Malware Research - Science topic

Malware detection is a critical but very challenging task in cybersecurity. The eternal competition between malware authors (cyber attackers) and security analysts (detectors) is a never-ending game in which malware evolves rapidly and becomes more sophisticated as cyber attackers constantly evolve their tactics to evade detection. Such competition...

In an era of ever-evolving cyber threats, traditional defenses are no longer enough. Machine Learning for Cyber Threat Detection offers a transformative guide into how AI-driven technologies are reshaping the cybersecurity landscape. Curated and edited by Dr. Sanjay Agal, a recognized academic leader with over 16 years of experience in AI, cyberse...

Interpretable malware detection is crucial for understanding harmful behaviors and building trust in automated security systems. Traditional explainable methods for Graph Neural Networks (GNNs) often highlight important regions within a graph but fail to associate them with known benign or malicious behavioral patterns. This limitation reduces thei...

The ongoing issue of malware significantly undermines network security. Despite the proliferation of detection techniques, traditional detection methods often struggle to distinguish malware activities accurately. Consequently, there is a growing recognition of the need to leverage artificial intelligence (AI) techniques to enhance malware detectio...

As malware has become increasingly complex, advanced techniques have emerged to improve traditional detection systems. The increasing complexity of malware poses significant challenges in cybersecurity due to the inability of existing methods to understand detailed and contextual relationships in modern software behavior. Therefore, developing inno...

Malware analysis and classification have become critical components of modern cybersecurity strategies, given the increasing sophistication of cyber threats. With the rapid advancement of machine learning techniques, particularly deep learning, the ability to detect and classify malware has improved significantly. This chapter explores the role of...

The Internet of Things (IoT) has emerged as one of the fastest-growing areas in technology, but this growth also increases the risk of cyber-attacks on IoT devices, particularly through malware infections. In this paper, we present a novel, lightweight approach to detect IoT malware by focusing on the ELF header information, with data sizes varying...

With the growing complexity and frequency of cybersecurity threats, traditional defense mechanisms are increasingly proving inadequate to combat sophisticated and evolving attacks. Deep Reinforcement Learning (DRL), an advanced machine learning paradigm, has emerged as a promising solution for addressing these challenges due to its ability to auton...

This research studies the quality, speed and cost of malware analysis assisted by artificial intelligence. It focuses on Linux and IoT malware of 2024-2025, and uses r2ai, the AI extension of Radare2's disassembler. Not all malware and not all LLMs are equivalent but the study shows excellent results with Claude 3.5 and 3.7 Sonnet. Despite a few er...

Large Language Models (LLMs) have recently emerged as powerful tools in cybersecurity, offering advanced capabilities in malware detection, generation, and real-time monitoring. Numerous studies have explored their application in cybersecurity, demonstrating their effectiveness in identifying novel malware variants, analyzing malicious code structu...

The integration of Artificial Intelligence (AI) and Machine Learning (ML) into digital forensics has revolutionized investigative processes by enhancing efficiency, accuracy, and scalability. Traditional forensic methods often struggle with the growing volume and complexity of digital evidence, leading to delays and potential oversights. AI-driven...

This research investigates innovative technologies for enhancing ransomware resilience, emphasizing machine learning and reinforcement learning methodologies. The study critically analyzes existing research methodologies, including descriptive analysis, dynamic malware analysis, machine learning models, reinforcement learning, and mixed-methods app...

Malware poses a significant security threat to organisations worldwide, particularly in environments with limited resources. Static analysis has emerged as a crucial technique for gaining insights into malware, but it often requires specialised hardware and software, which can be a barrier for organisations facing financial or supply constraints. T...

The integration of generative AI in cybersecurity marks a transformative leap in combating the growing complexity of cyber threats. This chapter examines generative AI models like generative adversarial networks, variational autoencoders, and transformers, showcasing their role in threat simulation, synthetic data generation, and anomaly detection....

Large Language Models (LLMs) have demonstrated strong capabilities in various code intelligence tasks. However, their effectiveness for Android malware analysis remains underexplored. Decompiled Android code poses unique challenges for analysis, primarily due to its large volume of functions and the frequent absence of meaningful function names. Th...

