executables in a virtual environment to extract memory dump files from the volatile memory and transform them into a particular image format. The computer vision-based contrast-limited adaptive histogram equalization and the wavelet transform are used to improve the contrast of neighboring pixel and to reduce the entropy. We then use the support vector machine, random forest, decision tree, and XGBOOST machine learning classifiers to train the model on the transformed images with dimensions of 112 × 112 and 56 × 56. The proposed technique was able to detect and classify malware with an accuracy rate of 97.01%. Its precision, recall, and F1-score were 97.36%, 95.65%, and 96.36%, respectively. Our finding shows that our technique in preparing dataset with more efficient features to be trained by the Machine Learning classifiers has resulted in significant performance in terms of accuracy, precision, recall, F1-score, speed and memory consumption. The performance has superseded most of the existing techniques in its unique approach.
ABSTRACT
Smartphone has become the 4th basic necessity of human being after Food, Cloths and Home. It has become an integral part of the life that most of the business and office work can be operated by mobile phone and the demand for online classes demand for all class of students have become a compulsion without any alternate due to the COVID-19 pandemic. Android is considered as the most prevailing and used operating system for the mobile phone on this planet and for the same reason it is the most targeted mobile operating system by the hackers. Android malware has been increasing every quarter and every year. An android malware is installed and executed on the smartphones quietly without any indication and user’s acceptance, that possess threats to the consumer’s personal and/or classified information stored. To address these threats, varieties of techniques have been proposed by the researchers like Static, Dynamic and Hybrid. In this paper a systematic review has been carried out on the relevant studies from 2017 to 2020. Assessment of the malware detection capabilities of various techniques used by different researchers has been carried out with comparison of the performance of different machine learning models for the detection of android malwares by assessing the results of empirical evidences such as datasets, features, tools, etc. However the android malware detection still faces several challenges and the possible solution with some novel approach or technique to improve the detection capabilities is discussed in the discussion and conclusion. © 2022, Springer Nature Switzerland AG.
ABSTRACT
In the severe COVID-19 environment, encrypted mobile malware is increasingly threatening personal privacy, especially those targeting on Android platform. Existing methods mainly focus on extracting features from Android Malware (DroidMal) by reversing the binary samples, which is sensitive to the deduction of the available samples. Thus, they fail to tackle the insufficiency of the novel DoridMal. Therefore, it is necessary to investigate an effective solution to classify large-scale DroidMal, as well as to detect the novel one. We consider few-shot DroidMal detection as DoridMal encrypted network traffic classification and propose an image-based method with meta-learning, namely AMDetector, to address the issues. By capturing network traffic produced by DroidMal, samples are augmented and thus cater to the learning algorithms. Firstly, DroidMal encrypted traffic is converted to session images. Then, session images are embedded into a high dimension metric space, in which traffic samples can be linearly separated by computing the distance with the corresponding prototype. Large-scale and novel DroidMal traffic is classified by applying different meta-learning strategies. Experimental results on public datasets have demonstrated the capability of our method to classify large-scale known DroidMal traffic as well as to detect the novel one. It is encouraging to see that, our model achieves superior performance on known and novel DroidMal traffic classification among the state-of-the-arts. Moreover, AMDetector is able to classify the unseen cross-platform malware. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
ABSTRACT
In the context of the COVID-19 pandemic the malicious actors actively creating COVID-themed android malicious apps and without much attention user may often grant all the required permissions to install those fake apps. The Android permissions are crucial sources of vulnerability. This vulnerability often leads to major privacy threats. In this work COVID-themed android malwares were collected and analyzed to develop a detection framework based on the static feature permission and machine learning techniques. The proposed system analyses 100 COVID-themed fake applications which released in 2020. The sensitive permissions are selected using Recursive Feature Elimination (RFE) technique. The study shows better accuracy of 0.830 and 0.812 with Decision tree classifier and Random forest classifier respectively. © 2022 IEEE.
ABSTRACT
The outbreak of the COVID-19 pandemic has forced worldwide employees to massive use of their mobile devices to access corporate systems. This new scenario has made mobile devices more susceptible to malicious applications, which are yearly developed to conduct several hostile activities. Concerned about this fact, many Deep Learning (DL) based solutions have been proposed, in the last decade, by considering both static and dynamic approaches. However, static solutions are adversely affected by obfuscation techniques and polymorphic applications, while dynamic ones cannot reduce the damages caused during applications execution. To this purpose, the following paper aims to propose a novel approach called API-Streams to minimize damages at Run-time. Therefore, we investigate several Video-Classification tasks through CNN-LSTM Autoencoders (CNN-LSTM-AEs). More precisely, we combine the capability of AEs in finding compact features with the classification abilities of Deep Neural Networks (DNNs), and we show that the proposed approach achieves an average accuracy of 98% in the presence of several unbalanced training datasets. Finally, we use the t-Stochastic Neighbor Embedded (t-SNE) representation technique to investigate the abilities of the employed AE to cluster data into their respective classes by limiting their overlapping. © 2022, Springer Nature Singapore Pte Ltd.
ABSTRACT
The fast growth of the Internet of Things (IoT) and its diverse applications increase the risk of cyberattacks, one type of which is malware attacks. Due to the IoT devices’ different capabilities and the dynamic and ever-evolving environment, applying complex security measures is challenging, and applying only basic security standards is risky. Artificial Immune Systems (AIS) are intrusion-detecting algorithms inspired by the human body’s adaptive immune system techniques. Most of these algorithms imitate the human’s body B-cell and T-cell defensive mechanisms. They are lightweight, adaptive, and able to detect malware attacks without prior knowledge. In this work, we review the recent advances in employing AIS for the improved detection of malware in IoT networks. We present a critical analysis that highlights the limitations of the state-of-the-art in AIS research and offer insights into promising new research directions.