Mobile phones are an essential part of modern life.The two popular mobile phone platforms,Android and iPhone Operating System(iOS),have an immense impact on the lives of millions of people.Among these two,Android curr...Mobile phones are an essential part of modern life.The two popular mobile phone platforms,Android and iPhone Operating System(iOS),have an immense impact on the lives of millions of people.Among these two,Android currently boasts more than 84%market share.Thus,any personal data put on it are at great risk if not properly protected.On the other hand,more than a million pieces of malware have been reported on Android in just 2021 till date.Detecting and mitigating all this malware is extremely difficult for any set of human experts.Due to this reason,machine learning-and specifically deep learning-has been utilized in the recent past to resolve this issue.However,deep learning models have primarily been designed for image analysis.While this line of research has shown promising results,it has been difficult to really understand what the features extracted by deep learning models are in the domain of malware.Moreover,due to the translation invariance property of popular models based on ConvolutionalNeural Network(CNN),the true potential of deep learning for malware analysis is yet to be realized.To resolve this issue,we envision the use of Capsule Networks(CapsNets),a state-of-the-art model in deep learning.We argue that since CapsNets are orientation-based in terms of images,they can potentially be used to capture spatial relationships between different features at different locations within a sequence of opcodes.We design a deep learning-based architecture that efficiently and effectively handles very large scale malware datasets to detect Androidmalware without resorting to very deep networks.This leads tomuch faster detection as well as increased accuracy.We achieve state-of-the-art F1 score of 0.987 with an FPR of just 0.002 for three very large,real-world malware datasets.Our code is made available as open source and can be used to further enhance our work with minimal effort.展开更多
Malware is a‘malicious software program that performs multiple cyberattacks on the Internet,involving fraud,scams,nation-state cyberwar,and cybercrime.Such malicious software programs come under different classificat...Malware is a‘malicious software program that performs multiple cyberattacks on the Internet,involving fraud,scams,nation-state cyberwar,and cybercrime.Such malicious software programs come under different classifications,namely Trojans,viruses,spyware,worms,ransomware,Rootkit,botnet malware,etc.Ransomware is a kind of malware that holds the victim’s data hostage by encrypting the information on the user’s computer to make it inaccessible to users and only decrypting it;then,the user pays a ransom procedure of a sum of money.To prevent detection,various forms of ransomware utilize more than one mechanism in their attack flow in conjunction with Machine Learning(ML)algorithm.This study focuses on designing a Learning-Based Artificial Algae Algorithm with Optimal Machine Learning Enabled Malware Detection(LBAAA-OMLMD)approach in Computer Networks.The presented LBAAA-OMLMDmodelmainly aims to detect and classify the existence of ransomware and goodware in the network.To accomplish this,the LBAAA-OMLMD model initially derives a Learning-Based Artificial Algae Algorithm based Feature Selection(LBAAA-FS)model to reduce the curse of dimensionality problems.Besides,the Flower Pollination Algorithm(FPA)with Echo State Network(ESN)Classification model is applied.The FPA model helps to appropriately adjust the parameters related to the ESN model to accomplish enhanced classifier results.The experimental validation of the LBAAA-OMLMD model is tested using a benchmark dataset,and the outcomes are inspected in distinct measures.The comprehensive comparative examination demonstrated the betterment of the LBAAAOMLMD model over recent algorithms.展开更多
Security tools are rapidly developed as network security threat is becoming more and more serious.To overcome the fundamental limitation of traditional host-based anti-malware system which is likely to be deceived and...Security tools are rapidly developed as network security threat is becoming more and more serious.To overcome the fundamental limitation of traditional host-based anti-malware system which is likely to be deceived and attacked by malicious codes,VMM-based anti-malware systems have recently become a hot research field.In this article,the existing malware hiding technique is analyzed,and a detecting model for hidden process based on "In-VM" idea is also proposed.Based on this detecting model,a hidden process detection technology which is based on HOOK SwapContext on the VMM platform is also implemented successfully.This technology can guarantee the detecting method not to be attacked by malwares and also resist all the current process hiding technologies.In order to detect the malwares which use remote injection method to hide themselves,a method by hijacking sysenter instruction is also proposed.Experiments show that the proposed methods guarantee the isolation of virtual machines,can detect all malware samples,and just bring little performance loss.展开更多