The rapid evolution of cyber threats necessitates adaptive defense mechanisms beyond traditional rule-based methods. Machine learning (ML) has emerged as a critical tool in cybersecurity, offering robust solutions for detecting anomalies, predicting threats, and automating responses. This paper examines the application of ML models, including super...

Current research socializes malware analysis in virtualized environments, highlighting the relevance of static and dynamic analysis approaches in today's cybersecurity. It aims to provide a controlled environment to assess threats and develop more effective defense strategies against sophisticated cyber-attacks. The methodology includes a test lab...

Modern malware’s escalating sophistication and evasiveness require advanced analytical solutions beyond traditional methods. While Artificial Intelligence (AI) provides some relief, its high processing power demands often result in bottlenecks, particularly when handling large datasets. This paper investigates the potential of quantum machine learn...

With the increasing speed and complexity of cyber attacks malware remains one of the most significant cybersecurity threats faced by organizations, individuals and governments. Traditional signature detection systems struggle to keep pace with evolving zero-day threats, making Machine Learning (ML) a crucial component of modern cybersecurity. With...

Cyber threats are evolving rapidly, posing significant risks to individuals, organizations, and digital infrastructure. Traditional cybersecurity measures, which rely on predefined rules and static defence mechanisms, struggle to counter emerging threats such as zero-day attacks and advanced persistent threats (APTs). The integration of artifici...

The operating system (OS) of a computer controls both its hardware and software. It handles necessary functions including input and output processing, file and memory management, and peripheral device management, including disc drives and printers. Programs created for particular purposes are referred to as application software. These programs, whi...

Since the beginning of computing, malicious software has changed dramatically, becoming more complex and elusive. The increase in ransomware attacks has brought attention to the serious risks that malware poses, affecting not only individuals but also organizations, governments, and vital infrastructure like transportation networks and hospitals. M...

Malware analysis benefits substantially with the help of automation. When it comes to analysing .NET malware samples, there is a dearth of automated analysis tools that provide quality results. Streamlining the malware analysis workflow to assist in completing the process in a timely manner is another challenging task. We determine that adding cont...

When investigating ransomware incidents, DFIR (Digital Forensics and Incident Response) personnel and law enforcement agents are often tasked with performing Forensic Analysis and Reverse Engineering of malware to understand, evaluate and assess key features of the malicious executable to be able to establish authorship and materiality of the cyber...

Ransomware is a type of malware that leverages encryption to execute its attacks. Its continuous evolution underscores its dynamic and ever-changing nature. The evolving variants use varying timelines to launch attacks and associate them with varying attack patterns. Detecting early evolving variants also leads to incomplete attack patterns. To dev...

In an era where cyber threats are increasingly sophisticated, traditional malware detection methods often fall short in identifying and mitigating malicious activities. Malicious software is defined as any software that gains access to a computer system without the authorization of administrators. This paper utilized a combination of Machine learni...

The rapid growth of Internet of Things (IoT) devices has amplified malware risks, challenging traditional detection methods. Conventional machine learning relies on large labeled datasets, which often fall short in addressing emerging malware variants. Furthermore, the uneven distribution of IoT malware families across different CPU architectures c...

In High-Performance Computing (HPC) environments, a comprehensive understanding of cybersecurity threats and their underlying attack strategies is essential. However, current research predominantly focuses on maliciousness determination, typically emphasizing the code's operational behaviors rather than the attack strategies employed. The advanceme...

The increased use of PDF files as a medium for cyberattacks has created significant challenges in data security, especially in terms of detection and mitigation of malware threats designed for data theft. This research aims to analyze malware threats in PDF files using static and dynamic analysis approaches to identify patterns that characterize ma...

With the escalating threat of malware, particularly on mobile devices, the demand for effective analysis methods has never been higher. While existing security solutions, including AI-based approaches, offer promise, their lack of transparency constraints the understanding of detected threats. Manual analysis remains time-consuming and reliant on s...

The domain generation algorithm (DGA) is a popular technique used by malware to reliably establish a connection to a command and control (C&C) server. Pseudo-random domain names generated by DGA are used to bypass security measures and allow attackers to maintain control over malware-infected devices. In this work, we present a two-pronged approach...

Cyber threats, primarily malware, have increased with rapid technological advancements in various fields. This growing complexity requires sophisticated and automated malware detection tools because traditional methods cannot keep up with the sheer volume of threats and their evolution. Detection mechanisms that are resilient against evolved malwar...

