Article
Computer Science, Information Systems
Eslam Amer, Ivan Zelinka, Shaker El-Sappagh
Summary: The widespread development of the malware industry poses a major threat to electronic society, hence the need for intelligent heuristic tools in malware analysis; studies show that generic behavioral graph models can effectively characterize the differences in behaviors between malicious and non-malicious processes.
COMPUTERS & SECURITY
(2021)
Article
Computer Science, Information Systems
Tieming Chen, Huan Zeng, Mingqi Lv, Tiantian Zhu
Summary: In this paper, the authors propose a deep learning based dynamic malware detection method called CTIMD, which integrates threat knowledge from CTIs into the learning process of API call sequences with runtime parameters. Experimental results show that CTIMD outperforms existing methods in terms of performance.
COMPUTERS & SECURITY
(2024)
Article
Engineering, Multidisciplinary
Jihun Kim, Sungwon Lee, Jonghee Youn
Summary: The amount of malware is growing rapidly, with new types and variants requiring time to analyze. The proposed method using API Sequence can effectively detect and classify malicious codes. Detection efficiency is higher for more complex malicious behaviors, and static analysis is the main method used.
TEHNICKI VJESNIK-TECHNICAL GAZETTE
(2021)
Article
Computer Science, Artificial Intelligence
Namita Prachi, Namita Dabas, Prabha Sharma
Summary: Continuously evolving malware and their variants pose severe threats to information systems. To address these concerns, researchers propose a novel and lightweight API call sequence-based Windows malware detection system, MalAnalyser. MalAnalyer extracts frequent API call subsequences, applies a particle swarm optimization algorithm, and enriches malware patterns using genetic algorithm. Experimental results demonstrate high accuracy and outperformance compared to similar approaches.
EXPERT SYSTEMS WITH APPLICATIONS
(2023)
Article
Computer Science, Hardware & Architecture
Roopak Surendran, Tony Thomas, Sabu Emmanuel
Summary: This article proposes a malware detection mechanism based on the presence of malicious system call codes in the system call sequence of an application, achieving consistent accuracy and precision in various datasets.
IEEE TRANSACTIONS ON RELIABILITY
(2021)
Article
Computer Science, Software Engineering
Xin Chen, Haihua Yu, Dongjin Yu, Jie Chen, Xiaoxiao Sun
Summary: This study proposes a new method that combines permission information and API call sequence information to effectively distinguish malicious applications. By extracting features and using Random Forest and Convolutional Neural Networks for classification, this method outperforms existing methods, achieving excellent results in terms of precision, recall, F1-score, and accuracy.
SOFTWARE QUALITY JOURNAL
(2023)
Article
Computer Science, Theory & Methods
Chao Jing, Yun Wu, Chaoyuan Cui
Summary: Behavior-based malware detection approaches combined with deep learning techniques are effective against unknown malware and malware variants, but vulnerable to adversarial attacks. In order to address this problem, a novel ensemble adversarial dynamic behavior detection method is proposed, focusing on three features of malicious API sequence: Immediacy, Locality, and Adversary.
FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE
(2022)
Article
Computer Science, Artificial Intelligence
M. Prabhavathy, S. Uma Maheswari, R. Saveeth, S. Saranya Rubini
Summary: This research focuses on developing a malware detection and analysis tool for mobile devices, particularly targeting the Android platform. By extracting source code from Android apps and creating a detection framework, a database is established for identifying malware/errors using SVM and logistic regression. The experimental results show a high true positive classification rate of 95.5% and low false positive rate of 0.8%.
JOURNAL OF MULTIPLE-VALUED LOGIC AND SOFT COMPUTING
(2021)
Article
Chemistry, Multidisciplinary
Yuxin Zhang, Shumian Yang, Lijuan Xu, Xin Li, Dawei Zhao
Summary: With the rapid growth of malware, learning API call sequences is effective for malware detection, but it is troublesome in practice to mine API call features. A novel method based on semantic information is proposed for malware detection, which outperforms the baseline method in terms of accuracy.
