Search Results (96)

Malware continues to evolve rapidly, posing significant challenges to network security. Traditional signature-based detection methods often struggle to cope with advanced evasion techniques such as polymorphism, metamorphism, encryption, and stealth, which are commonly employed by cybercriminals. As a result, these conventional approaches frequently fail to detect newly emerging malware variants in a timely manner. To address this limitation, Zero-Shot Learning (ZSL) has emerged as a promising alternative, offering improved classification capabilities for previously unseen malware samples. ZSL models leverage auxiliary semantic information and binary feature representations to enhance the recognition of novel threats. This study proposes a Transductive Zero-Shot Learning (TZSL) model based on the Vector Quantized Variational Autoencoder (VQ-VAE) architecture, integrated with a malware knowledge graph constructed from sandbox behavioral analysis of ransomware families. The model is further optimized through hyperparameter tuning to maximize classification performance. Evaluation metrics include per-family classification accuracy, precision, recall, F1-score, and Receiver Operating Characteristic (ROC) curves to ensure robust and reliable detection outcomes. In particular, the harmonic mean (H-mean) metric from the Generalized Zero-Shot Learning (GZSL) framework is introduced to jointly evaluate the model’s performance on both seen and unseen classes, offering a more holistic view of its generalization ability. The experimental results demonstrate that the proposed VQ-VAE model achieves an F1-score of 93.5% in ransomware classification, significantly outperforming other baseline models such as LeNet-5 (65.6%), ResNet-50 (71.8%), VGG-16 (74.3%), and AlexNet (65.3%). These findings highlight the superior capability of the VQ-VAE-based TZSL approach in detecting novel malware variants, improving detection accuracy while reducing false positives. Full article

The automotive industry has been a prime target for cybercriminals for decades, with attacks becoming more sophisticated as vehicles integrate advanced digital technologies. In response, new standards and regulations have been introduced, requiring manufacturers to implement robust cybersecurity measures to obtain necessary certifications. Modern vehicles have an extensive attack surface due to the increasing number of interconnected electronic components and wireless communication features. While new technologies improve connectivity, automation, and comfort, they also introduce new vulnerabilities that can be exploited by attackers. This paper presents a comprehensive analysis of the attack surface of modern vehicles, focusing on the security risks associated with wireless communication technologies. Each technology is examined in detail, highlighting existing research, known vulnerabilities, and potential countermeasures. Furthermore, this study identifies key research gaps in the field, providing insights into critical areas that require further investigation. This work aims to guide future research efforts in order to enhance vehicle cybersecurity in the evolving landscape of smart, autonomous, and connected vehicles. Full article

Malware has emerged as a significant threat to end-users, businesses, and governments, resulting in financial losses of billions of dollars. Cybercriminals have found malware to be a lucrative business because of its evolving capabilities and ability to target diverse platforms such as PCs, mobile devices, IoT, and cloud platforms. While previous studies have explored single platform-based malware detection, no existing research has comprehensively reviewed malware detection across diverse platforms using machine learning (ML) techniques. With the rise of malware on PC or laptop devices, mobile devices and IoT systems are now being targeted, posing a significant threat to cloud environments. Therefore, a platform-based understanding of malware detection and defense mechanisms is essential for countering this evolving threat. To fill this gap and motivate further research, we present an extensive review of malware detection using ML techniques with respect to PCs, mobile devices, IoT, and cloud platforms. This paper begins with an overview of malware, including its definition, prominent types, analysis, and features. It presents a comprehensive review of machine learning-based malware detection from the recent literature, including journal articles, conference proceedings, and online resources published since 2017. This study also offers insights into the current challenges and outlines future directions for developing adaptable cross-platform malware detection techniques. This study is crucial for understanding the evolving threat landscape and for developing robust detection strategies. Full article

The growing use of VPNs, proxy servers, and Tor browsers has significantly enhanced online privacy and anonymity. However, these technologies are also exploited by cybercriminals to obscure their identities, posing serious cybersecurity threats. Existing detection methods face challenges in accurately tracing the real IP addresses hidden behind these anonymization tools. This study presents a novel approach to unmasking true identities by leveraging honeypots and Canarytokens to track concealed connections. By embedding deceptive tracking mechanisms within decoy systems, we successfully capture the real IP addresses of users attempting to evade detection. Our methodology was rigorously tested across various network environments and payload types, ensuring effectiveness in real-world scenarios. The findings demonstrate the practicality and scalability of using Canarytokens for IP unmasking, providing a non-intrusive, legally compliant solution to combat online anonymity misuse. This research contributes to strengthening cyber threat intelligence, offering actionable insights for law enforcement, cybersecurity professionals, and digital forensics. Future work will focus on enhancing detection accuracy and addressing the advanced evasion tactics used by sophisticated attackers. Full article

