Search Results (67)

The proliferation of biometric authentication systems in critical security applications has highlighted the urgent need for robust defense mechanisms against sophisticated adversarial attacks. This paper presents ShieldNet, an adversarially resilient Convolutional Neural Network (CNN) framework specifically designed for secure iris biometric authentication. Unlike existing approaches that apply adversarial training or gradient regularization independently, ShieldNet introduces a synergistic dual-layer defense framework featuring three key components: (1) an attack-aware adaptive weighting mechanism that dynamically balances defense priorities across multiple attack types, (2) a smoothness-regularized gradient penalty formulation that maintains differentiable gradients while encouraging locally smooth loss landscapes, and (3) a consistency loss component that enforces prediction stability between clean and adversarial inputs. Through extensive experimental validation across three diverse iris datasets, MMU1, CASIA-Iris-Africa, and UBIRIS.v2, and rigorous evaluation against strong adaptive attacks including AutoAttack, PGD-100 with random restarts, and transfer-based black-box attacks, ShieldNet demonstrated robust performance, achieving 87.3% adversarial accuracy under AutoAttack on MMU1, 85.1% on CASIA-Iris-Africa, and 82.4% on UBIRIS.v2, while maintaining competitive clean data accuracies of 94.7%, 93.9%, and 92.8%, respectively. The proposed framework outperforms existing state-of-the-art defense methods including TRADES, MART, and AWP, achieving an equal error rate (EER) as low as 2.8% and demonstrating consistent robustness across both gradient-based and gradient-free attack scenarios. Comprehensive ablation studies validate the complementary contributions of each defense component, while latent space analysis confirms that ShieldNet learns genuinely robust feature representations rather than relying on gradient obfuscation. These results establish ShieldNet as a practical and reliable solution for deployment in high-security biometric authentication environments. Full article

Android malware continues to evolve through obfuscation and polymorphism, posing challenges for both signature-based defenses and machine learning models trained on limited and imbalanced datasets. Synthetic data has been proposed as a remedy for scarcity, yet the role of Large Language Models (LLMs) in generating effective malware data for detection tasks remains underexplored. In this study, we fine-tune GPT-4.1-mini to produce structured records for three malware families: BankBot, Locker/SLocker, and Airpush/StopSMS, using the KronoDroid dataset. After addressing generation inconsistencies with prompt engineering and post-processing, we evaluate multiple classifiers under three settings: training with real data only, real-plus-synthetic data, and synthetic data alone. Results show that real-only training achieves near-perfect detection, while augmentation with synthetic data preserves high performance with only minor degradations. In contrast, synthetic-only training produces mixed outcomes, with effectiveness varying across malware families and fine-tuning strategies. These findings suggest that LLM-generated tabular malware feature records can enhance scarce datasets without compromising detection accuracy, but remain insufficient as a standalone training source. Full article

Cross-site scripting (XSS) attacks are among the threats facing web security, resulting from the diversity and complexity of HTML formats. Research has shown that some text processing-based methods are limited in their ability to detect this type of attack. This article proposes an approach aimed at improving the detection of this type of attack, taking into account the limitations of certain techniques. It combines the effectiveness of deep learning represented by convolutional neural networks (CNN) and the accuracy of classification methods represented by support vector machines (SVM). It takes advantage of the ability of CNNs to effectively detect complex visual patterns in the face of injection variations and the SVM’s powerful classification capability, as XSS attacks often use obfuscation or encryption techniques that are difficult to be detected with textual methods alone. This work relies on a dataset that focuses specifically on XSS attacks, which is available on Kaggle and contains 13,686 sentences in script form, including benign and malicious cases associated with these attacks. Benign data represents 6313 cases, while malicious data represents 7373 cases. The model was trained on 80% of this data, while the remaining 20% was allocated for test. Computer vision techniques were used to analyze the visual patterns in the images and extract distinctive features, moving from a textual representation to a visual one where each character is converted into its ASCII encoding, then into grayscale pixels. In order to visually distinguish the characteristics of normal and malicious code strings and the differences in their visual representation, a CNN model was used in the analysis. The convolution and subsampling (pooling) layers extract significant patterns at different levels of abstraction, while the final output is converted into a feature vector that can be exploited by a classification algorithm such as an Optimized SVM. The experimental results showed excellent performance for the model, with an accuracy of (99.7%), and this model is capable of generalizing effectively without the risk of overfitting or loss of performance. This significantly enhances the security of web applications by providing robust protection against complex XSS threats. Full article