APPLIED SCIENCES-BASEL
(2023)
Article
Chemistry, Multidisciplinary
Sanfeng Zhang, Jiahao Wu, Mengzhe Zhang, Wang Yang
Summary: The existing dynamic malware detection methods based on API call sequences lack consideration of semantic information of functions. Simply mapping APIs to numerical values fails to reflect critical aspects such as query/mutation operations and their relation to network communication, file system, and more. Moreover, performance is hindered by large API sequences. To address this, Mal-ASSF model is proposed, which combines semantic and sequential features of API calls. It uses API2Vec embedding for dimenstionality reduction and Balts to extract behavioral features of sequential segments. Implicit semantic information, operation, and resource type of API functions are extracted, and these features are then fused and processed using attention-related modules. Mal-ASSF outperforms existing solutions by 3% to 5% in detection accuracy, as proven through evaluation with a malware dataset.
APPLIED SCIENCES-BASEL
(2023)
Article
Chemistry, Multidisciplinary
Ammar Yahya Daeef, Ali Al-Naji, Ali K. Nahar, Javaan Chahl
Summary: Malware is a significant threat to modern businesses, and it is crucial to eliminate it from computer systems. A lightweight solution using artificial intelligence at the edge of the IT system is the most responsive option. This study used visualization analysis and Jaccard similarity to uncover patterns in API calls for high malware detection rates and quick execution. The results showed that random forest (RF) performed similarly to long short-term memory (LSTM) and deep graph convolutional neural networks (DGCNNs), indicating potential for real-time inference on edge devices.
APPLIED SCIENCES-BASEL
(2023)
Article
Computer Science, Interdisciplinary Applications
Ammar Yahya Daeef, Ali Al-Naji, Javaan Chahl
Summary: Malware classification is crucial for preventing malicious attacks. This study employed API call features and traditional machine learning classifiers to classify malware, achieving better classification results compared to using neural network methods.
Article
Computer Science, Artificial Intelligence
Zikai Zhang, Yidong Li, Wei Wang, Haifeng Song, Hairong Dong
Summary: Malware detection is a vital task for cybersecurity, but it is still challenging due to the disregard of temporal correlations between malicious behaviors. In this study, a Dynamic Evolving Graph Convolutional Network (DEGCN) model is proposed to capture the dynamic evolving pattern of software behaviors, using multiscaled API graph sequences.
INTERNATIONAL JOURNAL OF INTELLIGENT SYSTEMS
(2022)
Article
Computer Science, Information Systems
P. Garcia-Teodoro, J. A. Gomez-Hernandez, A. Abellan-Galera
Summary: This research introduces a simple multi-labeling approach to automatically tag the multiple behaviors of malware samples. The coherence between known malware samples and their tags is analyzed, and experiments are conducted on four public Android malware datasets to discuss the results and statistics of the multi-labeling method.
COMPUTERS & SECURITY
(2022)
Article
Computer Science, Artificial Intelligence
Gianni D'Angelo, Massimo Ficco, Francesco Palmieri
Summary: The study introduces an algorithm based on recurring subsequences alignment to infer malware behaviors, which can operate within dynamic analysis scenarios and shows excellent classification performance in experiments.
APPLIED SOFT COMPUTING
(2021)
Article
Computer Science, Information Systems
Jianwen Fu, Jingfeng Xue, Yong Wang, Zhenyan Liu, Chun Shan
Article
Computer Science, Information Systems
Weijie Han, Jingfeng Xue, Hui Yan
IET INFORMATION SECURITY
(2019)
Article
Computer Science, Hardware & Architecture
Weijie Han, Jingfeng Xue, Yong Wang, Zhenyan Liu, Zixiao Kong
JOURNAL OF NETWORK AND COMPUTER APPLICATIONS
(2019)
Article
Computer Science, Information Systems
Weijie Han, Jingfeng Xue, Yong Wang, Fuquan Zhang, Xianwei Gao
Summary: This paper proposes a novel framework for detecting and understanding APT malware, which leverages system call information and ontology knowledge. The framework accurately detects and clusters APT malware, providing systematic cognition and contextual understanding, with evaluation results showing high accuracy rates.
INFORMATION SCIENCES
(2021)
Review
Computer Science, Information Systems
Zixiao Kong, Jingfeng Xue, Yong Wang, Lu Huang, Zequn Niu, Feng Li
Summary: This article discusses the importance and methods of adversarial attack security, helping researchers understand how to enter this field for research. It focuses on the classification and methods of adversarial attacks on images, texts, and malicious code.