Universities hold and process vast amounts of financial, user, and research data, which makes them prime targets for cybercriminals. In addition to the usual external threat actors, universities face a unique insider threat from students, who—alongside staff—may lack adequate cyber security training despite having access to various sensitive systems. This paper provides a focused assessment of the current cyber security threats facing UK universities, based on a comprehensive review of available information. A chronological timeline of notable cyber attacks against universities is produced, with incidents classified according to the CIA triad (Confidentiality, Integrity, Availability) and incident type. Several issues have been identified. Limited disclosure of attack details is a major concern, as full information is often withheld for security reasons, hindering institutions’ abilities to assess vulnerabilities thoroughly and respond effectively. Additionally, universities increasingly rely on third-party service providers for critical services, meaning that an attack on these external providers can directly impact university operations and data security. While SQL injection attacks, previously a significant issue, appear to have declined in frequency—perhaps reflecting improvements in defences—other threats continue to persist. Universities report lower levels of concern regarding DDoS attacks, potentially due to enhanced resilience and mitigation strategies; however, ransomware and phishing attacks remain prevalent. Insider threats, especially from students with varied IT skills, exacerbate these risks, as insiders may unknowingly or maliciously facilitate cyber attacks, posing ongoing challenges for university IT teams. This study recommends that universities leverage these insights, along with other available data, to refine their cyber security strategies. Developing targeted policies, strengthening training, and implementing international standards will allow universities to enhance their security posture and mitigate the complex and evolving threats they face. Full article

Cybercrime prevention is critical for the effective functioning of e-government services. Despite its importance, internal cybercrime mitigation processes within these services are underrepresented in the existing literature. This study addresses this gap by conducting a systematic review and bibliometric analysis of e-government research from January 2015 to January 2025. Using the Web of Science and Scopus databases, 3790 studies were identified; after removing duplicates, bibliometric analysis was performed using R Studio (Build 467). The analysis revealed that Government Information Quarterly was the leading journal, with China, the USA, and the UK contributing the most publications. Nineteen major themes emerged, with “adoption” identified as the dominant theme, followed by “governance” and “development”. Among 88 security-related studies, 19 specifically addressed cybersecurity in e-government services. Findings indicate a predominant focus on user-centric perspectives, such as service adoption and system vulnerabilities, while internal cybersecurity issues, including managerial practices and mitigation strategies, remain largely unexplored. Limited data availability may contribute to this gap. This study highlights the need for future research to adopt an integrated approach, emphasising management-level practices for cybercrime mitigation within e-government institutions from both developing and developed nations. Full article

Web 3.0 marks the beginning of a new era for the internet, characterized by distributed technology that prioritizes data ownership and value expression. Web 3.0 aims to empower users by providing them with ownership and control of their data and digital assets rather than leaving them in the hands of large corporations. Web 3.0 relies on decentralization, which uses blockchain technology to ensure secure user communication. However, Web 3.0 still faces many security challenges that might affect its deployment and expose users’ data and digital assets to cybercriminals. This survey investigates the current evolution of Web 3.0, outlining its background, foundation, and application. This review presents an overview of cybersecurity risks that face a mature Web 3.0 application domain (i.e., decentralized finance (DeFi)) and classifies them into seven categories. Moreover, state-of-the-art methods for addressing these threats are investigated and categorized based on the associated security risks. Insights into the potential future directions of Web 3.0 security are also provided. Full article

Android malware detection remains a critical issue for mobile security. Cybercriminals target Android since it is the most popular smartphone operating system (OS). Malware detection, analysis, and classification have become diverse research areas. This paper presents a smart sensing model based on large language models (LLMs) for developing and classifying network traffic-based Android malware. The network traffic that constantly connects Android apps may contain harmful components that may damage these apps. However, one of the main challenges in developing smart sensing systems for malware analysis is the scarcity of traffic data due to privacy concerns. To overcome this, a two-step smart sensing model Syn-detect is proposed. The first step involves generating synthetic TCP malware traffic data with malicious content using GPT-2. These data are then preprocessed and used in the second step, which focuses on malware classification. This phase leverages a fine-tuned LLM, Bidirectional Encoder Representations from Transformers (BERT), with classification layers. BERT is responsible for tokenization, generating word embeddings, and classifying malware. The Syn-detect model was tested on two Android malware datasets: CIC-AndMal2017 and CIC-AAGM2017. The model achieved an accuracy of 99.8% on CIC-AndMal2017 and 99.3% on CIC-AAGM2017. The Matthew’s Correlation Coefficient (MCC) values for the predictions were 99% for CIC-AndMal2017 and 98% for CIC-AAGM2017. These results demonstrate the strong performance of the Syn-detect smart sensing model. Compared to the latest research in Android malware classification, the model outperformed other approaches, delivering promising results. Full article