Memory resident malware, particularly fileless and heavily obfuscated types, continues to pose a major problem for endpoint defense tools, as these threats often slip past traditional signature-based detection techniques. Deep learning has shown promise in identifying such malicious activity, but its use in real Security Operations Centers (SOCs) is still limited because the internal reasoning of these neural network models is difficult to interpret or verify. In response to this challenge, we present HAGEN, a hierarchical attention architecture designed to combine strong classification performance with explanations that security analysts can understand and trust. HAGEN processes memory artifacts through a series of attention layers that highlight important behavioral cues at different scales, while a gated mechanism controls how information flows through the network. This structure enables the system to expose the basis of its decisions rather than simply output a label. To further support transparency, the final classification step is guided by representative prototypes, allowing predictions to be related back to concrete examples learned during training. When evaluated on the CIC-MalMem-2022 dataset, HAGEN achieved 99.99% accuracy in distinguishing benign programs from major malware classes such as spyware, ransomware, and trojans, all with modest computational requirements suitable for live environments. Beyond accuracy, HAGEN produces clear visual and numeric explanations—such as attention maps and prototype distances—that help investigators understand which memory patterns contributed to each decision, making it a practical tool for both detection and forensic analysis. Full article

Volatile memory provides the most direct and clear view into a system’s runtime behavior. Yet, traditional forensics methods are prone to errors and remain fragile against modern obfuscation and injection techniques. This paper introduces a textual-attention transformer framework that treats raw memory bytes as linguistic tokens, allowing the model to read memory as text and infer contextual relationships across disjoint regions. The proposed model aligns positional encodings with memory addresses and learns to associate scattered structures—such as injected stubs, PE headers, and decryption routines—within a unified semantic space. Experiments on two publicly verifiable datasets, CIC-MalMem-2022 (multi-class) and NIST CFReDS Basic Memory Images (binary), demonstrate that this approach reconstructs malware behavior with ≈97% accuracy, outperforming CNN and LSTM baselines. Attention heatmaps reveal interpretable forensic cues that identify malicious regions, bridging AI and digital forensics. The proposed concept of textual self-attention for memory opens a new paradigm in automated memory analysis—transforming volatile memory into a readable, interpretable sequence for malware behavior reconstruction. Full article

Smart contracts are deployed and represented as bytecodes in blockchain networks, and these bytecodes are machine-readable codes. Only a small number of deployed smart contracts have their verified human-readable code publicly accessible to blockchain users. To improve the understandability of deployed smart contracts, we explored rule-based classification of smart contracts using iterative integration of fingerprints of relevant function interfaces and keywords. Our classification system included categories for standard contracts such as ERC20, ERC721, and ERC1155, and non-standard contracts like FinDApps, cross-chain, governance, and proxy. To do this, we first identified the core function fingerprints for all ERC token contracts. We then used an adapted header extractor tool to verify that these fingerprints occurred in all of the implemented functions within the bytecode. For the non-standard contracts, we took an iterative approach, identifying contract interfaces and relevant fingerprints for each specific category. To classify these contracts, we created a rule that required at least two occurrences of a relevant fingerprint keyword or interface. This rule was stricter for standard contracts: the 100% occurrence requirement ensures that we only identify compliant token contracts. For non-standard contracts, we required a minimum of two relevant fingerprint occurrences to prevent hash collisions and the unintentional use of keywords. After developing the classifier, we evaluated its performance on sample datasets. The classifier performed very well, achieving an F1 score of over 99% for standard contracts and a solid 93% for non-standard contracts. We also conducted a risk analysis to identify potential vulnerabilities that could reduce the classifier’s performance, including hash collisions, an incomplete rule set, manual verification bottlenecks, outdated data, and semantic misdirection or obfuscation of smart contract functions. To address these risks, we proposed several solutions: continuous monitoring, continuous data crawling, and extended rule refinement. The classifier’s modular design allows for these manual updates to be easily integrated. While semantic-based risks cannot be completely eliminated, symbolic execution can be used to verify the expected behavior of ERC token contract functions with a given set of inputs to identify malicious contracts. Lastly, we applied the classifier on contracts deployed Ethereum main network. Full article

