Younghoon Ban, Myeonghyun Kim, Haehyun Cho^*

CMES-Computer Modeling in Engineering & Sciences, Vol.139, No.3, pp. 3535-3563, 2024, DOI:10.32604/cmes.2023.046658

Abstract Antivirus vendors and the research community employ Machine Learning (ML) or Deep Learning (DL)-based static analysis techniques for efficient identification of new threats, given the continual emergence of novel malware variants. On the other hand, numerous researchers have reported that Adversarial Examples (AEs), generated by manipulating previously detected malware, can successfully evade ML/DL-based classifiers. Commercial antivirus systems, in particular, have been identified as vulnerable to such AEs. This paper firstly focuses on conducting black-box attacks to circumvent ML/DL-based malware classifiers. Our attack method utilizes seven different perturbations, including Overlay Append, Section Append, and Break Checksum, capitalizing on the ambiguities present… More >

Zhiguo Chen^1,2,*, Jiabing Cao^1,2

CMC-Computers, Materials & Continua, Vol.75, No.2, pp. 4445-4465, 2023, DOI:10.32604/cmc.2023.038639

Abstract The Corona Virus Disease 2019 (COVID-19) effect has made telecommuting and remote learning the norm. The growing number of Internet-connected devices provides cyber attackers with more attack vectors. The development of malware by criminals also incorporates a number of sophisticated obfuscation techniques, making it difficult to classify and detect malware using conventional approaches. Therefore, this paper proposes a novel visualization-based malware classification system using transfer and ensemble learning (VMCTE). VMCTE has a strong anti-interference ability. Even if malware uses obfuscation, fuzzing, encryption, and other techniques to evade detection, it can be accurately classified into its corresponding malware family. Unlike traditional… More >

Ahmad Moawad^*, Ahmed Ismail Ebada, Aya M. Al-Zoghby

Journal of Cyber Security, Vol.4, No.3, pp. 169-184, 2022, DOI:10.32604/jcs.2022.033537

Abstract In computer security, the number of malware threats is increasing and causing damage to systems for individuals or organizations, necessitating a new detection technique capable of detecting a new variant of malware more efficiently than traditional anti-malware methods. Traditional anti-malware software cannot detect new malware variants, and conventional techniques such as static analysis, dynamic analysis, and hybrid analysis are time-consuming and rely on domain experts. Visualization-based malware detection has recently gained popularity due to its accuracy, independence from domain experts, and faster detection time. Visualization-based malware detection uses the image representation of the malware binary and applies image processing techniques… More >

Le Duc Thuan^1,2,*, Pham Van Huong², Hoang Van Hiep¹, Nguyen Kim Khanh¹

Computer Systems Science and Engineering, Vol.45, No.3, pp. 2741-2759, 2023, DOI:10.32604/csse.2023.033420

Abstract Android malware has exploded in popularity in recent years, due to the platform’s dominance of the mobile market. With the advancement of deep learning technology, numerous deep learning-based works have been proposed for the classification of Android malware. Deep learning technology is designed to handle a large amount of raw and continuous data, such as image content data. However, it is incompatible with discrete features, i.e., features gathered from multiple sources. Furthermore, if the feature set is already well-extracted and sparsely distributed, this technology is less effective than traditional machine learning. On the other hand, a wide learning model can… More >

Mohammed Maray¹, Hamed Alqahtani², Saud S. Alotaibi³, Fatma S. Alrayes⁴, Nuha Alshuqayran⁵, Mrim M. Alnfiai⁶, Amal S. Mehanna⁷, Mesfer Al Duhayyim^8,*

CMC-Computers, Materials & Continua, Vol.74, No.2, pp. 3101-3115, 2023, DOI:10.32604/cmc.2023.032969

