Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
9.1
Journals
JCP
Special Issues
Intrusion/Malware Detection and Prevention in Networks—2nd Edition
share announcement

Intrusion/Malware Detection and Prevention in Networks—2nd Edition

A special issue of Journal of Cybersecurity and Privacy (ISSN 2624-800X). This special issue belongs to the section "Security Engineering & Applications".

Deadline for manuscript submissions: 10 March 2026 | Viewed by 6657

Special Issue Editors

Prof. Dr. Feng Wang

E-Mail Website
Guest Editor
School of Engineering, Liberty University, Lynchburg, VA 24515, USA
Interests: intrusion detection systems; machine learning; cyber security; IoT security and privacy internet measurement
Special Issues, Collections and Topics in MDPI journals
Prof. Dr. Yongning Tang

E-Mail Website
Guest Editor
School Information Technology, Illinois State University, Normal, IL 61790, USA
Interests: network security; artificial intelligence; adaptive learning
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

This Special Issue is focused on the detection of intrusion and malware attacks on communication and networks, future Internet architectures, 5G and beyond wireless networks, enterprises, data centers, edge and cloud networks, software-defined networking (SDN), optical networks, the Internet and IoT-scale networks. We welcome the submission of papers on the following topics:

  • Distributed denial-of-service (DDoS) attack and defense;
  • Explainable prevention strategies;
  • Profiling normal or abnormal system behaviors;
  • Metrics for evaluating the effectiveness of intrusion detection techniques;
  • Access control;
  • Biometrics;
  • Jamming attack and defense;
  • Trojan attack and defense;
  • Viruses and malware;
  • Covert channel detection;
  • Malware and unwanted software

Prof. Dr. Feng Wang
Prof. Dr. Yongning Tang
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 250 words) can be sent to the Editorial Office for assessment.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Journal of Cybersecurity and Privacy is an international peer-reviewed open access quarterly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1200 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • distributed denial-of-service (DDoS) attack and defense
  • explainable prevention strategies
  • profiling normal or abnormal system behaviors
  • metrics for evaluating the effectiveness of intrusion detection techniques
  • access control
  • biometrics
  • jamming attack and defense
  • trojan attack and defense
  • viruses and malware
  • covert channel detection
  • malware and unwanted software

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • Reprint: MDPI Books provides the opportunity to republish successful Special Issues in book format, both online and in print.

Further information on MDPI's Special Issue policies can be found here.

Related Special Issue

Published Papers (5 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

40 pages, 5207 KB  
Article
Integrated Analysis of Malicious Software: Insights from Static and Dynamic Perspectives
by Maria-Mădălina Andronache, Alexandru Vulpe and Corneliu Burileanu
J. Cybersecur. Priv. 2025, 5(4), 98; https://doi.org/10.3390/jcp5040098 - 10 Nov 2025
Viewed by 585
Abstract
Malware remains one of the most persistent and evolving threats to cybersecurity, necessitating robust analysis techniques to understand and mitigate its impact. This study presents a comprehensive analysis of selected malware samples using both static and dynamic analysis techniques. In the static phase, [...] Read more.
Malware remains one of the most persistent and evolving threats to cybersecurity, necessitating robust analysis techniques to understand and mitigate its impact. This study presents a comprehensive analysis of selected malware samples using both static and dynamic analysis techniques. In the static phase, file structure, embedded strings, and code signatures were examined, while in the dynamic analysis phase, the malware was executed in a virtual sandbox environment to observe process creation, network communication, and file system changes. By combining these two approaches, various types of malware files could be characterized and have their key elements revealed. This improved the understanding of the code capabilities and evasive behaviors of malicious files. The goal of these analyses was to create a database of malware profiling tools and tools that can be utilized to identify and analyze malware. The results demonstrate that integrating static and dynamic methodologies improves the accuracy of malware profiling and supports more effective threat detection and incident response strategies. Full article
(This article belongs to the Special Issue Intrusion/Malware Detection and Prevention in Networks—2nd Edition)
Show Figures

Figure 1

23 pages, 1019 KB  
Article
Simulating Collaboration in Small Modular Nuclear Reactor Cybersecurity with Agent-Based Models
by Michael B. Zamperini and Diana J. Schwerha
J. Cybersecur. Priv. 2025, 5(4), 83; https://doi.org/10.3390/jcp5040083 - 3 Oct 2025
Viewed by 949
Abstract
This study proposes methods of computer simulation to study and optimize the cybersecurity of Small Modular Nuclear Reactors (SMRs). SMRs hold the potential to help build a clean and sustainable power grid but will struggle to gain widespread adoption without public confidence in [...] Read more.
This study proposes methods of computer simulation to study and optimize the cybersecurity of Small Modular Nuclear Reactors (SMRs). SMRs hold the potential to help build a clean and sustainable power grid but will struggle to gain widespread adoption without public confidence in their security. SMRs are emerging technologies and potentially carry higher cyber threats due to remote operations, large numbers of cyber-physical systems, and cyber connections with other industrial concerns. A method of agent-based computer simulations to model the effects, or payoff, of collaboration between cyber defenders, power plants, and cybersecurity vendors is proposed to strengthen SMR cybersecurity as these new power generators enter into the market. The agent-based model presented in this research is intended to illustrate the potential of using simulation to model a payoff function for collaborative efforts between stakeholders. Employing simulation to heighten cybersecurity will help to safely leverage the potential of SMRs in a modern and low-emission energy grid. Full article
(This article belongs to the Special Issue Intrusion/Malware Detection and Prevention in Networks—2nd Edition)
Show Figures