As technology advances, developers continually create innovative solutions to enhance smartphone security. However, the rapid spread of Android malware poses significant threats to devices and sensitive data. The Android Operating System (OS)’s open-source nature and Software Development Kit (SDK) availability mainly contribute to this alarming growth. Conventional malware detection methods, such as signature-based, static, and dynamic analysis, face challenges in detecting obfuscated techniques, including encryption, packing, and compression, in malware. Although developers have created several visualization techniques for malware detection using deep learning (DL), they often fail to accurately identify the critical malicious features of malware. This research introduces MalVis, a unified visualization framework that integrates entropy and N-gram analysis to emphasize meaningful structural and anomalous operational patterns within the malware bytecode. By addressing significant limitations of existing visualization methods, such as insufficient feature representation, limited interpretability, small dataset sizes, and restricted data access, MalVis delivers enhanced detection capabilities, particularly for obfuscated and previously unseen (zero-day) malware. The framework leverages the MalVis dataset introduced in this work, a publicly available large-scale dataset comprising more than 1.3 million visual representations in nine malware classes and one benign class. A comprehensive comparative evaluation was performed against existing state-of-the-art visualization techniques using leading convolutional neural network (CNN) architectures, MobileNet-V2, DenseNet201, ResNet50, VGG16, and Inception-V3. To further boost classification performance and mitigate overfitting, the outputs of these models were combined using eight distinct ensemble strategies. To address the issue of imbalanced class distribution in the multiclass dataset, we employed an undersampling technique to ensure balanced learning across all types of malware. MalVis achieved superior results, with 95% accuracy, 90% F1-score, 92% precision, 89% recall, 87% Matthews Correlation Coefficient (MCC), and 98% Receiver Operating Characteristic Area Under Curve (ROC-AUC). These findings highlight the effectiveness of MalVis in providing interpretable and accurate representation features for malware detection and classification, making it valuable for research and real-world security applications. Full article

The Internet has been progressively more integrated into daily life through its evolutionary stages, ranging from web1.0 to the current development of web3.0. These continued integrations broaden the attack surface that cybercriminals aim to exploit. The prevalence of cybercrimes, particularly malware attacks, has become increasingly sophisticated and made more accessible through dark web marketplaces. Including artificial intelligence (AI) within anti-virus solutions has challenged the traditional dichotomy of malware detection schemes, offering more accurate and holistic detection capabilities. Research has shown that transforming malware files into textured images offers resistance to obfuscation and the potential to detect zero days. This paper explores the application of image quality assessment (IQA) techniques in enhancing visual malware dataset curation. We propose a novel framework that applies a no-reference IQA algorithm to evaluate current datasets and offer guidance in future dataset curation. Using multiple popular datasets, our evaluation demonstrates that the proposed MalScore framework effectively differentiates dataset quality—for example, MalNet Tiny achieves the highest score of 95%, while the NARAD malicious-image subset scores 50%. Additionally, BRISQUE was the only IQA algorithm to exhibit a strong linear sensitivity to blur levels across datasets. These results highlight the practical utility of MalScore in assessing and ranking visual malware datasets and lay the groundwork for uniting IQA and visual malware detection in future research. Full article

Malware plays a critical role in network attacks, making its analysis essential for ensuring network security. To evade detection, malware developers often use packing techniques to hide malicious code, making it difficult for analysts to identify the software’s true behavior. Software that has been packed is referred to as “packed software,” and network security analysts need to employ unpacking strategies to remove these protective layers and restore the software’s actual behavior. This process is crucial in preventing malware from bypassing traditional security mechanisms, as unpacking reveals the underlying code that can be analyzed for malicious intent. However, as malware evolves, packed software can vary greatly in its packing techniques, requiring analysts to stay ahead of emerging trends in obfuscation methods. Furthermore, new packing methods are frequently introduced, posing an ongoing challenge to existing detection systems. Existing packed software identification methods largely rely on known training sets, which can identify known types of packed software but struggle with the opened-set problem, where new or unknown packed software types are encountered. To address this issue, this paper introduces the problem of identifying packed software in both closed-set and opened-set scenarios and proposes an evaluation mechanism using known/unknown recall rates to assess the ability to recognize both types. The known recall rate evaluates the system’s ability to identify known types, while the unknown recall rate measures its ability to recognize new, unknown packed software. This dual approach helps bridge the gap between identifying familiar threats and detecting previously unseen ones, which is increasingly important as malware continues to evolve. Additionally, the paper proposes a strategy that simultaneously addresses both recognition problems, aiming to improve the overall performance of the identification system. Experimental results on a packed software dataset demonstrate that this strategy significantly improves the accuracy and comprehensiveness of identification, validating its effectiveness in practical applications. Full article