The growing complexity of cyber threats requires innovative machine learning techniques, and image-based malware classification opens up new possibilities. Meanwhile, existing research has largely overlooked the impact of noise and obfuscation techniques commonly employed by malware authors to evade detection, and there is a critical gap in using n...

Cybersecurity has become an important priority requiring immediate response. Threats have become a commonplace phenomenon. This paper will examine malware, a kind of cybersecurity encompassing harmful software that expropriates data and jeopardizes privacy and security. We will elucidate the application of malware analysis and machine learning meth...

Cybersecurity threats have become more sophisticated, demanding advanced defense mechanisms that go beyond traditional security measures. Machine learning has emerged as a powerful tool in identifying, predicting, and mitigating cyber threats. By leveraging vast datasets, machine learning algorithms can detect patterns, anomalies, and potential vul...

Binary program dependence analysis is pivotal for security applications such as vulnerability detection and malware analysis, yet faces significant challenges due to path explosion, indirect branches, and over-approximation. This survey systematically examines state-of-the-art techniques, including value set analysis (VSA), path-sampling methods (B...

With the widespread adoption of smartphones and the exponential growth of the mobile Internet, the Android platform has emerged as a highly popular choice. However, the platform’s open-source nature has also made it vulnerable to a surge in malware attacks. To address this pressing issue, this research paper introduces a robust malware detection sy...

Ransomware poses a severe and evolving threat to cyber security, demanding continuous advancements in analysis and detection techniques. This thesis successfully tackles several critical research gaps in this domain, offering essential resources and findings for researchers aiming to enhance the effectiveness and resilience of ransomware mitigation...

In an ecosystem where education is done through software interaction, the security of those systems is one key aspect which should not trouble the educators nor the children and students that interact with them. The article addresses a problem that is growing every day, new malware samples, which steal data [10], encrypt data and ask for a ransom [...

The rapid growth of mobile applications has escalated Android malware threats. Although there are numerous detection methods, they often struggle with evolving attacks, dataset biases, and limited explainability. Large Language Models (LLMs) offer a promising alternative with their zero-shot inference and reasoning capabilities. However, applying L...

Digital assets have become an essential part of modern economies and the global digital ecosystem. As cyber threats become more sophisticated and pervasive, the need for advanced security measures to protect digital assets has never been more critical. Artificial Intelligence (AI) offers a promising solution by enhancing the ability to detect, prev...

The rapid evolution of malware has necessitated the development of sophisticated detection methods that go beyond traditional signature-based approaches. Graph learning techniques have emerged as powerful tools for modeling and analyzing the complex relationships inherent in malware behavior, leveraging advancements in Graph Neural Networks (GNNs)...

Malware has emerged as a significant threat to end-users, businesses, and governments, resulting in financial losses of billions of dollars. Cybercriminals have found malware to be a lucrative business because of its evolving capabilities and ability to target diverse platforms such as PCs, mobile devices, IoT, and cloud platforms. While previous s...

Malware has been increasing exponentially, while cybersecurity threats, in general, are becoming more complex at the same time securing large networks becomes a challenge. Traditional techniques for detecting malware are not bad, but they often do not keep pace with the changing nature of malware. The paper investigates using Artificial Intelligenc...

Millions of new pieces of malicious software (i.e., malware) are introduced each year. This poses significant challenges for antivirus vendors, who use machine learning to detect and analyze malware, and must keep up with changes in the distribution while retaining knowledge of older variants. Continual learning (CL) holds the potential to address...

Digital forensics is a rapidly evolving field that plays a critical role in investigating cybercrime, data breaches, and illicit activities across various domains, including blockchain, cryptocurrency, and the dark web. This paper explores key areas of digital forensics, including computer forensics, mobile forensics, network forensics, cloud foren...

Malware, or malicious software, is defined as any software that is purposely meant to harm computers, networks, or users. Malware is a broad term that refers to numerous forms of malicious programs used by cybercriminals to steal data, disrupt operations, or gain illegal access to networks.In order to analyse and represent the data, many different...

Generative Adversarial Networks (GANs) have emerged as a revolutionary deep-learning approach with significant implications in cybersecurity. Originally designed for data generation, GANs have been adapted for both defensive and offensive applications in cybersecurity. They offer substantial benefits in threat detection, malware analysis, intrusion...