The current cybersecurity ecosystem is proving insufficient in today’s increasingly sophisticated cyber attacks. Malware authors and intruders have pursued innovative avenues to circumvent emulated monitoring systems (EMSs) such as honeypots, virtual machines, sandboxes and debuggers to continue with their malicious activities while remaining inconspicuous. Cybercriminals are improving their ability to detect EMS, by finding indicators of deception (IoDs) to expose their presence and avoid detection. It is proving a challenge for security analysts to deploy and manage EMS to evaluate their deceptive capability. In this paper, we introduce the Hydrakon framework, which is composed of an EMS controller and several Linux and Windows 10 clients. The EMS controller automates the deployment and management of the clients and EMS for the purpose of measuring EMS deceptive capabilities. Experiments were conducted by applying custom detection vectors to client real machines, virtual machines and sandboxes, where various artifacts were extracted and stored as csv files on the EMS controller. The experiment leverages the cosine similarity metric to compare and identify similar artifacts between a real system and a virtual machine or sandbox. Our results show that Hydrakon offers a valid approach to assess the deceptive capabilities of EMS without the need to target specific IoD within the target system, thereby fostering more robust and effective emulated monitoring systems. Full article

Electric vehicles (EVs) and their ecosystem have unquestionably made significant technological strides. Indeed, EVs have evolved into sophisticated computer systems with extensive internal and external communication capabilities. This interconnection raises concerns about security, privacy, and the expanding risk of cyber-attacks within the electric vehicle landscape. In particular, the charging infrastructure plays a crucial role in the electric mobility ecosystem. With the proliferation of charging points, new attack vectors are opened up for cybercriminals. The threat landscape targeting charging systems encompasses various types of attacks ranging from physical attacks to data breaches including customer information. In this paper, we aim to leverage the power of model-driven engineering to model and analyze EV charging systems at early stages. We employ domain-specific modeling language (DSML) techniques for the early security modeling and analysis of EV charging infrastructure. We accomplish this by integrating the established EMSA model for electric mobility, which encapsulates all key stakeholders in the ecosystem. To our knowledge, this represents the first instance in the literature of applying DSML within the electric mobility ecosystem, highlighting its innovative nature. Moreover, as our formalization based on DSML is an iterative, continuous, and evolving process, this approach guarantees that our proposed framework adeptly tackles the evolving cyber threats confronting the EV industry. Specifically, we use the Object Constraint Language (OCL) for precise specification and verification of security threats as properties of a modeled system. To validate our framework, we explore a set of representative threats targeting EV charging systems from real-world scenarios. To the best of our knowledge, this is the first attempt to provide a comprehensive security modeling framework for the electric mobility ecosystem. Full article

Today, there are many security problems at the technological level, especially in telecommunications. Cybercriminals invade and steal data from any system using vector attacks such as phishing through scam mail, fake websites and phone calls. This latter form of phishing is called vishing (phishing using voice). Through vishing and using social engineering techniques, attackers can impersonate family members or friends of potential victims and obtain information or money or a specific target objective. Traditionally, to carry out vishing attacks, attackers imitated the vocabulary, voice and tone of a person known to the victim. However, with current artificial intelligence (AI) tools, obtaining synthetic voices similar or identical to the person to be impersonated is more straightforward and precise. In this regard, this paper, using ChatGPT and three AI-enabled applications for voice synthesis presents a practical approach for deploying vishing attacks in an academic environment to identify the limitations, implications and possible countermeasures to mitigate the effects on Internet users. Results demonstrate the effectiveness of vishing attacks, and the maturity level of the employed AI tools. Full article

Phishing email assaults have been a prevalent cybercriminal tactic for many decades. Various detectors have been suggested over time that rely on textual information. However, to address the growing prevalence of phishing emails, more sophisticated techniques are required to use all aspects of emails to improve the detection capabilities of machine learning classifiers. This paper presents a novel approach to detecting phishing emails. The proposed methodology combines ensemble learning techniques with various variables, such as word frequency, the presence of specific keywords or phrases, and email length, to improve detection accuracy. We provide two approaches for the planned task; The first technique employs ensemble learning soft voting, while the second employs weighted ensemble learning. Both strategies use distinct machine learning algorithms to concurrently process the characteristics, reducing their complexity and enhancing the model’s performance. An extensive assessment and analysis are conducted, considering unique criteria designed to minimize biased and inaccurate findings. Our empirical experiments demonstrates that using ensemble learning to merge attributes in the evolution of phishing emails showcases the competitive performance of ensemble learning over other machine learning algorithms. This superiority is underscored by achieving an F1-score of 0.90 in the weighted ensemble method and 0.85 in the soft voting method, showcasing the effectiveness of this approach. Full article

