Explore the vast range of titles available.

Malware has emerged as a significant threat to end-users, businesses, and governments, resulting in financial losses of billions of dollars. Cybercriminals have found malware to be a lucrative business because of its evolving capabilities and ability to target diverse platforms such as PCs, mobile devices, IoT, and cloud platforms. While previous studies have explored single platform-based malware detection, no existing research has comprehensively reviewed malware detection across diverse platforms using machine learning (ML) techniques. With the rise of malware on PC or laptop devices, mobile devices and IoT systems are now being targeted, posing a significant threat to cloud environments. Therefore, a platform-based understanding of malware detection and defense mechanisms is essential for countering this evolving threat. To fill this gap and motivate further research, we present an extensive review of malware detection using ML techniques with respect to PCs, mobile devices, IoT, and cloud platforms. This paper begins with an overview of malware, including its definition, prominent types, analysis, and features. It presents a comprehensive review of machine learning-based malware detection from the recent literature, including journal articles, conference proceedings, and online resources published since 2017. This study also offers insights into the current challenges and outlines future directions for developing adaptable cross-platform malware detection techniques. This study is crucial for understanding the evolving threat landscape and for developing robust detection strategies.

The evolution of recent malicious software with the rising use of digital services has increased the probability of corrupting data, stealing information, or other cybercrimes by malware attacks. Therefore, malicious software must be detected before it impacts a large number of computers. Recently, many malware detection solutions have been proposed by researchers. However, many challenges limit these solutions to effectively detecting several types of malware, especially zero-day attacks due to obfuscation and evasion techniques, as well as the diversity of malicious behavior caused by the rapid rate of new malware and malware variants being produced every day. Several review papers have explored the issues and challenges of malware detection from various viewpoints. However, there is a lack of a deep review article that associates each analysis and detection approach with the data type. Such an association is imperative for the research community as it helps to determine the suitable mitigation approach. In addition, the current survey articles stopped at a generic detection approach taxonomy. Moreover, some review papers presented the feature extraction methods as static, dynamic, and hybrid based on the utilized analysis approach and neglected the feature representation methods taxonomy, which is considered essential in developing the malware detection model. This survey bridges the gap by providing a comprehensive state-of-the-art review of malware detection model research. This survey introduces a feature representation taxonomy in addition to the deeper taxonomy of malware analysis and detection approaches and links each approach with the most commonly used data types. The feature extraction method is introduced according to the techniques used instead of the analysis approach. The survey ends with a discussion of the challenges and future research directions.

Artificial intelligence (AI) is increasingly being utilized in cybersecurity, particularly for detecting malicious applications. However, the black-box nature of AI models presents a significant challenge. This lack of transparency makes it difficult to understand and trust the results. In order to address this, it is necessary to incorporate explainability into the detection model. There is insufficient research to provide reasons why applications are detected as malicious or explain their behavior. In this paper, we propose a method of a Vision Transformer(ViT)-based malware detection model and malicious behavior extraction using an attention map to achieve high detection accuracy and high interpretability. Malware detection uses a ViT-based model, which takes an image as input. ViT offers a significant advantage for image detection tasks by leveraging attention mechanisms, enabling robust interpretation and understanding of the intricate patterns within the images. The image is converted from an application. An attention map is generated with attention values generated during the detection process. The attention map is used to identify factors that the model deems important. Class and method names are extracted and provided based on the identified factors. The performance of the detection was validated using real-world datasets. The malware detection accuracy was 80.27%, which is a high level of accuracy compared to other models used for image-based malware detection. The interpretability was measured in the same way as the F1-score, resulting in an interpretability score of 0.70. This score is superior to existing interpretable machine learning (ML)-based methods, such as Drebin, LIME, and XMal. By analyzing malicious applications, we also confirmed that the extracted classes and methods are related to malicious behavior. With the proposed method, security experts can understand the reason behind the model’s detection and the behavior of malicious applications. Given the growing importance of explainable artificial intelligence in cybersecurity, this method is expected to make a significant contribution to this field.

In this paper, we explore how incident handling procedures are currently being implemented to efficiently mitigate malicious software. Additionally, it aims to provide a contextual understanding of diverse malcodes and their operational processes. This study also compares various ways of detecting adware against a selection of anti-virus software. Moreover, this paper meticulously examines the evolution of hacking, covering the methods employed and the actors involved. A comparative analysis of three prominent malware detection tools, Google Rapid Response (GRR), Wireshark, and VirusTotal, is also conducted, aiding in informed decision-making for enhancing application security. This paper reaches its conclusion by conducting an exhaustive analysis of two case studies, offering valuable insights into a diverse range of potential leaks and virus attacks that may pose threats to various conglomerates. In essence, this article provides a comprehensive overview that spans incident handling procedures, the historical development of hacking, and the diverse spectrum of tools accessible for achieving effective malware detection.

The rapid increase in new malware necessitates effective detection methods. While machine learning techniques have shown promise for malware detection, most research focuses on identifying malware through the content of executable files or full behavior logs collected from process start to finish. However, detecting threats like ransomware via full logs is redundant, as this malware type openly informs users of the infection. To address this, we present LEDA, a novel malware detection architecture designed to monitor process behavior during execution and to identify malicious actions in real time. LEDA dynamically learns the most relevant features for detection and optimally triggers model evaluations to minimize the performance impact perceived by users. We evaluated LEDA using a dataset of Windows malware and legitimate applications collected over a year, examining our model’s temporal decay in effectiveness.