The escalating complexity of cyber threats, coupled with the rapid evolution of digital landscapes, poses significant challenges to traditional cybersecurity mechanisms. This review explores the transformative role of LLMs in addressing critical challenges in cybersecurity. With the rapid evolution of digital landscapes and the increasing sophistic...

As the Web of Things (IoT) gadgets have advanced, there have been disastrous assaults on them, which have compromised the security of numerous IT consultants & also resulted in expanded costs for client and consultants. Mirai is one malware that has affected the world and pulled in worldwide consideration. There are a few ways to distinguish Mirai,...

The rapid advancements in cyber-attack strategies are in parallel with the measures for detection, analysis, and prevention. Attackers have recently developed fileless malware that can simply bypass existing security mechanisms. The high complexity of malware and the attacks rises in today’s world because malware increases the chance of cyberwar in...

The rapid growth of cyber threats and the increasing complexity of attack techniques demand advanced solutions for protecting systems, networks, and sensitive data. Artificial Intelligence (AI) and Machine Learning (ML) have proven highly effective in a wide range of cybersecurity applications, from detecting malicious activities to automating defe...

The .NET framework is widely used for software development, making it a target for a significant number of malware attacks by developing malicious executables. Previous studies on malware detection often relied on developing generic detection methods for Windows malware that were not tailored to the unique characteristics of .NET executables. As a...

In the internet and smart devices era, malware detection has become crucial for system security. Obfuscated malware poses significant risks to various platforms, including computers, mobile devices, and IoT devices, by evading advanced security solutions. Traditional heuristic-based and signature-based methods often fail against these threats. Ther...

Malware analysis stands out as one of the major tasks in cybersecurity as it involves the identification and classification of malware specimens that could potentially pose threats. The traditional methods of malware detection have been effective, although the transparency level in decision-making is very low. Thus, this paper proposes the combinat...

Malware analysis is a complex process of examining and evaluating malicious software's functionality, origin, and potential impact. This arduous process typically involves dissecting the software to understand its components, infection vector, propagation mechanism, and payload. Over the years, deep reverse engineering of malware has become increas...

Malware authors and software protection frameworks often use anti-debugging techniques to hinder understanding of the underlying code. Companies use anti-debugging techniques to prevent intellectual property, including music, movies, and games, from being stolen or abused by malicious actors. In addition, the encryption of program data or private d...

The ever-escalating prevalence of malware is a serious cybersecurity threat, often requiring advanced post-incident forensic investigation techniques. This paper proposes a framework to enhance malware forensics by leveraging reinforcement learning (RL). The approach combines heuristic and signature-based methods, supported by RL through a unified...

The growing complexity and frequency of cyber threats in cloud environments call for innovative and automated solutions to maintain effective and efficient incident response. This study tackles this urgent issue by introducing a cutting-edge AI-driven cyber incident response system specifically designed for cloud platforms. Unlike conventional meth...

This paper highlights the critical role of Machine Learning (ML) in combating the dynamic nature of cybersecurity threats. Unlike previous studies focusing mainly on static analysis, this work surveys the literature on dynamic analysis-based malware generation and detection. The study addresses the complexities of applying GANs to tabular data with...

Malware attacks have a significant negative impact on organizations of varied scales in the field of cybersecurity. Recently, malware researchers have increasingly turned to machine learning techniques to combat sophisticated obfuscation methods used in malware. However, collecting a diverse set of malware samples with various obfuscation technique...

In the era of digitalization, a major issue that must be addressed is cyber security. The use of technologies and advancements has endangered the user's information and data. Here, the main focus is on malware that should be detected in the early stages. Malware detection identifies and mitigates malicious software threats to computer systems and n...

Android malware detection remains a critical issue for mobile security. Cybercriminals target Android since it is the most popular smartphone operating system (OS). Malware detection, analysis, and classification have become diverse research areas. This paper presents a smart sensing model based on large language models (LLMs) for developing and cl...

The research in the area of malware analysis is very popular, with an accent on machine learning algorithms that help automate this subject. One of the leading portals that help researchers with dataset problems is VirusTotal, providing free academic accounts with hundreds of thousands of malware samples with metadata. This work contributes with...