The rapid expansion of the internet has led to a corresponding surge in malicious online activities, posing significant threats to users and organizations. Cybercriminals exploit malicious uniform resource locators (URLs) to disseminate harmful content, execute phishing schemes, and orchestrate various cyber attacks. As these threats evolve, detecting malicious URLs (MURLs) has become crucial for safeguarding internet users and ensuring a secure online environment. In response to this urgent need, we propose a novel machine learning-driven framework designed to identify known and unknown MURLs effectively. Our approach leverages a comprehensive dataset encompassing various labels—including benign, phishing, defacement, and malware—to engineer a robust set of features validated through extensive statistical analyses. The resulting malicious URL detection system (MUDS) combines supervised machine learning techniques, tree-based algorithms, and advanced data preprocessing, achieving a high detection accuracy of 96.83% for known MURLs. For unknown MURLs, the proposed framework utilizes CL_K-means, a modified k-means clustering algorithm, alongside two additional biased classifiers, achieving 92.54% accuracy on simulated zero-day datasets. With an average processing time of under 14 milliseconds per instance, MUDS is optimized for real-time integration into network endpoint systems. These outcomes highlight the efficacy and efficiency of the proposed MUDS in fortifying online security by identifying and mitigating MURLs, thereby reinforcing the digital landscape against cyber threats. Full article

Side-channel attacks (SCAs) are powerful techniques used to recover keys from electronic devices by exploiting various physical leakages, such as power, timing, and heat. Although heat is one of the less frequently analyzed channels due to the high noise associated with thermal traces, it poses a significant and growing threat to the security of very large-scale integrated (VLSI) microsystems, particularly system in package (SiP) technologies. Thermal side-channel attacks (TSCAs) exploit temperature variations, risking not only hardware damage from excessive heat dissipation but also enabling the extraction of sensitive data, like cryptographic keys, by observing thermal patterns. This dual threat underscores the need for a synergistic approach to thermal management and security in designing integrated microsystems. In response, this paper presents a novel approach that improves the early detection of abnormal thermal fluctuations in SiP designs, preventing cybercriminals from exploiting such anomalies to extract sensitive information for malicious purposes. Our approach employs a new concept called Thermal Digital Twin (TDT), which integrates two previously separate methods and techniques, resulting in successful outcomes. It combines the gradient direction sensor scan (GDSSCAN) to capture thermal data from the physical field programmable gate array (FPGA), which guarantees rapid thermal scan with a measurement period that could be close to $10 \mathsf{\mu }\mathrm{s},$ a resolution of ${0.5 }^{\circ }$C, and a temperature range from −${40 }^{\circ }$C to ${140 }^{\circ }$C; once the data are transmitted in real time to a Digital Twin created in COMSOL Multiphysics^® 6.0 for simulation using the Finite Element Method (FEM), the real time required by the CPU to perform all the necessary calculations can extend to several seconds or minutes. This integration allows for a detailed analysis of thermal transfer within the SiP model of our FPGA. Implementation and simulations demonstrate that the Thermal Digital Twin (TDT) approach could reduce the risks associated with TSCA by a significant percentage, thereby enhancing the security of FPGA systems against thermal threats. Full article

The fast proliferation of Internet of Things (IoT) devices has dramatically altered healthcare, increasing the efficiency and efficacy of smart health ecosystems. However, this expansion has created substantial security risks, as cybercriminals increasingly target IoT devices in order to exploit their weaknesses and relay critical health information. The rising threat landscape poses serious concerns across various domains within healthcare, where the protection of patient information and the integrity of medical devices are paramount. Smart health systems, while offering numerous benefits, are particularly vulnerable to cyber-attacks due to the integration of IoT devices and the vast amounts of data they generate. Healthcare providers, although unable to control the actions of cyber adversaries, can take proactive steps to secure their systems by adopting robust cybersecurity measures, such as strong user authentication, regular system updates, and the implementation of advanced security technologies. This research introduces a groundbreaking approach to addressing the cybersecurity challenges in smart health ecosystems through the deployment of a novel cloud-enabled cyber threat-hunting platform. This platform leverages deception technology, which involves creating decoys, traps, and false information to divert cybercriminals away from legitimate health data and systems. By using this innovative approach, the platform assesses the cyber risks associated with smart health systems, offering actionable recommendations to healthcare stakeholders on how to minimize cyber risks and enhance the security posture of IoT-enabled healthcare solutions. Overall, this pioneering research represents a significant advancement in safeguarding the increasingly interconnected world of smart health ecosystems, providing a promising strategy for defending against the escalating cyber threats faced by the healthcare industry. Full article