Figure 1

27 pages, 1175 KB  
Article
Microarchitectural Malware Detection via Translation Lookaside Buffer (TLB) Events
by Cristian Agredo, Daniel F. Koranek, Christine M. Schubert Kabban, Jose A. Gutierrez del Arroyo and Scott R. Graham
J. Cybersecur. Priv. 2025, 5(3), 75; https://doi.org/10.3390/jcp5030075 - 17 Sep 2025
Viewed by 929
Abstract
Prior work has shown that Translation Lookaside Buffer (TLB) data contains valuable behavioral information. Many existing methodologies rely on timing features or focus solely on workload classification. In this study, we propose a novel approach to malware classification using only TLB-related Hardware Performance [...] Read more.
Prior work has shown that Translation Lookaside Buffer (TLB) data contains valuable behavioral information. Many existing methodologies rely on timing features or focus solely on workload classification. In this study, we propose a novel approach to malware classification using only TLB-related Hardware Performance Counters (HPCs), explicitly excluding any dependence on timing features such as task execution duration or memory access timing. Our methodology evaluates whether TLB data alone, without any timing information, can effectively distinguish between malicious and benign programs. We test this across three classification scenarios: (1) A binary classification problem involving distinguishing malicious from benign tasks, (2) a 4-way classification problem designed to improve separability, and (3) a 10-way classification problem with classes of individual benign and malware tasks. Our results demonstrate that even without execution time or memory access timing, TLB events achieve up to 81% accuracy for the binary, and 72% accuracy for the 4-class grouping, and 61% accuracy for the 10-class grouping. These findings demonstrate that time-independent TLB patterns can serve as robust behavioral signatures. This work expands the understanding of microarchitectural side effects by demonstrating that TLB-only features, independent of timing-based techniques, can be effectively used for real-world malware detection. Full article
(This article belongs to the Special Issue Intrusion/Malware Detection and Prevention in Networks—2nd Edition)
Show Figures

Figure 1

11 pages, 610 KB  
Article
Structured Heatmap Learning for Multi-Family Malware Classification: A Deep and Explainable Approach Using CAPEv2
by Oussama El Rhayati, Hatim Essadeq, Omar El Beqqali, Hamid Tairi, Mohamed Lamrini and Jamal Riffi
J. Cybersecur. Priv. 2025, 5(3), 72; https://doi.org/10.3390/jcp5030072 - 10 Sep 2025
Viewed by 937
Abstract
Accurate malware family classification from dynamic sandbox reports continues to be a fundamental cybersecurity challenge. Most prior works depend on random splits that tend to overestimate accuracy, whereas deployment requires robustness under temporal drift as well as changing behaviors. We present a leakage-aware [...] Read more.
Accurate malware family classification from dynamic sandbox reports continues to be a fundamental cybersecurity challenge. Most prior works depend on random splits that tend to overestimate accuracy, whereas deployment requires robustness under temporal drift as well as changing behaviors. We present a leakage-aware pipeline that transforms CAPEv2 sandbox JSON reports into structured visual heatmaps and evaluate models under stratified and chronological splits. The pipeline rigorously flattens behavioral keys, builds normalized representations, and benchmarks Random Forest, MLP, CNN64, HybridNet, and a modern ResNeXt-50 backbone. On the Avast–CTU CAPEv2 dataset containing ten malware families, Random Forest achieves nearly state-of-the-art accuracy (97.2% accuracy, 0.993 AUC) with high efficiency on CPUs, making it attractive for triage. ResNeXt-50 achieves the best overall performance (98.4% accuracy, 0.998 AUC) and provides visual interpretability via Grad-CAM, enabling analysts to verify predictions. We further quantify efficiency trade-offs (inference throughput and GPU memory) and report ablation studies on vocabulary size and keyset choices. These results affirm that though ensemble methods are still robust, heatmap-based CNNs provide better accuracy, interpretability, and robustness against drift. Full article
(This article belongs to the Special Issue Intrusion/Malware Detection and Prevention in Networks—2nd Edition)
Show Figures

Figure 1

19 pages, 1079 KB  
Article
An Approach for Anomaly Detection in Network Communications Using k-Path Analysis
by Mamadou Kasse, Rodolphe Charrier, Alexandre Berred, Cyrille Bertelle and Christophe Delpierre
J. Cybersecur. Priv. 2024, 4(3), 449-467; https://doi.org/10.3390/jcp4030022 - 19 Jul 2024
Cited by 3 | Viewed by 2000
Abstract
In this paper, we present an innovative approach inspired by the Path-scan model to detect paths with k adjacent edges (k-path) exhibiting unusual behavior (synonymous with anomaly) within network communications. This work is motivated by the challenge of identifying malicious activities [...] Read more.
In this paper, we present an innovative approach inspired by the Path-scan model to detect paths with k adjacent edges (k-path) exhibiting unusual behavior (synonymous with anomaly) within network communications. This work is motivated by the challenge of identifying malicious activities carried out in vulnerable k-path in a small to medium-sized computer network. Each observed edge (time series of the number of events or the number of packets exchanged between two computers in the network) is modeled using the three-state observed Markov model, as opposed to the Path-scan model which uses a two-state model (active state and inactive state), to establish baselines of behavior in order to detect anomalies. This model captures the typical behavior of network communications, as well as patterns of suspicious activity, such as those associated with brute force attacks. We take a perspective by analyzing each vulnerable k-path, enabling the accurate detection of anomalies on the k-path. Using this approach, our method aims to enhance the detection of suspicious activities in computer networks, thus providing a more robust and accurate solution to ensure the security of computer systems. Full article
(This article belongs to the Special Issue Intrusion/Malware Detection and Prevention in Networks—2nd Edition)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-5
Back to TopTop