Search Results (67)

The industrialization of cybercrime, principally through Malware-as-a-Service (MaaS), has elevated HTTP cookie theft to a critical cybersecurity challenge, enabling attackers to bypass multi-factor authentication and perpetrate large-scale account takeovers. Employing a Holistic and Integrative Review methodology, this paper dissects the intricate, adaptive ecosystem of MaaS-driven cookie theft. We systematically characterize the co-evolving arms race between offensive and defensive strategies (2020–2025), revealing a critical strategic asymmetry where attackers optimize for speed and low cost, while effective defenses demand significant resources. To shift security from a reactive to an anticipatory posture, a multi-dimensional predictive framework is not only proposed but is also detailed as a formalized, testable algorithm, integrating technical, economic, and behavioral indicators to forecast emerging threat trajectories. Our findings conclude that long-term security hinges on disrupting the underlying cybercriminal economic model; we therefore reframe proactive countermeasures like Zero-Trust principles and ephemeral tokens as economic weapons designed to devalue the stolen asset. Finally, the paper provides a prioritized, multi-year research roadmap and a practical decision-tree framework to guide the implementation of these advanced, collaborative cybersecurity strategies to counter this pervasive and evolving threat. Full article

As cyberattacks continue to rise in frequency and sophistication, extracting actionable Cyber Threat Intelligence (CTI) from diverse online sources has become critical for proactive threat detection and defense. However, accurately identifying complex entities from lengthy and heterogeneous threat reports remains challenging due to long-range dependencies and domain-specific terminology. To address this, we propose XLNet-CRF, a hybrid framework that combines permutation-based language modeling with structured prediction using Conditional Random Fields (CRF) to enhance Named Entity Recognition (NER) in cybersecurity contexts. XLNet-CRF directly addresses key challenges in CTI-NER by modeling bidirectional dependencies and capturing non-contiguous semantic patterns more effectively than traditional approaches. Comprehensive evaluations on two benchmark cybersecurity corpora validate the efficacy of our approach. On the CTI-Reports dataset, XLNet-CRF achieves a precision of 97.41% and an F1-score of 97.43%; on MalwareTextDB, it attains a precision of 85.33% and an F1-score of 88.65%—significantly surpassing strong BERT-based baselines in both accuracy and robustness. Full article

Edge computing (EC) faces unique security threats due to its distributed architecture, resource-constrained devices, and diverse applications, making it vulnerable to data breaches, malware infiltration, and device compromise. The mitigation strategies against EC data security threats include encryption, secure authentication, regular updates, tamper-resistant hardware, and lightweight security protocols. Physical Unclonable Functions (PUFs) are digital fingerprints for device authentication that enhance interconnected devices’ security due to their cryptographic characteristics. PUFs produce output responses against challenge inputs based on the physical structure and intrinsic manufacturing variations of an integrated circuit (IC). These challenge-response pairs (CRPs) enable secure and reliable device authentication. Our work implements the Arbiter PUF (APUF) on Altera Cyclone IV FPGAs installed on the ALINX AX4010 board. The proposed APUF has achieved performance metrics of 49.28% uniqueness, 38.6% uniformity, and 89.19% reliability. The robustness of the proposed APUF against machine learning (ML)-based modeling attacks is tested using supervised Support Vector Machines (SVMs), logistic regression (LR), and an ensemble of gradient boosting (GB) models. These ML models were trained over more than 19K CRPs, achieving prediction accuracies of 61.1%, 63.5%, and 63%, respectively, thus cementing the resiliency of the device against modeling attacks. However, the proposed APUF exhibited its vulnerability to Multi-Layer Perceptron (MLP) and random forest (RF) modeling attacks, with 95.4% and 95.9% prediction accuracies, gaining successful authentication. APUFs are well-suited for device authentication due to their lightweight design and can produce a vast number of challenge-response pairs (CRPs), even in environments with limited resources. Our findings confirm that our approach effectively resists widely recognized attack methods to model PUFs. Full article