WIRELESS COMMUNICATIONS & MOBILE COMPUTING
(2021)
Article
Computer Science, Information Systems
Zequn Niu, Wenjie Guo, Jingfeng Xue, Yong Wang, Zixiao Kong, Lu Huang
Summary: This work proposed a novel anomaly detection approach based on ensemble semi-supervised active learning, which can effectively detect anomalous traffic when there is few labeled samples and the dataset is unbalanced. By using a balanced sampling strategy, a balanced training set is constructed to effectively train the detection model on a limited budget.
COMPUTERS & SECURITY
(2023)
Article
Computer Science, Artificial Intelligence
Junbao Chen, Jingfeng Xue, Yong Wang, Lu Huang, Thar Baker, Zhixiong Zhou
Summary: This paper proposes a Privacy-Preserving and Traceable Federated Learning framework (PPTFL) that protects privacy through Hierarchical Aggregation Federated Learning and combines federated learning with blockchain and IPFS for traceability and tamper-proofing of parameters.
EXPERT SYSTEMS WITH APPLICATIONS
(2023)
Article
Computer Science, Information Systems
Shaohan Wu, Jingfeng Xue, Yong Wang, Zixiao Kong
Summary: Recently, deep learning-based malware detection models have replaced manual analysis as the primary defense for anti-malware systems. However, these models are vulnerable to adversarial examples, which can evade detection by adding carefully crafted perturbations to malicious samples. We propose a method that extracts benign payload from benign samples based on detection results and uses an RNN generative model to learn benign features. By generating adversarial perturbations and appending them to the malicious samples, we achieve a maximum evasion success rate of 90.8% under different scenarios.
Article
Computer Science, Information Systems
Minghui Li, Jingfeng Xue, Yong Wang, Rui Ma, Wei Huo
Summary: The rapid development of wearable technology has enabled the collection and sharing of health data, providing benefits to patients, caretakers, and medical research. However, the sensitive nature of personal health data and the unknown recipients pose challenges for secure sharing. This paper introduces NACDA, a secure many-to-many data-sharing service on the Named Data Network (NDN), which utilizes Identity-Based Encryption with Wildcard Key Derivation (WKD-IBE) and blockchain to ensure secure and flexible data sharing, data ownership, and access control. A prototype based on NDN is developed and a security analysis is conducted to demonstrate the feasibility of NACDA.
Review
Computer Science, Information Systems
Weijie Han, Jingfeng Xue, Yong Wang, Shibing Zhu, Zixiao Kong
Proceedings Paper
Automation & Control Systems
Han Wei-Jie, Xue Jing-Feng
PROCEEDINGS OF THE 2017 6TH INTERNATIONAL CONFERENCE ON MEASUREMENT, INSTRUMENTATION AND AUTOMATION (ICMIA 2017)
(2017)
Article
Computer Science, Information Systems
Kashan Ahmed, Syed Khaldoon Khurshid, Sadaf Hina
Summary: This paper mainly introduces the construction of the cyber threat intelligence knowledge graph and the information extraction technique. By using joint extraction technique, it solves the problem of traditional techniques becoming ineffective due to the increasing size of CTI data. Experimental results show that this technique outperforms state-of-the-art models in knowledge triple extraction on CTI data and improves the F1 score.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Xinlong He, Yang Xu, Sicong Zhang, Weida Xu, Jiale Yan
Summary: This paper proposes a new membership inference attack method in federated learning, which utilizes data poisoning and sequence prediction confidence. The attack is effective and results in minimal overall model performance degradation.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Tieming Chen, Huan Zeng, Mingqi Lv, Tiantian Zhu
Summary: In this paper, the authors propose a deep learning based dynamic malware detection method called CTIMD, which integrates threat knowledge from CTIs into the learning process of API call sequences with runtime parameters. Experimental results show that CTIMD outperforms existing methods in terms of performance.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Wonwoo Choi, Minjae Seo, Seongman Lee, Brent Byunghoon Kang
Summary: This paper proposes SUM, a backward-edge control flow protection scheme for ARM Cortex-M processors. It combines MPU and the overlooked hardware feature FaultMask to achieve efficient and robust protection. The empirical evaluation shows minimal runtime overhead for the proposed solution.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Liliana Ribeiro, Ines Sousa Guedes, Carla Sofia Cardoso
Summary: Phishing susceptibility is influenced by individual and contextual factors. The study found that individuals who perceive themselves as capable of detecting phishing and those who use online services more frequently are more susceptible to phishing. However, technology competencies and other individual variables do not predict phishing susceptibility.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Wenjie Wang, Yuanhai Shao, Yiju Wang
