Explore the vast range of titles available.

The evolution of recent malicious software with the rising use of digital services has increased the probability of corrupting data, stealing information, or other cybercrimes by malware attacks. Therefore, malicious software must be detected before it impacts a large number of computers. Recently, many malware detection solutions have been proposed by researchers. However, many challenges limit these solutions to effectively detecting several types of malware, especially zero-day attacks due to obfuscation and evasion techniques, as well as the diversity of malicious behavior caused by the rapid rate of new malware and malware variants being produced every day. Several review papers have explored the issues and challenges of malware detection from various viewpoints. However, there is a lack of a deep review article that associates each analysis and detection approach with the data type. Such an association is imperative for the research community as it helps to determine the suitable mitigation approach. In addition, the current survey articles stopped at a generic detection approach taxonomy. Moreover, some review papers presented the feature extraction methods as static, dynamic, and hybrid based on the utilized analysis approach and neglected the feature representation methods taxonomy, which is considered essential in developing the malware detection model. This survey bridges the gap by providing a comprehensive state-of-the-art review of malware detection model research. This survey introduces a feature representation taxonomy in addition to the deeper taxonomy of malware analysis and detection approaches and links each approach with the most commonly used data types. The feature extraction method is introduced according to the techniques used instead of the analysis approach. The survey ends with a discussion of the challenges and future research directions.

Recently, malware has become more abundant and complex as the Internet has become more widely used in daily services. Achieving satisfactory accuracy in malware detection is a challenging task since malicious software exhibit non-relevant features when they change the performed behaviors as a result of their awareness of the analysis environments. However, the existing solutions extract features from the entire collected data offered by malware during the run time. Accordingly, the actual malicious behaviors are hidden during the training, leading to a model trained using unrepresentative features. To this end, this study presents a feature extraction scheme based on the proposed dynamic initial evasion behaviors determination (DIEBD) technique to improve the performance of evasive malware detection. To effectively represent evasion behaviors, the collected behaviors are tracked by examining the entropy distributions of APIs-gram features using the box-whisker plot algorithm. A feature set suggested by the DIEBD-based feature extraction scheme is used to train machine learning algorithms to evaluate the proposed scheme. Our experiments’ outcomes on a dataset of benign and evasive malware samples show that the proposed scheme achieved an accuracy of 0.967, false positive rate of 0.040, and F1 of 0.975.

Phishing attacks, which have existed for several decades and continue to be a major problem today, constitute a severe threat in the cyber world. Attackers are adopting multiple new and creative methods through which to conduct phishing attacks, which are growing rapidly. Therefore, there is a need to conduct a comprehensive review of past and current phishing approaches. In this paper, a review of the approaches used during phishing attacks is presented. This paper comprises a literature review, followed by a comprehensive examination of the characteristics of the existing classic, modern, and cutting-edge phishing attack techniques. The aims of this paper are to build awareness of phishing techniques, educate individuals about these attacks, and encourage the use of phishing prevention techniques, in addition to encouraging discourse among the professional community about this topic.

Deep learning, which is originated from an artificial neural network (ANN), is one of the major technologies of today’s smart cybersecurity systems or policies to function in an intelligent manner. Popular deep learning techniques, such as multi-layer perceptron, convolutional neural network, recurrent neural network or long short-term memory, self-organizing map, auto-encoder, restricted Boltzmann machine, deep belief networks, generative adversarial network, deep transfer learning, as well as deep reinforcement learning, or their ensembles and hybrid approaches can be used to intelligently tackle the diverse cybersecurity issues. In this paper, we aim to present a comprehensive overview from the perspective of these neural networks and deep learning techniques according to today’s diverse needs. We also discuss the applicability of these techniques in various cybersecurity tasks such as intrusion detection, identification of malware or botnets, phishing, predicting cyberattacks, e.g. denial of service, fraud detection or cyberanomalies, etc. Finally, we highlight several research issues and future directions within the scope of our study in the field. Overall, the ultimate goal of this paper is to serve as a reference point and guidelines for the academia and professionals in the cyber industries, especially from the deep learning point of view.