The increasing prevalence of malicious Microsoft Office documents poses a significant threat to cybersecurity. Conventional methods of detecting these malicious documents often rely on prior knowledge of the document or the exploitation method employed, thus enabling the use of signature-based or rule-based approaches. Given the accelerated pace of change in the threat landscape, these methods are unable to adapt effectively to the evolving environment. Existing machine learning approaches are capable of identifying sophisticated features that enable the prediction of a file’s nature, achieving sufficient results on existing samples. However, they are seldom adequately prepared for the detection of new, advanced malware techniques. This paper proposes a novel approach to detecting malicious Microsoft Office documents by leveraging the power of large language models (LLMs). The method involves extracting textual content from Office documents and utilising advanced natural language processing techniques provided by LLMs to analyse the documents for potentially malicious indicators. As a supplementary tool to contemporary antivirus software, it is currently able to assist in the analysis of malicious Microsoft Office documents by identifying and summarising potentially malicious indicators with a foundation in evidence, which may prove to be more effective with advancing technology and soon to surpass tailored machine learning algorithms, even without the utilisation of signatures and detection rules. As such, it is not limited to Office Open XML documents, but can be applied to any maliciously exploitable file format. The extensive knowledge base and rapid analytical abilities of a large language model enable not only the assessment of extracted evidence but also the contextualisation and referencing of information to support the final decision. We demonstrate that Claude 3.5 Sonnet by Anthropic, provided with a substantial quantity of raw data, equivalent to several hundred pages, can identify individual malicious indicators within an average of five to nine seconds and generate a comprehensive static analysis report, with an average cost of USD 0.19 per request and an F1-score of 0.929. Full article

The escalating global incidence of malware presents critical cybersecurity threats to manufacturing, automation, and industrial process control systems. Given the fast-developing web applications and IoT devices in use by industry operations, securing a transparent and effective malware detection mechanism has become imperative to operational resilience and data integrity. Classical methods of malware detection are conventionally opaque “black boxes” with limited transparency, thus eroding trust and hindering deployment in security-sensitive contexts. In this respect, this research proposes MAL-XSEL—a malware detection framework using an explainable stacking ensemble learning approach for performing high-accuracy classification and interpretable decision-making. MAL-XSEL explicates the model predictions through Shapley additive explanations (SHAP) and local interpretable model-agnostic explanations (LIME), which enable security analysts to validate how the detection logic works and prioritize the features contributing to the most critical threats. Evaluated on two benchmark datasets, MAL-XSEL outperformed conventional machine learning models, achieving top accuracies of 99.62% (ClaMP dataset) and 99.16% (MalwareDataSet). Notably, it surpassed state-of-the-art algorithms such as LightGBM (99.52%), random forest (99.33%), and decision trees (98.89%) across both datasets while maintaining computational efficiency. A unique interaction of ensemble learning and XAI is employed for detection, not only with improved accuracy but also with interpretable insight into the behavior of malware, thereby allowing trust to be substantiated in an automated system. By closing the divide between performance and interpretability, MAL-XSEL enables cybersecurity practitioners to deploy transparent and auditable defenses against an ever-growing resource of threats. This work demonstrates how there can be no compromise on explainability in security-critical applications and, as such, establishes a roadmap for future research on industrial malware analysis tools. Full article

As today’s cybersecurity environment is becoming increasingly complex, it is crucial to analyse threats quickly and effectively. A delayed response or lack of foresight can lead to data loss, reputational damage, and operational disruptions. Therefore, developing methods that can rapidly extract valuable threat intelligence is a critical need to strengthen defence strategies and minimise potential damage. This paper presents an innovative approach that integrates knowledge graphs and a fine-tuned BERT-based model to analyse cyber threat intelligence (CTI) data. The proposed system extracts cyber entities such as threat actors, malware, campaigns, and targets from unstructured threat reports and establishes their relationships using an ontology-driven framework. A named entity recognition dataset was created and a BERT-based model was trained. To address the class imbalance, oversampling and a focal loss function were applied, achieving an F1 score of 96%. The extracted entities and relationships were visualised and analysed using knowledge graphs, enabling the advanced threat analysis and prediction of potential attack targets. This approach enhances cyber-attack prediction and prevention through knowledge graphs. Full article

This study investigates the integration of diverse data modalities within deep learning ensembles for Android malware classification. Android applications can be represented as binary images and function call graphs, each offering complementary perspectives on the executable. We synthesise these modalities by combining predictions from convolutional and graph neural networks with a multilayer perceptron. Empirical results demonstrate that multimodal models outperform their unimodal counterparts while remaining highly efficient. For instance, integrating a plain CNN with 83.1% accuracy and a GCN with 80.6% accuracy boosts overall accuracy to 88.3%. DenseNet-GIN achieves 90.6% accuracy, with no further improvement obtained by expanding this ensemble to four models. Based on our findings, we advocate for the flexible development of modalities to capture distinct aspects of applications and for the design of algorithms that effectively integrate this information. Full article