The rise of sophisticated cyber threats, such as malware and network intrusions, necessitates the use of Artificial Intelligence (AI) for efficient and accurate detection. However, traditional AI models often operate as black boxes, leaving security analysts without insights into the reasoning behind critical decisions. Explainable AI (XAI) address...

The use of digital technology has increased rapidly, presenting new challenges such as cybercrime, online fraud and money laundering. To address these threats, digital forensic tools have become crucial in investigating and analyzing electronic evidence to combat increasingly complex digital crimes. Therefore, research and development in the field...

Purpose: This study aims to analyze the WannaCry ransomware using Kali Linux and the Common Access Platform Assistant (CAPA) method to provide a deeper understanding of the malware's attack tactics, capabilities, and behaviors. Methods/Study design/approach: The research was conducted by installing CAPA version 7.4.0 downloaded from GitHub, followe...

The range of threats of Android malware has grown due to the widespread use of Android devices. The intricacy and diversity of malware is always changing, making it difficult for conventional signature-based detection techniques to stay current. In this regard, network traffic analysis is a viable method for identifying and categorizing Android mal...

The purpose of studying the intersection of Generative AI and Cybersecurity is multifaceted and crucial in our increasingly digital world. Firstly, Generative AI, with its ability to create content autonomously, presents both opportunities and risks in the realm of cybersecurity. The design of a study focusing on Generative AI and Cybersecurity wou...

Enhancing Cyber Defense Strategies Through Machine Learning Algorithms The increasing sophistication of cyberattacks poses a significant challenge to traditional cybersecurity measures, prompting the need for more advanced and adaptive defense strategies. This paper explores the potential of leveraging machine learning (ML) algorithms to enhance cy...

With the potential for quantum computing to completely transform cybersecurity, quantum machine learning is becoming a ground-breaking technology. Cyber-attacks have been successfully countered by traditional network defense systems, which mostly use conventional machine learning (ML) techniques. However, the growing complexity of assaults and the...

"Machine Learning for Cybersecurity: Threat Detection and Mitigation" delves into the transformative role of machine learning in addressing contemporary cybersecurity challenges. This reprint provides an in-depth exploration of how advanced techniques such as deep learning, natural language processing, and explainable AI are revolutionizing intrusi...

As malware continues to evolve in complexity and scope, the necessity for robust detection and analysis techniques becomes increasingly critical. While Artificial Intelligence (AI) has significantly enhanced malware detection capabilities, its "black-box" nature raises concerns regarding trust, interpretability, and usability in security operations...

The rapid expansion of digital ecosystems has been paralleled by an increase in the sophistication and frequency of cyberattacks, posing significant threats to individuals, organizations, and governments worldwide. Traditional cybersecurity approaches often struggle to adapt to the evolving tactics of malicious actors. Deep learning, a subset of ar...

As the digital landscape evolves, cybersecurity threats are becoming increasingly sophisticated, posing significant challenges to organizations and individuals alike. Traditional defense mechanisms are often inadequate to address the rapidly changing nature of cyberattacks. This paper explores the role of AI-powered solutions in mitigating these ev...

The SolarWinds compromise was one of the most significant cyberattacks of the 21st century, not because it breached a single organization, but because it triggered a much larger supply chain incident that affected thousands of organizations globally. Attributed to the Advanced Persistent Threat (APT29) threat group, this attack leveraged sophistica...

In recent years, significant research has been directed towards the taxonomy of malware variants. Nevertheless, certain challenges persist, including the inadequate accuracy of sample classification within similar malware families, elevated false-negative rates, and significant processing time and resource consumption. Malware developers have effec...

Malware analysis is a complex process of examining and evaluating malicious software’s functionality, origin, and potential impact. This arduous process typically involves dissecting the software to understand its components, infection vector, propagation mechanism, and payload. Over the years, deep reverse engineering of malware has become increas...

This research delves into ethical hacking and penetration testing, spotlighting their methodologies, tools, and real-world applications. We explore concepts such as vulnerability assessment, malware analysis, and evasion strategies for IDS and firewalls, emphasizing how they enhance system security and preempt malicious attacks.

Binary function similarity, which often relies on learning-based algorithms to identify what functions in a pool are most similar to a given query function, is a sought-after topic in different communities, including machine learning, software engineering, and security. Its importance stems from the impact it has in facilitating several crucial tas...

