ACAMA: Deep Learning-Based Detection and Classification of Android Malware Using API-Based Features

As a great number of IoT and mobile devices are used in our daily lives, the security of mobile devices is being important than ever. If mobile devices which play a key role in connecting devices are exploited by malware to perform malicious behaviors, this can cause serious damage to other devices as well. Hence, a huge research effort has been put forward to prevent such situation. Among them, many studies attempted to detect malware based on APIs used in malware. In general, they showed the high accuracy in detecting malware, but they could not classify malware into detailed categories because their detection mechanisms do not consider the characteristics of each malware category. In this paper, we propose a malware detection and classification approach, named ACAMA, that can detect malware and categorize them with high accuracy. To show the effectiveness of ACAMA, we implement and evaluate it with previously proposed approaches. Our evaluation results demonstrate that ACAMA detects malware with 26% higher accuracy than a previous work. In addition, we show that ACAMA can successfully classify applications that another previous work, AVClass, cannot classify.

Detecting Malicious DNS over HTTPs (DoH) Connections via Machine Learning Techniques

DoH is a modern protocol used as an alternative to the existing DNS protocol, which provides confidentiality and integrity to DNS functions by using protected channels. Since this kind of connection can pass through the current protection systems, it can be used for spreading malicious software. There is a need to find defense mechanisms that can detect and prevent these forms of malicious behaviors. In this study, we propose a method to classify malicious DoH connections using machine learning techniques, and we propose a feature selection process which reduced the number of used features till 27% of the total 33 features, and resulted improved the detection level of the malicious DoH connections. The study involves employing twelve different supervised machine learning classifiers, and the designed feature selection process used 8 different feature selection methods based on machine learning techniques for counting the importance of the features. The reached results were promising since the accuracy scores were about 100% in detecting malicious DoH connections.

The Predicting and Prevention of Malware from Cyber Hacking Breaches in Online Social Network

Analyzing cyber incident information units is an essential approach for deepening our information of the evolution of the risk situation. This is a notably new studies topic, and plenty of research continue to be to be done. In this paper, we record a statistical evaluation of a breach incident information set similar to 12 years (2005–2017) of cyber hacking sports that encompass malware attacks. We display that, in evaluation to the findings suggested withinside the literature, each hacking breach incident inter-arrival instances and breach sizes need to be modeled through stochastic processes, instead of through distributions due to the fact they show off autocorrelations. Then, we recommend specific stochastic method fashions to, respectively, match the inter-arrival instances and the breach sizes. In this paper we be aware that, through reading their actions, we are able to classify malware right into a small quantity of Behavioral classes, every of which plays a restrained set of misbehaviors that signify them. These misbehaviors may be described through tracking capabilities belonging to exclusive platforms. In this paper we gift a singular host-primarily based totally malware detection machine in OSN which concurrently analyzes and correlates capabilities at 4 levels: kernel, application, person and package, to come across and prevent malicious behaviors. It has been designed to do not forget the ones behaviors traits of virtually each actual malware which may be observed withinside the wild. This prototype detects and efficaciously blocks greater than 96% of malicious apps, which come from 3 massive datasets with approximately 2,800 apps, through exploiting the cooperation of parallel classifiers and a behavioral signature-primarily based totally detector. Keywords: Cyber security, Malware, Emerging technology trends, Emerging cyber threats, Cyber attacks and countermeasures

Detection of Username Enumeration Attack on SSH Protocol: Machine Learning Approach

Over the last two decades (2000–2020), the Internet has rapidly evolved, resulting in symmetrical and asymmetrical Internet consumption patterns and billions of users worldwide. With the immense rise of the Internet, attacks and malicious behaviors pose a huge threat to our computing environment. Brute-force attack is among the most prominent and commonly used attacks, achieved out using password-attack tools, a wordlist dictionary, and a usernames list—obtained through a so-called an enumeration attack. In this paper, we investigate username enumeration attack detection on SSH protocol by using machine-learning classifiers. We apply four asymmetrical classifiers on our generated dataset collected from a closed-environment network to build machine-learning-based models for attack detection. The use of several machine-learners offers a wider investigation spectrum of the classifiers’ ability in attack detection. Additionally, we investigate how beneficial it is to include or exclude network ports information as features-set in the process of learning. We evaluated and compared the performances of machine-learning models for both cases. The models used are k-nearest neighbor (K-NN), naïve Bayes (NB), random forest (RF) and decision tree (DT) with and without ports information. Our results show that machine-learning approaches to detect SSH username enumeration attacks were quite successful, with KNN having an accuracy of 99.93%, NB 95.70%, RF 99.92%, and DT 99.88%. Furthermore, the results improve when using ports information.

Malicious Powershell Detection Using Graph Convolution Network

The internet’s rapid growth has resulted in an increase in the number of malicious files. Recently, powershell scripts and Windows portable executable (PE) files have been used in malicious behaviors. To solve these problems, artificial intelligence (AI) based malware detection methods have been widely studied. Among AI techniques, the graph convolution network (GCN) was recently introduced. Here, we propose a malicious powershell detection method using a GCN. To use the GCN, we needed an adjacency matrix. Therefore, we proposed an adjacency matrix generation method using the Jaccard similarity. In addition, we show that the malicious powershell detection rate is increased by approximately 8.2% using GCN.