The framework Information Technology professionals and Network Organizations use is often seen as open and dynamic. This can create many different pathways for cybercriminals to launch an attack on an enterprise netwo...The framework Information Technology professionals and Network Organizations use is often seen as open and dynamic. This can create many different pathways for cybercriminals to launch an attack on an enterprise network to cause panic, this situation could be prevented. Using the proposed framework, network administrators and networked organizations can improve their cybersecurity framework for future consumer networks. Implementing a network security plan that is up to date and outlines responsibilities of team members, creating a government subsidy to implement and increase safeguards on US based networks, and the analyzing of past cyber-attacks metadata to further understand the attacks that are causing problems for consumer networks can improve the cybersecurity framework for consumer networks and increase potential security on US based networks. Research found that the implementation of security plans, creating a government subsidy, and analyzing past metadata all show signs of improving the framework of cybersecurity in consumer based networks.展开更多
Mobile banking security has witnessed significant R&D attention from both financial institutions and academia.This is due to the growing number of mobile baking applications and their reachability and usefulness t...Mobile banking security has witnessed significant R&D attention from both financial institutions and academia.This is due to the growing number of mobile baking applications and their reachability and usefulness to society.However,these applications are also attractive prey for cybercriminals,who use a variety of malware to steal personal banking information.Related literature in mobile banking security requiresmany permissions that are not necessary for the application’s intended security functionality.In this context,this paper presents a novel efficient permission identification approach for securing mobile banking(MoBShield)to detect and prevent malware.A permission-based dataset is generated for mobile banking malware detection that consists large number of malicious adware apps and benign apps to use as training datasets.The dataset is generated from 1650 malicious banking apps of the Canadian Institute of Cybersecurity,University of New Brunswick and benign apps from Google Play.A machine learning algorithm is used to determine whether amobile banking application ismalicious based on its permission requests.Further,an eXplainable machine learning(XML)approach is developed to improve trust by explaining the reasoning behind the algorithm’s behaviour.Performance evaluation tests that the approach can effectively and practically identify mobile banking malware with high precision and reduced false positives.Specifically,the adapted artificial neural networks(ANN),convolutional neural networks(CNN)and XML approaches achieve a higher accuracy of 99.7%and the adapted deep neural networks(DNN)approach achieves 99.6%accuracy in comparison with the state-of-the-art approaches.These promising results position the proposed approach as a potential tool for real-world scenarios,offering a robustmeans of identifying and thwarting malware inmobile-based banking applications.Consequently,MoBShield has the potential to significantly enhance the security and trustworthiness of mobile banking platforms,mitigating the risks posed by cyber threats and ensuring a safer user experience.展开更多
The harm caused by malware in cloud computing environment is more and more serious. Traditional anti-virus software is in danger of being attacked when it is deployed in virtual machine on a large scale, and it tends ...The harm caused by malware in cloud computing environment is more and more serious. Traditional anti-virus software is in danger of being attacked when it is deployed in virtual machine on a large scale, and it tends not to be accepted by tenants in terms of performance. In this paper, a method of scanning malicious programs outside the virtual machine is proposed, and the prototype is implemented. This method transforms the memory of the virtual machine to the host machine so that the latter can access it. The user space and kernel space of virtual machine memory are analyzed via semantics, and suspicious processes are scanned by signature database. Experimental results show that malicious programs can be effectively scanned outside the virtual machine, and the performance impact on the virtual machine is low, meeting the needs of tenants.展开更多
The increasing popularity of wireless networks makes the protection of online privacy be a common concern of users and internet service providers.Because of the difference of wireless networks and wired networks,it is...The increasing popularity of wireless networks makes the protection of online privacy be a common concern of users and internet service providers.Because of the difference of wireless networks and wired networks,it is proved to be easier for hackers to steal information related to users' privacy in wireless networks than that of wired networks.The issue that whether online privacy protection is necessary or reasonable has given rise to much controversy.In this paper,the discussion of this issue includes what online protection of privacy is,current problems of online privacy protection in wireless networks,exploration of solutions and problems that may caused by the protection.No matter what extent the protection will be,it is proved to be essential for experts,users and IT staff to enhance the protection in wireless networks via new technologies,policy and law.It is also a way for improving the security of information management and business communication in wireless networks.展开更多