This study enhances cybersecurity risk assessment by integrating Bayesian Networks (BN) and Logistic Regression (LR) models, using data from the CISA Known Exploited Vulnerabilities catalog. First, a probabilistic causal model is built as a BN to capture complex interdependencies among vulnerability characteristics such as CVSS score, exploit complexity, and attack vector. Conditional probabilities of exploitation are calculated, providing a nuanced, evidence-based understanding of each factor’s contribution to risk. Second, these posterior probabilities serve as input features for an LR classifier, combining the BN’s dependency structure with LR’s discriminative power to predict vulnerability risk levels. Parameter estimation employs maximum likelihood methods, supplemented by expert knowledge where data are sparse. When applied to 775 vulnerability records, the BN–LR hybrid achieves an accuracy rate of 97% and a ROC-AUC of 0.1 on the held-out test set, outperforming both standalone BN (accuracy 86.7%, AUC 0.89) and standalone LR (accuracy 88.1%, AUC 0.90). Sensitivity analysis further highlights that CVSS score and exploit complexity carry the greatest influence on risk predictions. By quantifying both causal relationships and classification boundaries, the integrated model not only improves predictive performance but also offers clear insights into which attributes most strongly drive potential exploits. This practical tool thus enables security teams to prioritize remediation efforts effectively, strengthening organizational vulnerability management and overall security posture.

The increasing sophistication of cyberattacks on smart grid infrastructure demands advanced anomaly detection and recovery systems that balance high recall rates with acceptable precision while providing reliable data restoration capabilities. This study presents an optimized two-stage anomaly detection and recovery system combining an enhanced TimerXL detector with a DeBERTa-v3-based verification and recovery mechanism. The first stage employs an optimized increment-based detection algorithm achieving 95.0% for recall and 54.8% for precision through multidimensional analysis. The second stage leverages a modified DeBERTa-v3 architecture with comprehensive 25-dimensional feature engineering per variable to verify potential anomalies, improving the precision to 95.1% while maintaining 84.1% for recall. Key innovations include (1) a balanced loss function combining focal loss (α = 0.65, γ = 1.2), Dice loss (weight = 0.5), and contrastive learning (weight = 0.03) to reduce over-rejection by 73.4%; (2) an ensemble verification strategy using multithreshold voting, achieving 91.2% accuracy; (3) optimized sample weighting prioritizing missed positives (weight = 10.0); (4) comprehensive feature extraction, including frequency domain and entropy features; and (5) integration of a generative time series model (TimER) for high-precision recovery of tampered data points. Experimental results on 2000 hourly smart grid measurements demonstrate an F1-score of 0.873 ± 0.114 for detection, representing a 51.4% improvement over ARIMA (0.576), 621% over LSTM-AE (0.121), 791% over standard Anomaly Transformer (0.098), and 904% over TimesNet (0.087). The recovery mechanism achieves remarkably precise restoration with a mean absolute error (MAE) of only 0.0055 kWh, representing a 99.91% improvement compared to traditional ARIMA models and 98.46% compared to standard Anomaly Transformer models. We also explore an alternative implementation using the Lag-LLaMA architecture, which achieves an MAE of 0.2598 kWh. The system maintains real-time capability with a 66.6 ± 7.2 ms inference time, making it suitable for operational deployment. Sensitivity analysis reveals robust performance across anomaly magnitudes (5–100 kWh), with the detection accuracy remaining above 88%.

PurposeThis study examines the preparedness and responsiveness of Malaysian academic librarians in handling disruptions in library services during a disaster.Design/methodology/approachThis qualitative approach involved semi-structured interviews with decision-makers, chief librarians and library managers from five selected public universities.FindingsThematic and qualitative data analysis produced several key themes based on (1) disaster preparedness involving policies, plans, asset protection, risk management, coordination of disaster management and preparative measures; and (2) disaster response involving strategies for information and communication access, community engagement, emergency response teams and procedures, and resource availability.Practical implicationsThe findings are expected to be useful for policymakers in formulating policies and guidelines for library disaster management plans.Social implicationsThe interruptions of academic library services during a disaster may result in the disruption of the information sources and social information networks of students, academics and researchers alike. Effective disaster management is also the library’s responsibility to protect collections that belong to society at large.Originality/valueThis is one of the first attempts in disaster management research to focus on the preparedness and responses of academic libraries in Malaysia in the face of disasters. Therefore, the results of this study can be used as a baseline for policymakers to prepare policies, guidelines and manuals for management in the event of a disaster.