Summary: In this paper, we investigate the adversarial perturbations of twin support vector machines (TWSVMs) and propose an optimization framework, which provides explicit solutions to increase the interpretability of the conclusion and convenience for calculation.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Snofy D. Dunston, V. Mary Anita Rajam
Summary: This paper proposes a novel adversarial attack technique that can synthesize adversarial images to mislead deep learning models, and also studies interpretability plots. The research findings show that the proposed attack technique influences the interpretability plots, regardless of the success of the attack.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Junchen Li, Guang Cheng, Zongyao Chen, Peng Zhao
Summary: Protocol Reverse Engineering (PRE) is a direct approach for analyzing unknown traffic. This paper proposes a method for clustering unknown traffic based on private protocol labels, and the experimental results demonstrate its advantages on real-world network traffic.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Rafal Kozik, Massimo Ficco, Aleksandra Pawlicka, Marek Pawlicki, Francesco Palmieri, Michal Choras
Summary: The inclusion of Explainability of Artificial Intelligence (xAI) has become a mandatory requirement for designing and implementing reliable, interpretable, and ethical AI solutions. However, it has been shown that xAI can enable successful adversarial attacks in the domain of fake news detection, leading to a decrease in AI security. This paper presents an attack scheme that uses an explainable solution to reshape the structure of the original message, allowing the adversary to manipulate the model's prediction while keeping the message's meaning intact.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Benyuan Yang, Lili Luo, Zhimeng Wang
Summary: Interoperation is widely used in practical industrial applications, but merging local access control policies may lead to security violations. Dealing with these issues in a multidomain environment is critical, but finding the maximum secure interoperation among individual systems poses a challenge due to the large number of entities and access involved.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Binghui Zou, Chunjie Cao, Longjuan Wang, Sizheng Fu, Tonghua Qiao, Jingzhang Sun
Summary: The ongoing struggle between security researchers and malware has led to the exploration of using convolutional neural networks and capsule networks for classification and identification of malware. However, training these networks requires a significant amount of data and parameters, and the research on capsule networks is still in its early stages, posing challenges.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Hongsong Chen, Xingyu Li, Wenmao Liu
Summary: Multivariate time-series anomaly detection is crucial for maintaining normal operation of physical equipment. Recent advances have been made in this field, but two challenges have limited the model's ability to generalize. To address these challenges, a multivariate time-series anomaly detection model consisting of a characterization network and a forecasting network is proposed. Experimental results demonstrate that this method outperforms baseline methods in terms of detection performance and robustness.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Roberto Doriguzzi-Corin, Domenico Siracusa
Summary: This paper discusses the application of federated learning in the field of cybersecurity and proposes an adaptive mechanism-based federated learning solution for DDoS attack detection in dynamic cybersecurity scenarios. Through experiments, it is demonstrated that the proposed solution outperforms state-of-the-art federated learning algorithms in terms of convergence time and accuracy.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Antonio Giovanni Schiavone
Summary: The usage of HTTPS protocol is crucial for secure communication with websites, ensuring the confidentiality, integrity, and authenticity of online data transmissions. The Municipality2HTTPS research project analyzed the implementation of HTTPS in Italian municipalities' websites and identified areas for improvement.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Domna Bilika, Nikoletta Michopoulou, Efthimios Alepis, Constantinos Patsakis
Summary: Voice Assistants (VAs) are widely used in smart devices, but are vulnerable to attacks, as shown by experiments with popular VAs revealing successful attack rates exceeding 30% and statistical variations among vendors, calling for additional countermeasures to protect user information.
COMPUTERS & SECURITY
(2024)