文摘Mobile phones are an essential part of modern life.The two popular mobile phone platforms,Android and iPhone Operating System(iOS),have an immense impact on the lives of millions of people.Among these two,Android currently boasts more than 84%market share.Thus,any personal data put on it are at great risk if not properly protected.On the other hand,more than a million pieces of malware have been reported on Android in just 2021 till date.Detecting and mitigating all this malware is extremely difficult for any set of human experts.Due to this reason,machine learning-and specifically deep learning-has been utilized in the recent past to resolve this issue.However,deep learning models have primarily been designed for image analysis.While this line of research has shown promising results,it has been difficult to really understand what the features extracted by deep learning models are in the domain of malware.Moreover,due to the translation invariance property of popular models based on ConvolutionalNeural Network(CNN),the true potential of deep learning for malware analysis is yet to be realized.To resolve this issue,we envision the use of Capsule Networks(CapsNets),a state-of-the-art model in deep learning.We argue that since CapsNets are orientation-based in terms of images,they can potentially be used to capture spatial relationships between different features at different locations within a sequence of opcodes.We design a deep learning-based architecture that efficiently and effectively handles very large scale malware datasets to detect Androidmalware without resorting to very deep networks.This leads tomuch faster detection as well as increased accuracy.We achieve state-of-the-art F1 score of 0.987 with an FPR of just 0.002 for three very large,real-world malware datasets.Our code is made available as open source and can be used to further enhance our work with minimal effort.
基金Princess Nourah bint Abdulrahman University Researchers Supporting Project number(PNURSP2022R319)PrincessNourah bint Abdulrahman University,Riyadh,Saudi Arabia.The authors would like to thank the Deanship of Scientific Research at Umm Al-Qura University for supporting this work by Grant Code:22UQU4310373DSR34The authors are thankful to the Deanship of Scientific Research at Najran University for funding thiswork under theResearch Groups Funding program Grant Code(NU/RG/SERC/11/4).
文摘Malware is a‘malicious software program that performs multiple cyberattacks on the Internet,involving fraud,scams,nation-state cyberwar,and cybercrime.Such malicious software programs come under different classifications,namely Trojans,viruses,spyware,worms,ransomware,Rootkit,botnet malware,etc.Ransomware is a kind of malware that holds the victim’s data hostage by encrypting the information on the user’s computer to make it inaccessible to users and only decrypting it;then,the user pays a ransom procedure of a sum of money.To prevent detection,various forms of ransomware utilize more than one mechanism in their attack flow in conjunction with Machine Learning(ML)algorithm.This study focuses on designing a Learning-Based Artificial Algae Algorithm with Optimal Machine Learning Enabled Malware Detection(LBAAA-OMLMD)approach in Computer Networks.The presented LBAAA-OMLMDmodelmainly aims to detect and classify the existence of ransomware and goodware in the network.To accomplish this,the LBAAA-OMLMD model initially derives a Learning-Based Artificial Algae Algorithm based Feature Selection(LBAAA-FS)model to reduce the curse of dimensionality problems.Besides,the Flower Pollination Algorithm(FPA)with Echo State Network(ESN)Classification model is applied.The FPA model helps to appropriately adjust the parameters related to the ESN model to accomplish enhanced classifier results.The experimental validation of the LBAAA-OMLMD model is tested using a benchmark dataset,and the outcomes are inspected in distinct measures.The comprehensive comparative examination demonstrated the betterment of the LBAAAOMLMD model over recent algorithms.
基金National High Technical Research and Development Program of China(863 Program)under Grant No. 2008AA01Z414
文摘Security tools are rapidly developed as network security threat is becoming more and more serious.To overcome the fundamental limitation of traditional host-based anti-malware system which is likely to be deceived and attacked by malicious codes,VMM-based anti-malware systems have recently become a hot research field.In this article,the existing malware hiding technique is analyzed,and a detecting model for hidden process based on "In-VM" idea is also proposed.Based on this detecting model,a hidden process detection technology which is based on HOOK SwapContext on the VMM platform is also implemented successfully.This technology can guarantee the detecting method not to be attacked by malwares and also resist all the current process hiding technologies.In order to detect the malwares which use remote injection method to hide themselves,a method by hijacking sysenter instruction is also proposed.Experiments show that the proposed methods guarantee the isolation of virtual machines,can detect all malware samples,and just bring little performance loss.