V-Lattice: A Lightweight Blockchain Architecture Based on DAG-Lattice Structure for Vehicular Ad Hoc Networks

With the development of wireless communication technology and the automobile industry, the Vehicular Ad Hoc Networks bring many conveniences to humans in terms of safety and entertainment. In the process of communication between the nodes, security problems are the main concerns. Blockchain is a decentralized distributed technology used in nonsecure environments. Using blockchain technology in the VANETs can solve the security problems. However, the characteristics of highly dynamic and resource-constrained VANETs make the traditional chain blockchain system not suitable for actual VANETs scenarios. Therefore, this paper proposes a lightweight blockchain architecture using DAG-lattice structure for VANETs, called V-Lattice. In V-Lattice, each node (vehicle or roadside unit) has its own account chain. The transactions they generated can be added to the blockchain asynchronously and parallelly, and resource-constrained vehicles can store the pruned blockchain and execute blockchain related operations normally. At the same time, in order to encourage more nodes to participate in the blockchain, a reputation-based incentive mechanism is introduced in V-Lattice. This paper uses Colored Petri Nets to verify the security of the architecture and verifies the feasibility of PoW anti-spam through experiment. The validation results show that the architecture proposed in this paper is security, and it is feasible to prevent nodes from generating malicious behaviors by using PoW anti-spam.

Procedural Justice and Employees’ Commitment in Selected Hospitals in Rivers State

Justice perception can influence employees' attitudes and behaviors for good or bad, and in turn, have a positive or negative impact on the employees' performance and the organization's success. The purpose of this study was to identify the roles of procedural justice toward employee commitment. It also examined the relationship between procedural justice and employee commitment. A convenience sampling was used on the sample size of 200 studied. The results of correlation analysis show that there is a significant positive relationship between procedural justice and employee commitment. The study concludes that employees who perceive unfairness in the workplace may exhibit varying degrees of malicious behaviors. This study provides guidelines for organization management and better ways to reduce employee turnover.

Insider Threats

Violence threat and insider threat assessment rely on successfully identifying, interpreting, and responding to concerning or malicious behaviors before egregious harm is done. Both types of threats benefit from multidisciplinary teams of experts skillfully putting together data points before physical, emotional, financial, reputational, or informational harm occurs. Usually the identified character (e.g., decision-making, interpersonal style, work style), stressors, and concerning behaviors demonstrated do not clearly indicate whether a person will assault coworkers, steal classified/proprietary information, sabotage systems, or proceed normally as a responsible employee. Empirically based risk factors and threat indicators provide opportunities to evaluate potential threats more appropriately earlier in the assessment process. This chapter is an overview of insider threat definitions and programs, what it takes to become an insider threat, and how research psychologists bring rigorous science to insider threat detection, providing a solid understanding of what is known and not known about nonviolent insider threats.

Why an Android App Is Classified as Malware

Machine learning–(ML) based approach is considered as one of the most promising techniques for Android malware detection and has achieved high accuracy by leveraging commonly used features. In practice, most of the ML classifications only provide a binary label to mobile users and app security analysts. However, stakeholders are more interested in the reason why apps are classified as malicious in both academia and industry. This belongs to the research area of interpretable ML but in a specific research domain (i.e., mobile malware detection). Although several interpretable ML methods have been exhibited to explain the final classification results in many cutting-edge Artificial Intelligent–based research fields, until now, there is no study interpreting why an app is classified as malware or unveiling the domain-specific challenges. In this article, to fill this gap, we propose a novel and interpretable ML-based approach (named XMal ) to classify malware with high accuracy and explain the classification result meanwhile. (1) The first classification phase of XMal hinges multi-layer perceptron and attention mechanism and also pinpoints the key features most related to the classification result. (2) The second interpreting phase aims at automatically producing neural language descriptions to interpret the core malicious behaviors within apps. We evaluate the behavior description results by leveraging a human study and an in-depth quantitative analysis. Moreover, we further compare XMal with the existing interpretable ML-based methods (i.e., Drebin and LIME) to demonstrate the effectiveness of XMal . We find that XMal is able to reveal the malicious behaviors more accurately. Additionally, our experiments show that XMal can also interpret the reason why some samples are misclassified by ML classifiers. Our study peeks into the interpretable ML through the research of Android malware detection and analysis.

A LSTM-Based Anomaly Detection Model for Log Analysis

Security devices produce huge number of logs which are far beyond the processing speed of human beings. This paper introduces an unsupervised approach to detecting anomalous behavior in large scale security logs. We propose a novel feature extracting mechanism and could precisely characterize the features of malicious behaviors. We design a LSTM-based anomaly detection approach and could successfully identify attacks on two widely-used datasets. Our approach outperforms three popular anomaly detection algorithms, one-class SVM, GMM and Principal Components Analysis, in terms of accuracy and efficiency.