Ensuring the security of integrated circuits (ICs) requires reliable detection and precise localization of Hardware Trojans (HTs), which remain challenging due to increasing design complexity and lack of golden references. This paper introduces a machine learning framework that integrates graph-based modeling, Graph Neural Networks (GNNs), and nearest neighbour (NN) enhancement for fast and accurate HT detection at the gate-level netlist without relying on the golden reference. Three different machine learning models are employed in the present work. Case-I uses a decision tree classifier with Principal Component Analysis (PCA) for binary detection of Trojan presence, as a reference model. The decision tree based machine learning model is initially validated against the formal verification method. The decision tree model is only able to identify HT presence without localizing the locations of HT in the circuit. Case-II uses a GNN-based graph-to-graph classification, distinguishing clean netlists from the infected one at sub-graph level (coarse grained). The model is able to map the infected sub-graphs back to the initial netlist circuit for the pinpointing of HTs at sub-graph level. Case-III uses a further simplified model with GNN-based node classification, enabling fine-grained localization of compromised gates in the circuit using only nodes. This model is ideal for pinpointing the exact Trojan locations within large-scale circuits. Subsequently, NN based concept is embedded with GNN models for further enhancing the detection accuracy of Case-II (accuracy improved from 62.8% to 97.7%) and Case-III (accuracy improved from 79.8% to 97.7%). Also, the scalability of the proposed approaches across diverse Trojan types, including combinational, sequential, and state-triggered attacks are validated by experiments carried on Trust-Hub benchmarks and Yosys-generated datasets. Comparative evaluation with state-of-the-art methods demonstrates superior performance, achieving 98.5% precision, 99.1% recall, and 96.7% F1-score, while maintaining computational efficiency. By combining graph structural learning with NN-based contextual refinement, the proposed work delivers a high-performance, architecture-agnostic solution for detecting and localizing hardware Trojans in modern ICs as tested against unknown designs.

Frequency of malware attacks because Android apps are increasing day by day. Current studies have revealed startling facts about data harvesting incidents, where user’s personal data is at stake. To preserve privacy of users, a permission induced risk interface MalApp to identify privacy violations rising from granting permissions during app installation is proposed. It comprises of multi-fold process that performs static analysis based on app’s category. First, concept of reverse engineering is applied to extract app permissions to construct a Boolean-valued permission matrix. Second, ranking of permissions is done to identify the risky permissions across category. Third, machine learning and ensembling techniques have been incorporated to test the efficacy of the proposed approach on a data set of 404 benign and 409 malicious apps. The empirical studies have identified that our proposed algorithm gives a best case malware detection rate of 98.33%. The highlight of interface is that any app can be classified as benign or malicious even before running it using static analysis.

The traditional signature-based detection method requires detailed manual analysis to extract the signatures of malicious samples, and requires a large number of manual markers to maintain the signature library, which brings a great time and resource costs, and makes it difficult to adapt to the rapid generation and mutation of malware. Methods based on traditional machine learning often require a lot of time and resources in sample labeling, which results in a sufficient inventory of unlabeled samples but not directly usable. In view of these issues, this paper proposes an effective malware classification framework based on malware visualization and semi-supervised learning. This framework includes mainly three parts: malware visualization, feature extraction, and classification algorithm. Firstly, binary files are processed directly through visual methods, without assembly, decompression, and decryption; Then the global and local features of the gray image are extracted, and the visual image features extracted are fused on the whole by a special feature fusion method to eliminate the exclusion between different feature variables. Finally, an improved collaborative learning algorithm is proposed to continuously train and optimize the classifier by introducing features of inexpensive unlabeled samples. The proposed framework was evaluated over two extensively researched benchmark datasets, i.e., Malimg and Microsoft. The results show that compared with traditional machine learning algorithms, the improved collaborative learning algorithm can not only reduce the cost of sample labeling but also can continuously improve the model performance through the input of unlabeled samples, thereby achieving higher classification accuracy.