Website fingerprinting (WF) attacks analyze encrypted network traffic to exploit side-channel features such as packet sizes, inter-packet timings, and burst patterns, enabling adversaries to infer users’ browsing activities and posing persistent privacy threats even under encryption protocols like TLS. Existing WF defenses primarily rely on static perturbations of coarse statistical features, which fail to reproduce the multi-scale spatio-temporal dynamics of website traffic and are increasingly ineffective against modern deep learning-based classifiers. To address this challenge, we propose WFD-EST, a website fingerprinting defense framework that dynamically emulates spatio-temporal traffic characteristics for fine-grained obfuscation. WFD-EST constructs a multi-scale traffic representation that captures both packet-level dynamics and burst-level correlations. A diffusion-based generator, guided by a fine-tuned large-scale discriminator, synthesizes realistic target traffic templates that preserve structural consistency while reflecting temporal diversity. Based on these templates, a burst-aware manipulation module performs packet padding, insertion, and delay operations to align source flows with target spatio-temporal patterns, generating traffic indistinguishable from real target flows. Evaluations on a real-world dataset comprising 15,000 encrypted samples from three representative websites show that WFD-EST consistently outperforms two state-of-the-art defenses, reducing classification F1 scores by 0.082–0.144 while lowering bandwidth and time overheads by at least 0.086 and 0.054, respectively. Full article

Conventional signal-to-image conversion methods often overlook the physical correspondence of vibration signals, limiting diagnostic interpretability. To address this, we propose a physics-guided image construction strategy that incorporates dimensionless indicators to adaptively weight grayscale regions, enhancing the physical consistency and the discriminability among different fault types. Furthermore, a novel Cheap Channel Obfuscation module is introduced to suppress noise, decouple feature channels, and preserve the critical information within lightweight models. Integrated with ShuffleNetV2, our method achieves high diagnostic accuracy. Experimental validation for CWRU and SEU bearing datasets yields accuracies of 100% and 99.91%, respectively, demonstrating superior performance with minimal parameters. This approach offers a technically robust and computationally efficient fault diagnosis solution, with promising potential for deployment in resource-limited industrial environments. Full article

The widespread use of leetspeak and dialectal Arabic on social media poses a critical challenge to automated hate speech detection systems. Existing Arabic NLP models, largely trained on Modern Standard Arabic (MSA), struggle with obfuscated, noisy, and dialect-specific text, leading to poor generalization in real-world scenarios. This study introduces a Hybrid AraBERT–Hierarchical Attention Network (HAN) framework for deobfuscating Iraqi Arabic leetspeak and accurately classifying hate speech. The proposed model employs a custom normalization pipeline that converts digits, symbols, and Latin-script substitutions (e.g., "3يب" → "عيب") into canonical Arabic forms, thereby enhancing tokenization and embedding quality. AraBERT provides deep contextualized representations optimized for Arabic morphology, while HAN hierarchically aggregates and attends to critical words and sentences to improve interpretability and semantic focus. Experimental evaluation on an Iraqi Arabic social media dataset demonstrates that the proposed model achieves 97% accuracy, 96% precision, 96% recall, 96% F1-score, and 0.98 ROC–AUC, outperforming standalone AraBERT and HAN models by up to 6% in F1-score and 4% in AUC. Ablation studies confirm the important role of the normalization stage (F1 = 0.91 without it) and the contribution of hierarchical attention in balancing precision and recall. Robustness testing under controlled perturbations (including character substitutions, symbol obfuscations, typographical noise, and class imbalance) shows performance retention above 91% F1, validating the framework’s noise tolerance and generalization capability. Comparative analysis with state-of-the-art approaches such as DRNNs, arHateDetector, and ensemble BERT systems further highlights the hybrid model’s effectiveness in handling noisy, dialectal, and adversarial text. Full article

