Khaled M. Alalayah¹, Fatma S. Alrayes², Mohamed K. Nour³, Khadija M. Alaidarous¹, Ibrahim M. Alwayle¹, Heba Mohsen⁴, Ibrahim Abdulrab Ahmed⁵, Mesfer Al Duhayyim^6,*

Computer Systems Science and Engineering, Vol.46, No.3, pp. 3103-3119, 2023, DOI:10.32604/csse.2023.034034

Abstract Malware is a ‘malicious software program that performs multiple cyberattacks on the Internet, involving fraud, scams, nation-state cyberwar, and cybercrime. Such malicious software programs come under different classifications, namely Trojans, viruses, spyware, worms, ransomware, Rootkit, botnet malware, etc. Ransomware is a kind of malware that holds the victim’s data hostage by encrypting the information on the user’s computer to make it inaccessible to users and only decrypting it; then, the user pays a ransom procedure of a sum of money. To prevent detection, various forms of ransomware utilize more than one mechanism in their attack flow in conjunction with Machine… More >

Emad Alsuwat^1,*, Suhare Solaiman¹, Hatim Alsuwat²

CMC-Computers, Materials & Continua, Vol.75, No.2, pp. 3743-3759, 2023, DOI:10.32604/cmc.2023.035126

Abstract Concept drift is a main security issue that has to be resolved since it presents a significant barrier to the deployment of machine learning (ML) models. Due to attackers’ (and/or benign equivalents’) dynamic behavior changes, testing data distribution frequently diverges from original training data over time, resulting in substantial model failures. Due to their dispersed and dynamic nature, distributed denial-of-service attacks pose a danger to cybersecurity, resulting in attacks with serious consequences for users and businesses. This paper proposes a novel design for concept drift analysis and detection of malware attacks like Distributed Denial of Service (DDOS) in the network.… More >

Zhiguo Chen^1,2,*, Jiabing Cao^1,2

CMC-Computers, Materials & Continua, Vol.75, No.2, pp. 4445-4465, 2023, DOI:10.32604/cmc.2023.038639

Abstract The Corona Virus Disease 2019 (COVID-19) effect has made telecommuting and remote learning the norm. The growing number of Internet-connected devices provides cyber attackers with more attack vectors. The development of malware by criminals also incorporates a number of sophisticated obfuscation techniques, making it difficult to classify and detect malware using conventional approaches. Therefore, this paper proposes a novel visualization-based malware classification system using transfer and ensemble learning (VMCTE). VMCTE has a strong anti-interference ability. Even if malware uses obfuscation, fuzzing, encryption, and other techniques to evade detection, it can be accurately classified into its corresponding malware family. Unlike traditional… More >

Faisal S. Alsubaei¹, Haya Mesfer Alshahrani², Khaled Tarmissi³, Abdelwahed Motwakel^4,*

Intelligent Automation & Soft Computing, Vol.36, No.3, pp. 2897-2914, 2023, DOI:10.32604/iasc.2023.034907

Abstract Cybersecurity has become the most significant research area in the domain of the Internet of Things (IoT) owing to the ever-increasing number of cyberattacks. The rapid penetration of Android platforms in mobile devices has made the detection of malware attacks a challenging process. Furthermore, Android malware is increasing on a daily basis. So, precise malware detection analytical techniques need a large number of hardware resources that are significantly resource-limited for mobile devices. In this research article, an optimal Graph Convolutional Neural Network-based Malware Detection and classification (OGCNN-MDC) model is introduced for an IoT-cloud environment. The proposed OGCNN-MDC model aims to… More >

Younghoon Ban, Jeong Hyun Yi, Haehyun Cho^*

Computer Systems Science and Engineering, Vol.46, No.2, pp. 2215-2230, 2023, DOI:10.32604/csse.2023.036555

