Search Results (6)

The increase in new cyber threats is the result of the rapid growth of using the Internet, thus raising questions about the effectiveness of traditional Intrusion Detection Systems (IDSs). Machine learning (ML) technology is used to enhance cybersecurity in general and especially for reactive approaches, such as traditional IDSs. In several instances, it is seen that a single assailant may direct their efforts towards different servers belonging to an organization. This behavior is often perceived by IDSs as infrequent attacks, thus diminishing the effectiveness of detection. In this context, this paper aims to create a machine learning-based IDS model able to detect malicious traffic received by different organizational network interfaces. A centralized proxy server is designed to receive all the incoming traffic at the organization’s servers, scan the traffic by using the proposed IDS, and then redirect the traffic to the requested server. The proposed IDS was evaluated by using three datasets: CIC-MalMem-2022, CIC-IDS-2018, and CIC-IDS-2017. The XGBoost model showed exceptional performance in rapid detection, achieving 99.96%, 99.73%, and 99.84% accuracy rates within short time intervals. The Stacking model achieved the highest level of accuracy among the evaluated models. The developed IDS demonstrated superior accuracy and detection time outcomes compared with previous research in the field. Full article

Detecting malware has become extremely important with the increasing exposure of computational systems and mobile devices to online services. However, the rapidly evolving nature of malicious software makes this task particularly challenging. Despite the significant number of machine learning works for malware detection proposed in the last few years, limited interest has been devoted to continual learning approaches, which could allow models to showcase effective performance in challenging and dynamic scenarios while being computationally efficient. Moreover, most of the research works proposed thus far adopt a fully supervised setting, which relies on fully labelled data and appears to be impractical in a rapidly evolving malware landscape. In this paper, we address malware detection from a continual semi-supervised one-class learning perspective, which only requires normal/benign data and empowers models with a greater degree of flexibility, allowing them to detect multiple malware types with different morphology. Specifically, we assess the effectiveness of two replay strategies on anomaly detection models and analyze their performance in continual learning scenarios with three popular malware detection datasets (CIC-AndMal2017, CIC-MalMem-2022, and CIC-Evasive-PDFMal2022). Our evaluation shows that replay-based strategies can achieve competitive performance in terms of continual ROC-AUC with respect to the considered baselines and bring new perspectives and insights on this topic. Full article

The Internet of Things (IoT), introduced by Kevin Ashton in the late 1990s, has transformed technology usage globally, enhancing efficiency and convenience but also posing significant security challenges. With the proliferation of IoT devices expected to exceed 29 billion by 2030, securing these devices is crucial. This study proposes an optimized 1D convolutional neural network (1D CNN) model for effectively classifying IoT security data. The model architecture includes input, convolutional, self-attention, and output layers, utilizing GELU activation, dropout, and normalization techniques to improve performance and prevent overfitting. The model was evaluated using the CIC IoT 2023, CIC-MalMem-2022, and CIC-IDS2017 datasets, achieving impressive results: 98.36% accuracy, 100% precision, 99.96% recall, and 99.95% F1-score for CIC IoT 2023; 99.90% accuracy, 99.98% precision, 99.97% recall, and 99.96% F1-score for CIC-MalMem-2022; and 99.99% accuracy, 99.99% precision, 99.98% recall, and 99.98% F1-score for CIC-IDS2017. These outcomes demonstrate the model’s effectiveness in detecting and classifying various IoT-related attacks and malware. The study highlights the potential of deep-learning techniques to enhance IoT security, with the developed model showing high performance and low computational overhead, making it suitable for real-time applications and resource-constrained devices. Future research should aim at testing the model on larger datasets and incorporating adaptive learning capabilities to further enhance its robustness. This research significantly contributes to IoT security by providing advanced insights into deploying deep-learning models, encouraging further exploration in this dynamic field. Full article

Obfuscated Memory Malware (OMM) presents significant threats to interconnected systems, including smart city applications, for its ability to evade detection through concealment tactics. Existing OMM detection methods primarily focus on binary detection. Their multiclass versions consider a few families only and, thereby, fail to detect much existing and emerging malware. Moreover, their large memory size makes them unsuitable to be executed in resource-constrained embedded/IoT devices. To address this problem, in this paper, we propose a multiclass but lightweight malware detection method capable of identifying recent malware and is suitable to execute in embedded devices. For this, the method considers a hybrid model by combining the feature-learning capabilities of convolutional neural networks with the temporal modeling advantage of bidirectional long short-term memory. The proposed architecture exhibits compact size and fast processing speed, making it suitable for deployment in IoT devices that constitute the major components of smart city systems. Extensive experiments with the recent CIC-Malmem-2022 OMM dataset demonstrate that our method outperforms other machine learning-based models proposed in the literature in both detecting OMM and identifying specific attack types. Our proposed method thus offers a robust yet compact model executable in IoT devices for defending against obfuscated malware. Full article

Given their escalating number and variety, combating malware is becoming increasingly strenuous. Machine learning techniques are often used in the literature to automatically discover the models and patterns behind such challenges and create solutions that can maintain the rapid pace at which malware evolves. This article compares various tree-based ensemble learning methods that have been proposed in the analysis of PE malware. A tree-based ensemble is an unconventional learning paradigm that constructs and combines a collection of base learners (e.g., decision trees), as opposed to the conventional learning paradigm, which aims to construct individual learners from training data. Several tree-based ensemble techniques, such as random forest, XGBoost, CatBoost, GBM, and LightGBM, are taken into consideration and are appraised using different performance measures, such as accuracy, MCC, precision, recall, AUC, and F1. In addition, the experiment includes many public datasets, such as BODMAS, Kaggle, and CIC-MalMem-2022, to demonstrate the generalizability of the classifiers in a variety of contexts. Based on the test findings, all tree-based ensembles performed well, and performance differences between algorithms are not statistically significant, particularly when their respective hyperparameters are appropriately configured. The proposed tree-based ensemble techniques also outperformed other, similar PE malware detectors that have been published in recent years. Full article

Malware is a significant threat that has grown with the spread of technology. This makes detecting malware a critical issue. Static and dynamic methods are widely used in the detection of malware. However, traditional static and dynamic malware detection methods may fall short in advanced malware detection. Data obtained through memory analysis can provide important insights into the behavior and patterns of malware. This is because malwares leave various traces on memories. For this reason, the memory analysis method is one of the issues that should be studied in malware detection. In this study, the use of memory data in malware detection is suggested. Malware detection was carried out by using various deep learning and machine learning approaches in a big data environment with memory data. This study was carried out with Pyspark on Apache Spark big data platform in Google Colaboratory. Experiments were performed on the balanced CIC-MalMem-2022 dataset. Binary classification was made using Random Forest, Decision Tree, Gradient Boosted Tree, Logistic Regression, Naive Bayes, Linear Vector Support Machine, Multilayer Perceptron, Deep Feed Forward Neural Network, and Long Short-Term Memory algorithms. The performances of the algorithms used have been compared. The results were evaluated using the Accuracy, F1-score, Precision, Recall, and AUC performance metrics. As a result, the most successful malware detection was obtained with the Logistic Regression algorithm, with an accuracy level of 99.97% in malware detection by memory analysis. Gradient Boosted Tree follows the Logistic Regression algorithm with 99.94% accuracy. The Naive Bayes algorithm showed the lowest performance in malware analysis with memory data, with an accuracy of 98.41%. In addition, many of the algorithms used have achieved very successful results. According to the results obtained, the data obtained from memory analysis is very useful in detecting malware. In addition, deep learning and machine learning approaches were trained with memory datasets and achieved very successful results in malware detection. Full article