Android’s open-source nature, combined with its large market share, has made it a primary target for malware developers. Consequently, there is a dramatic need for effective Android malware detection methods. This paper suggests a novel fuzzy rank-based fusion approach for Android malware detection (ANDFRF). The suggested ANDFRF primarily consists of two steps: in the first step, five machine learning algorithms, comprising K-Nearest Neighbor (KNN), Support Vector Machine (SVM), Logistic Regression (LR), XGbooost (XGB) and Light Gradient Boosting Machine (LightGBM), were utilized as base classifiers for the initial identification of Android Apps either as goodware or malware apps. Second, the fuzzy rank-based fusion approach was employed to adaptively integrate the classification results obtained from the base machine learning algorithms. By leveraging rankings instead of explicit class labels, the proposed ANDFRF method reduces the impact of anomalies and noisy predictions, leading to more accurate ensemble outcomes. Furthermore, the rankings reflect the relative importance or acceptance of each class across multiple classifiers, providing deeper insights into the ensemble’s decision-making process. The proposed framework was validated on two publicly accessible datasets, CICAndMal2020 and DREBIN, with a 5-fold cross-validation technique. The proposed ensemble framework achieves a classification accuracy of 95.51% and an AUC of 95.40% on the DREBIN dataset. On the CICAndMal2020 LBC dataset, it attains an accuracy of 95.31% and an AUC of 95.30%. Experimental results demonstrate that the proposed scheme is both efficient and effective for Android malware detection. Full article

Android malware detection remains a critical issue for mobile security. Cybercriminals target Android since it is the most popular smartphone operating system (OS). Malware detection, analysis, and classification have become diverse research areas. This paper presents a smart sensing model based on large language models (LLMs) for developing and classifying network traffic-based Android malware. The network traffic that constantly connects Android apps may contain harmful components that may damage these apps. However, one of the main challenges in developing smart sensing systems for malware analysis is the scarcity of traffic data due to privacy concerns. To overcome this, a two-step smart sensing model Syn-detect is proposed. The first step involves generating synthetic TCP malware traffic data with malicious content using GPT-2. These data are then preprocessed and used in the second step, which focuses on malware classification. This phase leverages a fine-tuned LLM, Bidirectional Encoder Representations from Transformers (BERT), with classification layers. BERT is responsible for tokenization, generating word embeddings, and classifying malware. The Syn-detect model was tested on two Android malware datasets: CIC-AndMal2017 and CIC-AAGM2017. The model achieved an accuracy of 99.8% on CIC-AndMal2017 and 99.3% on CIC-AAGM2017. The Matthew’s Correlation Coefficient (MCC) values for the predictions were 99% for CIC-AndMal2017 and 98% for CIC-AAGM2017. These results demonstrate the strong performance of the Syn-detect smart sensing model. Compared to the latest research in Android malware classification, the model outperformed other approaches, delivering promising results. Full article

Smartphones are intricately connected to the modern society. The two widely used mobile phone operating systems, iOS and Android, profoundly affect the lives of millions of people. Android presently holds a market share of close to 71% among these two. As a result, if personal information is not securely protected, it is at tremendous risk. On the other hand, mobile malware has seen a year-on-year increase of more than 42% globally in 2022 mid-year. Any group of human professionals would have a very tough time detecting and removing all of this malware. For this reason, deep learning in particular has been used recently to overcome this problem. Deep learning models, however, were primarily created for picture analysis. Despite the fact that these models have shown promising findings in the field of vision, it has been challenging to fully comprehend what the characteristics recovered by deep learning models are in the area of malware. Furthermore, the actual potential of deep learning for malware analysis has not yet been fully realized due to the translation invariance trait of well-known models based on CNN. In this paper, we present ViTDroid, a novel model based on vision transformers for the deep learning-based analysis of opcode sequences of Android malware samples from large real-world datasets. We have been able to achieve a false positive rate of 0.0019 as compared to the previous best of 0.0021. However, this incremental improvement is not the major contribution of our work. Our model aims to make explainable predictions, i.e., it not only performs the classification of malware with high accuracy, but it also provides insights into the reasons for this classification. The model is able to pinpoint the malicious behavior-causing instructions in the malware samples. This means that our model can actually aid in the field of malware analysis itself by providing insights to human experts, thus leading to further improvements in this field. Full article