Abstract Cloud Computing (CC) is the most promising and advanced technology to store data and offer online services in an effective manner. When such fast evolving technologies are used in the protection of computer-based systems from cyberattacks, it brings several advantages compared to conventional data protection methods. Some of the computer-based systems that effectively protect the data include Cyber-Physical Systems (CPS), Internet of Things (IoT), mobile devices, desktop and laptop computer, and critical systems. Malicious software (malware) is nothing but a type of software that targets the computer-based systems so as to launch cyber-attacks and threaten the integrity, secrecy, and accessibility… More >

Lojain Nahhas¹, Marwan Albahar^1,*, Abdullah Alammari², Anca Jurcut³

CMC-Computers, Materials & Continua, Vol.74, No.2, pp. 3997-4014, 2023, DOI:10.32604/cmc.2023.028316

Abstract There has been an increase in attacks on mobile devices, such as smartphones and tablets, due to their growing popularity. Mobile malware is one of the most dangerous threats, causing both security breaches and financial losses. Mobile malware is likely to continue to evolve and proliferate to carry out a variety of cybercrimes on mobile devices. Mobile malware specifically targets Android operating system as it has grown in popularity. The rapid proliferation of Android malware apps poses a significant security risk to users, making static and manual analysis of malicious files difficult. Therefore, efficient identification and classification of Android malicious… More >

Jun-Seob Kim, Ki-Woong Park^*

CMC-Computers, Materials & Continua, Vol.72, No.2, pp. 3401-3424, 2022, DOI:10.32604/cmc.2022.026621

Abstract A ransomware attack that interrupted the operation of Colonial Pipeline (a large U.S. oil pipeline company), showed that security threats by malware have become serious enough to affect industries and social infrastructure rather than individuals alone. The agents and characteristics of attacks should be identified, and appropriate strategies should be established accordingly in order to respond to such attacks. For this purpose, the first task that must be performed is malware classification. Malware creators are well aware of this and apply various concealment and avoidance techniques, making it difficult to classify malware. This study focuses on new features and classification… More >

Pagnchakneat C. Ouk¹, Wooguil Pak^2,*

CMC-Computers, Materials & Continua, Vol.72, No.1, pp. 381-398, 2022, DOI:10.32604/cmc.2022.024540

Abstract Although Android becomes a leading operating system in market, Android users suffer from security threats due to malwares. To protect users from the threats, the solutions to detect and identify the malware variant are essential. However, modern malware evades existing solutions by applying code obfuscation and native code. To resolve this problem, we introduce an ensemble-based malware classification algorithm using malware family grouping. The proposed family grouping algorithm finds the optimal combination of families belonging to the same group while the total number of families is fixed to the optimal total number. It also adopts unified feature extraction technique for… More >

Liwei Wang^1,2,3, Jiankun Sun^1,2,3, Xiong Luo^1,2,3,*, Xi Yang⁴

CMES-Computer Modeling in Engineering & Sciences, Vol.130, No.2, pp. 1003-1016, 2022, DOI:10.32604/cmes.2022.018492

Abstract With the development of information technology, malware threats to the industrial system have become an emergent issue, since various industrial infrastructures have been deeply integrated into our modern works and lives. To identify and classify new malware variants, different types of deep learning models have been widely explored recently. Generally, sufficient data is usually required to achieve a well-trained deep learning classifier with satisfactory generalization ability. However, in current practical applications, an ample supply of data is absent in most specific industrial malware detection scenarios. Transfer learning as an effective approach can be used to alleviate the influence of the… More >

Hae-Seon Jeong¹, Jin Kwak^2,*

Intelligent Automation & Soft Computing, Vol.32, No.1, pp. 467-481, 2022, DOI:10.32604/iasc.2022.021038

Abstract Owing to the development of next-generation network and data processing technologies, massive Internet of Things (IoT) devices are becoming hyperconnected. As a result, Linux malware is being created to attack such hyperconnected networks by exploiting security threats in IoT devices. To determine the potential threats of such Linux malware and respond effectively, malware classification through an analysis of the executed code is required; however, a limitation exists in that each heterogeneous architecture must be analyzed separately. However, the binary codes of a heterogeneous architecture can be translated to a high-level intermediate representation (IR) of the same format using binary lifting… More >