Pre-trained models have witnessed significant progress in nature language (including source code) and binary code comprehension. However, none of them are suitable for binary functionality classification (BFC). In this paper, we present the first pre-trained model-based solution to BFC, namely PromeTrans, by fusing the knowledge of pre-trained mode...

One of the latest modern communication devices is a mobile device seriously affected by multiple malware. Malware is a virus software installed automatically by hackers on various computing devices. Malware corrupts the system software, kills *.exe files, and tries to access user-sensitive data from the device. Around the world, 80% of people use s...

In the rapidly evolving landscape of cybersecurity, Artificial Intelligence (AI) has become an indispensable tool for defending against an increasingly complex array of cyber threats. This research examines the contrasting roles of traditional AI and generative AI in modern cybersecurity defense, focusing on their methodologies, applications, stren...

This study examines the cybersecurity vulnerabilities of energy IT infrastructure in the context of rapid digital transformation and network expansion. While these advancements have improved efficiency, they have also increased susceptibility to cyber threats, particularly from malware such as Industroyer, Triton, NotPetya, and BlackEnergy3. By ana...

Nowadays, the internet of things (IoT) significantly impacts people’s lives, reaching hundreds of billions of devices connected to the World Wide Web. Given the popularity of smart devices, the amount of cyber-attacks targeting technology has grown in the past few years. Malware is currently the main cyber-villain in IoT situations due to the ongoi...

Sandboxes and other dynamic analysis processes are prevalent in malware detection systems nowadays to enhance the capability of detecting 0-day malware. Therefore, techniques of anti-dynamic analysis (TADA) are prevalent in modern malware samples, and sandboxes can suffer from false negatives and analysis failures when analyzing the samples with TA...

As cyber threats grow in frequency and sophistication, they pose significant risks to individuals, organizations, and governments worldwide. Traditional cybersecurity measures, which often rely on reactive responses, struggle to address the complexities and speed of modern cyber-attacks. Artificial Intelligence (AI) has emerged as a transformative...

Malware analysis is a critical aspect of cybersecurity, aiming to identify and differentiate malicious software from benign programmes to protect computer systems from security threats. Despite advancements in cybersecurity measures, malware continues to pose significant risks in cyberspace, necessitating accurate and rapid analysis methods. This p...

Cybercriminal profiling and cyber-attack attribution have been elusive goals world-wide, due to their effects on societal and geopolitical balance and stability. Attributing actions to a group or state is a complex endeavour, with traditional established approaches including cyber threat intelligence and analysis of technical means such as malware...

In the face of increasingly sophisticated cyber threats, the need for advanced cybersecurity solutions has never been more critical. This paper explores the revolutionary potential of leveraging machine learning (ML) in enhancing network security and information security infrastructures. As traditional security measures struggle to keep pace with t...

The rapid growth in Internet usage and advancements in network technologies have escalated the risk of network attacks. As the adoption of encryption protocols increases, so does the difficulty in identifying malware within encrypted traffic. Malware represents a significant danger in cyberspace, as it compromises personal data and harms computer s...

1. Introduction Deep learning (DL) procedures have arisen to be successful apparatuses for improving security in different spaces. Such procedures influence the abilities of deep learning networks to gain and recognize features through huge sums of information, empowering further hearty and proficient security arrangements. Whenever employed to clo...

Since Android is the popular mobile operating system worldwide, malicious attackers seek out Android smartphones as targets. The Android malware can be identified through a number of established detection techniques. However, the issues presented by modern malware cannot be met by traditional signature or heuristic-based malware detection methods....

Smartphones are intricately connected to the modern society. The two widely used mobile phone operating systems, iOS and Android, profoundly affect the lives of millions of people. Android presently holds a market share of close to 71% among these two. As a result, if personal information is not securely protected, it is at tremendous risk. On the...

Machine learning (ML) is being used to improve intrusion detection mechanisms and identification in cyber security. Network data volume scaling (with the help of Machine learning) — Automated analysis and pattern recognition for large amounts of network-data, thereby detection of anomalies / potentially malicious activities that escape current rule...

Binary Code Similarity Analysis (BCSA) has a wide spectrum of applications, including plagiarism detection, vulnerability discovery, and malware analysis, thus drawing significant attention from the security community. However, conventional techniques often face challenges in balancing both accuracy and scalability simultaneously. To overcome these...