The detection of zero-day malware represents one of the most significant challenges in contemporary cybersecurity. In this paper, we introduce a novel concept called “Negative-One-Day Malware Detection”, which aims to identify potentially malicious software before it is actually created by threat actors. Our approach leverages recent advancements in generative AI, specifically diffusion-based generative models, to generate and analyze potential future malware variants. By doing so, we can train detection systems to recognize these variants before they emerge in the wild, thereby closing the critical protection gap that currently exists between malware creation and detection. We demonstrate the effectiveness of our approach through extensive experimentation, showing that our framework can generate executable malware samples that combine characteristics from different families while exhibiting novel behaviors. These synthetically generated samples significantly improve the detection capabilities of security systems when incorporated into training data, providing a proactive rather than reactive approach to cybersecurity.

Malware remains a big threat to cyber security, calling for machine learning-based malware detection. Malware variations exhibit common behavioral patterns indicative of their source and intended use to enhance the existing framework’s usefulness. Here we present a novel model, i.e., African Vulture Optimization-based Decision Tree (AVO-DT) to increase the overall optimization. The datasets from Android apps and malware software train the AVO-DT model. After training, the datasets are pre-processed by removing training errors. The DT algorithm is used by the developed AVO model to carry out the detection procedure and predict malware activity. To detect malware activities and improve accuracy, such an AVO-DT model technique employs both static and dynamic methodologies. The other measurements on Android applications might be either malicious or benign. Here we also developed malware prevention and detection systems to address ambiguous search spaces in multidimensionality difficulties and resolve optimization challenges.

In this paper, we propose two defense methods against adversarial attack to a malware detection system for mobile multimedia applications in IoT environments. They are Robust-NN and a combination of convolutional neural network and 1- nearest neighbors(C4N) which modify training data that has been poisoned by an adversarial attack. As a result, the trained machine learning model will be accurate and if the malicious program is entered by any IoT device, the model generates necessary alerts. We provide an explanation of the used attack method and the algorithms proposed to defend against this attack. In order to evaluate the suitability of the proposed defense methods, sufficient analysis is presented, i.e. Drebin, Contagio and Genome datasets which include benign and malware Android apps are applied to perform experiments. To confirm the effectiveness of the suggested defense algorithms, this paper compared their performance with two state-of-the-art defense algorithms used to detect adversarial samples, namely e2SAD and EAT. The experiments are performed on two types of API and Permission features from the mentioned datasets. The results confirm that accuracy rates of classification algorithms decrease to 40% after attack in some cases (related to Drebin dataset by reviewing API feature sets). Additionally, the accuracy rates increase to 94.94% and 96.03% by applying Robust-NN and C4N algorithms, respectively. Therefore, they are comparable with existing cutting-edge defense algorithms. Also, the adversarial attack increased the FPR to 45.81% which will be reduced to 4.84% and 4.15% using Robust-NN and C4N, respectively. Consequently, the proposed methods will be robust against adversarial attacks.

With the rapid proliferation of Android smartphones, mobile malware threats have escalated significantly, underscoring the need for more accurate and adaptive detection solutions. This work proposes an innovative deep learning hybrid model that combines Convolutional Neural Networks (CNNs) with Bidirectional Long Short-Term Memory (BiLSTM) networks for learning both local features and sequential behavior in Android applications. To improve the relevance and clarity of the input data, Mutual Information is applied for feature selection, while Bayesian Optimization is adopted to efficiently optimize the model’s parameters. The designed system is tested on standard Android malware datasets and achieves an impressive detection accuracy of 99.3%, clearly outperforming classical approaches such as Support Vector Machines (SVMs), Random Forest, CNN, and Naive Bayes. Moreover, it delivers strong outcomes across critical evaluation metrics like F1-score and ROC-AUC. These findings confirm the framework’s high efficiency, adaptability, and practical applicability, making it a compelling solution for Android malware detection in today’s evolving threat landscape.

The widespread adoption of Internet of Things (IoT) devices has resulted in notable progress in different fields, improving operational effectiveness while also raising concerns about privacy due to their vulnerability to virus attacks. Further, the study suggests using an advanced approach that utilizes machine learning, specifically the Wide Residual Network (WRN), to identify hidden malware in IoT systems. The research intends to improve privacy protection by accurately identifying malicious software that undermines the security of IoT devices, using the MalMemAnalysis dataset. Moreover, thorough experimentation provides evidence for the effectiveness of the WRN-based strategy, resulting in exceptional performance measures such as accuracy, precision, F1-score, and recall. The study of the test data demonstrates highly impressive results, with a multiclass accuracy surpassing 99.97% and a binary class accuracy beyond 99.98%. The results emphasize the strength and dependability of using advanced deep learning methods such as WRN for identifying hidden malware risks in IoT environments. Furthermore, a comparison examination with the current body of literature emphasizes the originality and efficacy of the suggested methodology. This research builds upon previous studies that have investigated several machine learning methods for detecting malware on IoT devices. However, it distinguishes itself by showcasing exceptional performance metrics and validating its findings through thorough experimentation with real-world datasets. Utilizing WRN offers benefits in managing the intricacies of malware detection, emphasizing its capacity to enhance the security of IoT ecosystems. To summarize, this work proposes an effective way to address privacy concerns on IoT devices by utilizing advanced machine learning methods. The research provides useful insights into the changing landscape of IoT cybersecurity by emphasizing methodological rigor and conducting comparative performance analysis. Future research could focus on enhancing the recommended approach by adding more datasets and leveraging real-time monitoring capabilities to strengthen IoT devices’ defenses against new cybersecurity threats.