Abstract Android malware has evolved in various forms such as adware that continuously exposes advertisements, banking malware designed to access users’ online banking accounts, and Short Message Service (SMS) malware that uses a Command & Control (C&C) server to send malicious SMS, intercept SMS, and steal data. By using many malicious strategies, the number of malware is steadily increasing. Increasing Android malware threats numerous users, and thus, it is necessary to detect malware quickly and accurately. Each malware has distinguishable characteristics based on its actions. Therefore, security researchers have tried to categorize malware based on their behaviors by conducting the familial… More >

Murat Dener^*, Sercan Gulburun

CMC-Computers, Materials & Continua, Vol.75, No.1, pp. 1235-1251, 2023, DOI:10.32604/cmc.2023.036357

Abstract One of the most common types of threats to the digital world is malicious software. It is of great importance to detect and prevent existing and new malware before it damages information assets. Machine learning approaches are used effectively for this purpose. In this study, we present a model in which supervised and unsupervised learning algorithms are used together. Clustering is used to enhance the prediction performance of the supervised classifiers. The aim of the proposed model is to make predictions in the shortest possible time with high accuracy and f1 score. In the first stage of the model, the… More >

Xuyan Song, Yiting Qin, Xinyao Liu, Baojiang Cui^*, Junsong Fu

CMC-Computers, Materials & Continua, Vol.75, No.1, pp. 2061-2078, 2023, DOI:10.32604/cmc.2023.034505

Abstract Fileless webshell attacks against Java web applications have become more frequent in recent years as Java has gained market share. Webshell is a malicious script that can remotely execute commands and invade servers. It is widely used in attacks against web applications. In contrast to traditional file-based webshells, fileless webshells leave no traces on the hard drive, which means they are invisible to most antivirus software. To make matters worse, although there are some studies on fileless webshells, almost all of them are aimed at web applications developed in the PHP language. The complex mechanism of Java makes researchers face… More >

Ahmad Moawad^*, Ahmed Ismail Ebada, Aya M. Al-Zoghby

Journal of Cyber Security, Vol.4, No.3, pp. 169-184, 2022, DOI:10.32604/jcs.2022.033537

Abstract In computer security, the number of malware threats is increasing and causing damage to systems for individuals or organizations, necessitating a new detection technique capable of detecting a new variant of malware more efficiently than traditional anti-malware methods. Traditional anti-malware software cannot detect new malware variants, and conventional techniques such as static analysis, dynamic analysis, and hybrid analysis are time-consuming and rely on domain experts. Visualization-based malware detection has recently gained popularity due to its accuracy, independence from domain experts, and faster detection time. Visualization-based malware detection uses the image representation of the malware binary and applies image processing techniques… More >

J. Pavithra^*, S. Selvakumarasamy

Journal of Cyber Security, Vol.4, No.3, pp. 135-151, 2022, DOI:10.32604/jcs.2022.031889

Abstract Machine learning (ML) is often used to solve the problem of malware detection and classification, and various machine learning approaches are adapted to the problem of malware classification; still acquiring poor performance by the way of feature selection, and classification. To address the problem, an efficient novel algorithm for adaptive feature-centered XG Boost Ensemble Learner Classifier “AFC-XG Boost” is presented in this paper. The proposed model has been designed to handle varying data sets of malware detection obtained from Kaggle data set. The model turns the XG Boost classifier in several stages to optimize performance. At preprocessing stage, the data… More >

Jingwei Hao^*, Senlin Luo, Limin Pan

Computer Systems Science and Engineering, Vol.46, No.1, pp. 719-734, 2023, DOI:10.32604/csse.2023.033923

Abstract The byte stream is widely used in malware detection due to its independence of reverse engineering. However, existing methods based on the byte stream implement an indiscriminate feature extraction strategy, which ignores the byte function difference in different segments and fails to achieve targeted feature extraction for various byte semantic representation modes, resulting in byte semantic confusion. To address this issue, an enhanced adversarial byte function associated method for malware backdoor attack is proposed in this paper by categorizing various function bytes into three functions involving structure, code, and data. The Minhash algorithm, grayscale mapping, and state transition probability statistics… More >