Industrial control systems (ICSs) are critical components automating the processes and operations of electromechanical systems. These systems are vulnerable to cyberattacks and can be the targets of malicious activities. With increased internet connectivity and integration with the Internet of Things (IoT), ICSs become more vulnerable to cyberattacks, which can have serious consequences, such as service interruption, financial losses, and security hazards. Threat actors target these systems with sophisticated attacks that can cause devastating damage. Cybersecurity vulnerabilities in ICSs have recently led to increasing cyberattacks and malware exploits. Hence, this paper proposes to develop a security solution with dynamic and adaptive deceptive patching strategies based on studies on the use of deceptive patches against attackers in industrial control systems. Within the present study’s scope, brief information on the adversarial training method and window size manipulation will be presented. It will emphasize how these methods can be integrated into industrial control systems and how they can increase cybersecurity by combining them with deceptive patch solutions. The discussed techniques represent an approach to improving the network and system security by making it more challenging for attackers to predict their targets and attack methods. The acquired results demonstrate that the suggested hybrid method improves the application of deception to software patching prediction, reflecting enhanced patch security. Full article

The key point in the process of agent-based management in e-service for malware detection (according to accuracy criteria) is a decision-making process. To determine the optimal e-service for malware detection, two concepts were investigated: Fuzzy Logic (FL) and Probabilistic Neural Networks (PNN). In this study, three evolutionary variants of fuzzy partitioning, including regular, hierarchical fuzzy partitioning, and k-means, were used to automatically process the design of the fuzzy partition. Also, this study demonstrates the application of a feature selection method to reduce the dimensionality of the data by removing irrelevant features to create fuzzy logic in a dataset. The behaviors of malware are analyzed by fuzzifying relevant features for pattern recognition. The Apriori algorithm was applied to the fuzzified features to find the fuzzy-based rules, and these rules were used for predicting the output of malware detection e-services. Probabilistic neural networks were also used to find the ideal agent-based model for numerous classification problems. The numerical results show that the agent-based management performances trained with the clustering method achieve an accuracy of 100% with the PNN-MCD model. This is followed by the FL model, which classifies on the basis of linguistic variables and achieves an average accuracy of 82%. Full article

Reports produced by popular malware analysis services showed a disparity in samples available for different malware families. The unequal distribution between such classes can be attributed to several factors, such as technological advances and the application domain that seeks to infect a computer virus. Recent studies have demonstrated the effectiveness of deep learning (DL) algorithms when learning multi-class classification tasks using imbalanced datasets. This can be achieved by updating the learning function such that correct and incorrect predictions performed on the minority class are more rewarded or penalized, respectively. This procedure can be logically implemented by leveraging the deep reinforcement learning (DRL) paradigm through a proper formulation of the Markov decision process (MDP). This paper proposes SINNER, i.e., a DRL-based multi-class classifier that approaches the data imbalance problem at the algorithmic level by exploiting a redesigned reward function, which modifies the traditional MDP model used to learn this task. Based on the experimental results, the proposed formula appears to be successful. In addition, SINNER has been compared to several DL-based models that can handle class skew without relying on data-level techniques. Using three out of four datasets sourced from the existing literature, the proposed model achieved state-of-the-art classification performance. Full article

For malicious purposes, attackers hide malware in the software used by their victims. New malware is continuously being shared on the Internet, which differs both in terms of the type of malware and method of damage. When new malware is discovered, it is possible to check whether there has been similar malware in the past and to use the old malware to counteract the new malware; however, it is difficult to check the maliciousness and similarity of all software. Thus, deep learning technology can be used to efficiently detect and classify malware. This study improves this technology’s accuracy by converting static features, which are binary data, into images and by converting time-series data, such as API call sequences, which are dynamic data with different lengths for each datum, into data with fixed lengths. We propose a system that combines AI-based malware detection and classification systems trained on both static and dynamic features. The experimental results showed a detection accuracy of 99.34%, a classification accuracy of 95.1%, and a prediction speed of approximately 0.1 s. Full article

Cybercrime threat intelligence enables proactive measures against threat actors and informed, data-driven security decisions. This study proposes a practical implementation of cybercrime threat intelligence in the Arab world by integrating Indicators of Compromise and collecting security alerts from honeypot systems and open-source intelligence. The data collected are stored on the Malware Information Sharing Platform, an open-source platform used to create and share Indicators of Compromise. This study highlights the intuitive interface of the Malware Information Sharing Platform for data analysis, threat identification, and the correlation of Indicators of Compromise. In addition, machine learning techniques are applied to improve predictive accuracy and identify patterns in the data. The decision tree classifier achieves a high accuracy of 99.79%, and the results reveal significant potential cyber-threats, demonstrating the effectiveness of the platform in providing actionable information to prevent, detect, and respond to cybercrime. This approach aims to improve the security posture of the Arab region. Full article