文摘The framework Information Technology professionals and Network Organizations use is often seen as open and dynamic. This can create many different pathways for cybercriminals to launch an attack on an enterprise network to cause panic, this situation could be prevented. Using the proposed framework, network administrators and networked organizations can improve their cybersecurity framework for future consumer networks. Implementing a network security plan that is up to date and outlines responsibilities of team members, creating a government subsidy to implement and increase safeguards on US based networks, and the analyzing of past cyber-attacks metadata to further understand the attacks that are causing problems for consumer networks can improve the cybersecurity framework for consumer networks and increase potential security on US based networks. Research found that the implementation of security plans, creating a government subsidy, and analyzing past metadata all show signs of improving the framework of cybersecurity in consumer based networks.
基金the Deanship of Scientific Research(DSR),King Khalid University,Abha,under Grant No.RGP.1/260/45The author,therefore,gratefully acknowledges the DSR’s technical and financial support.
文摘Mobile banking security has witnessed significant R&D attention from both financial institutions and academia.This is due to the growing number of mobile baking applications and their reachability and usefulness to society.However,these applications are also attractive prey for cybercriminals,who use a variety of malware to steal personal banking information.Related literature in mobile banking security requiresmany permissions that are not necessary for the application’s intended security functionality.In this context,this paper presents a novel efficient permission identification approach for securing mobile banking(MoBShield)to detect and prevent malware.A permission-based dataset is generated for mobile banking malware detection that consists large number of malicious adware apps and benign apps to use as training datasets.The dataset is generated from 1650 malicious banking apps of the Canadian Institute of Cybersecurity,University of New Brunswick and benign apps from Google Play.A machine learning algorithm is used to determine whether amobile banking application ismalicious based on its permission requests.Further,an eXplainable machine learning(XML)approach is developed to improve trust by explaining the reasoning behind the algorithm’s behaviour.Performance evaluation tests that the approach can effectively and practically identify mobile banking malware with high precision and reduced false positives.Specifically,the adapted artificial neural networks(ANN),convolutional neural networks(CNN)and XML approaches achieve a higher accuracy of 99.7%and the adapted deep neural networks(DNN)approach achieves 99.6%accuracy in comparison with the state-of-the-art approaches.These promising results position the proposed approach as a potential tool for real-world scenarios,offering a robustmeans of identifying and thwarting malware inmobile-based banking applications.Consequently,MoBShield has the potential to significantly enhance the security and trustworthiness of mobile banking platforms,mitigating the risks posed by cyber threats and ensuring a safer user experience.
基金supported by the National Key Research and Development Program of China ( 2018YFB1004005 )the Key Research and Development Program of Guangdong Province ( 2019B010136001 )the National Natural Science Foundation of China ( 61872110)。
文摘The harm caused by malware in cloud computing environment is more and more serious. Traditional anti-virus software is in danger of being attacked when it is deployed in virtual machine on a large scale, and it tends not to be accepted by tenants in terms of performance. In this paper, a method of scanning malicious programs outside the virtual machine is proposed, and the prototype is implemented. This method transforms the memory of the virtual machine to the host machine so that the latter can access it. The user space and kernel space of virtual machine memory are analyzed via semantics, and suspicious processes are scanned by signature database. Experimental results show that malicious programs can be effectively scanned outside the virtual machine, and the performance impact on the virtual machine is low, meeting the needs of tenants.
文摘The increasing popularity of wireless networks makes the protection of online privacy be a common concern of users and internet service providers.Because of the difference of wireless networks and wired networks,it is proved to be easier for hackers to steal information related to users' privacy in wireless networks than that of wired networks.The issue that whether online privacy protection is necessary or reasonable has given rise to much controversy.In this paper,the discussion of this issue includes what online protection of privacy is,current problems of online privacy protection in wireless networks,exploration of solutions and problems that may caused by the protection.No matter what extent the protection will be,it is proved to be essential for experts,users and IT staff to enhance the protection in wireless networks via new technologies,policy and law.It is also a way for improving the security of information management and business communication in wireless networks.