Possible collisions with port infrastructure are a big challenge in the automation of commercial shipping. The first step to avoiding these collisions is identifying static port infrastructure. To minimize the risk of collisions of automated vessels with port infrastructure, this study aims to develop a model for automatically detecting static harbor objects (quay walls and piles) in port areas using a YOLOv5-based deep learning architecture. The existing architecture is adapted by generating a port-specific image dataset using image obfuscation techniques that simulate real-world operational scenarios, additionally improving robustness. To determine optimal hyperparameters, such as image resolution, batch size, or selection of optimization algorithm, multiple experiments were conducted and evaluated. As the proposed system is used in a time critical environment, the evaluation is performed on the basis of model performance as well as inference time. Full article

With the development of artificial intelligence neural networks, semantic segmentation has received more and more attention in the field of ocean engineering, especially in the fields of unmanned vessels and drones. However, challenges such as limited open ocean datasets, insufficient feature extraction for segmentation networks, pixel pairing problem, and frequency-domain obfuscation still exist. To address these issues, we propose USVS-Net, a high-performance segmentation network for segmenting USV feasible domains and surface obstacles. To overcome the pixel pairing confusion problem, a Global Channel-Spatial Attention module (GCSA) is designed in this paper, which enhances feature interactions, suppresses redundant features, and improves pixel matching accuracy through channel shuffling strategy and large kernel spatial attention. In addition, a median-enhanced channel-spatial attention (MECS) module is proposed to enhance edge details and suppress noise by fusing the median, mean, and maximum values to facilitate cross-scale feature interactions. For evaluation, a dataset USV-DATA containing images of marine obstacles is constructed. Experiments show that USVS-Net outperforms SOTA with mIoU reaching 81.71% and mPA reaching 90.18%, which is a significant improvement over the previous methods. These findings indicate that USVS-Net has high accuracy and robustness and can provide valuable support for autonomous navigation of unmanned vessels. Full article

The increasing use of AI systems for face, object, action, scene, and emotion recognition raises significant privacy risks, particularly when processing Personally Identifiable Information (PII). Current privacy-preserving methods lack adaptability to users’ preferences and contextual requirements, and obfuscate user faces uniformly. This research proposes a user-centric, context-aware, and ontology-driven privacy protection framework that dynamically adjusts privacy decisions based on user-defined preferences, entity sensitivity, and contextual information. The framework integrates state-of-the-art recognition models for recognising faces, objects, scenes, actions, and emotions in real time on data acquired from vision sensors (e.g., cameras). Privacy decisions are directed by a contextual ontology based in Contextual Integrity theory, which classifies entities into private, semi-private, or public categories. Adaptive privacy levels are enforced through obfuscation techniques and a multi-level privacy model that supports user-defined red lines (e.g., “always hide logos”). The framework also proposes a Re-Identifiability Index (RII) using soft biometric features such as gait, hairstyle, clothing, skin tone, age, and gender, to mitigate identity leakage and to support fallback protection when face recognition fails. The experimental evaluation relied on sensor-captured datasets, which replicate real-world image sensors such as surveillance cameras. User studies confirmed that the framework was effective, with over 85.2% of participants rating the obfuscation operations as highly effective, and the other 14.8% stating that obfuscation was adequately effective. Amongst these, 71.4% considered the balance between privacy protection and usability very satisfactory and 28% found it satisfactory. GPU acceleration was deployed to enable real-time performance of these models by reducing frame processing time from 1200 ms (CPU) to 198 ms. This ontology-driven framework employs user-defined red lines, contextual reasoning, and dual metrics (RII/IVI) to dynamically balance privacy protection with scene intelligibility. Unlike current anonymisation methods, the framework provides a real-time, user-centric, and GDPR-compliant method that operationalises privacy-by-design while preserving scene intelligibility. These features make the framework appropriate to a variety of real-world applications including healthcare, surveillance, and social media. Full article