Explore the vast range of titles available.

The evolution of recent malicious software with the rising use of digital services has increased the probability of corrupting data, stealing information, or other cybercrimes by malware attacks. Therefore, malicious software must be detected before it impacts a large number of computers. Recently, many malware detection solutions have been proposed by researchers. However, many challenges limit these solutions to effectively detecting several types of malware, especially zero-day attacks due to obfuscation and evasion techniques, as well as the diversity of malicious behavior caused by the rapid rate of new malware and malware variants being produced every day. Several review papers have explored the issues and challenges of malware detection from various viewpoints. However, there is a lack of a deep review article that associates each analysis and detection approach with the data type. Such an association is imperative for the research community as it helps to determine the suitable mitigation approach. In addition, the current survey articles stopped at a generic detection approach taxonomy. Moreover, some review papers presented the feature extraction methods as static, dynamic, and hybrid based on the utilized analysis approach and neglected the feature representation methods taxonomy, which is considered essential in developing the malware detection model. This survey bridges the gap by providing a comprehensive state-of-the-art review of malware detection model research. This survey introduces a feature representation taxonomy in addition to the deeper taxonomy of malware analysis and detection approaches and links each approach with the most commonly used data types. The feature extraction method is introduced according to the techniques used instead of the analysis approach. The survey ends with a discussion of the challenges and future research directions.

In this article, the authors propose a new innovative method based on blockchain technology providing an analysis of Android applications in a decentralized, flexible, and reliable way. The proposed approach improves the typical operation of the blockchain technology that considers invalid (or “fraudulent”) any outcome different from other results found by the majority of network nodes. However, ignoring any result different from the majority without starting additional verification can cause losses in terms of data, time, computing power, or even system reliability and the integrity of its data. The purpose of the presented approach is to confirm or deny the legitimacy of any outcome different from the majority. This new concept will facilitate the detection of polymorphic programs by allowing nodes to adopt specific environments at any time to reduce the rejection of results deemed, wrongly, to be fraudulent. A proof of concept has been designed and implemented showing the feasibility of the proposed approach with a real case study.

Cyberttacks are becoming increasingly sophisticated, necessitating the efficient intrusion detection mechanisms to monitor computer resources and generate reports on anomalous or suspicious activities. Many Intrusion Detection Systems (IDSs) use a single classifier for identifying intrusions. Single classifier IDSs are unable to achieve high accuracy and low false alarm rates due to polymorphic, metamorphic, and zero-day behaviors of malware. In this paper, a Hybrid IDS (HIDS) is proposed by combining the C5 decision tree classifier and One Class Support Vector Machine (OC-SVM). HIDS combines the strengths of SIDS) and Anomaly-based Intrusion Detection System (AIDS). The SIDS was developed based on the C5.0 Decision tree classifier and AIDS was developed based on the one-class Support Vector Machine (SVM). This framework aims to identify both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the benchmark datasets, namely, Network Security Laboratory-Knowledge Discovery in Databases (NSL-KDD) and Australian Defence Force Academy (ADFA) datasets. Studies show that the performance of HIDS is enhanced, compared to SIDS and AIDS in terms of detection rate and low false-alarm rates.

Recently, malware has become more abundant and complex as the Internet has become more widely used in daily services. Achieving satisfactory accuracy in malware detection is a challenging task since malicious software exhibit non-relevant features when they change the performed behaviors as a result of their awareness of the analysis environments. However, the existing solutions extract features from the entire collected data offered by malware during the run time. Accordingly, the actual malicious behaviors are hidden during the training, leading to a model trained using unrepresentative features. To this end, this study presents a feature extraction scheme based on the proposed dynamic initial evasion behaviors determination (DIEBD) technique to improve the performance of evasive malware detection. To effectively represent evasion behaviors, the collected behaviors are tracked by examining the entropy distributions of APIs-gram features using the box-whisker plot algorithm. A feature set suggested by the DIEBD-based feature extraction scheme is used to train machine learning algorithms to evaluate the proposed scheme. Our experiments’ outcomes on a dataset of benign and evasive malware samples show that the proposed scheme achieved an accuracy of 0.967, false positive rate of 0.040, and F1 of 0.975.

The Internet of Things (IoT) has proven to be a billion-dollar industry. Despite offering numerous benefits, the prevalent nature of IoT makes it vulnerable and a possible target for the development of cyber-attacks. The diversity of the IoT, on the one hand, leads to the benefits of the integration of devices into a smart ecosystem, but the heterogeneous nature of the IoT makes it difficult to come up with a single security solution. However, the centralized intelligence and programmability of software-defined networks (SDNs) have made it possible to compose a single and effective security solution to cope with cyber threats and attacks. We present an SDN-enabled architecture leveraging hybrid deep learning detection algorithms for the efficient detection of cyber threats and attacks while considering the resource-constrained IoT devices so that no burden is placed on them. We use a state-of-the-art dataset, CICDDoS 2019, to train our algorithm. The results evaluated by this algorithm achieve high accuracy with a minimal false positive rate (FPR) and testing time. We also perform 10-fold cross-validation, proving our results to be unbiased, and compare our results with current benchmark algorithms.

This paper is concerned with the issue of the diagnostics of process faults and the detection of cyber-attacks in industrial control systems. This problem is of significant importance to energy production and distribution, which, being part of critical infrastructure, is usually equipped with process diagnostics and, at the same time, is often subject to cyber-attacks. A commonly used approach would be to separate the two types of anomalies. The detection of process faults would be handled by a control team, often with a help of dedicated diagnostic tools, whereas the detection of cyber-attacks would be handled by an information technology team. In this article, it is postulated here that the two can be usefully merged together into one, comprehensive, anomaly detection system. For this purpose, firstly, the main types of cyber-attacks and the main methods of detecting cyber-attacks are being reviewed. Subsequently, in the analogy to “process fault”—a term well established in process diagnostics—the term “cyber-fault” is introduced. Within this context a cyber-attack is considered as a vector containing a number of cyber-faults. Next, it is explained how methods used in process diagnostics for fault detection and isolation can be applied to the detection of cyber-attacks and, in some cases, also to isolation of the components of such attacks, i.e., cyber-faults. A laboratory stand and a simulator have been developed to test the proposed approach. Some test results are presented, demonstrating that, similarly to equipment/process faults, residua can be established and cyber-faults can be identified based on the mismatch between the real data from the system and the outputs of the simulation model.

The increasing sophistication of cyberattacks on smart grid infrastructure demands advanced anomaly detection and recovery systems that balance high recall rates with acceptable precision while providing reliable data restoration capabilities. This study presents an optimized two-stage anomaly detection and recovery system combining an enhanced TimerXL detector with a DeBERTa-v3-based verification and recovery mechanism. The first stage employs an optimized increment-based detection algorithm achieving 95.0% for recall and 54.8% for precision through multidimensional analysis. The second stage leverages a modified DeBERTa-v3 architecture with comprehensive 25-dimensional feature engineering per variable to verify potential anomalies, improving the precision to 95.1% while maintaining 84.1% for recall. Key innovations include (1) a balanced loss function combining focal loss (α = 0.65, γ = 1.2), Dice loss (weight = 0.5), and contrastive learning (weight = 0.03) to reduce over-rejection by 73.4%; (2) an ensemble verification strategy using multithreshold voting, achieving 91.2% accuracy; (3) optimized sample weighting prioritizing missed positives (weight = 10.0); (4) comprehensive feature extraction, including frequency domain and entropy features; and (5) integration of a generative time series model (TimER) for high-precision recovery of tampered data points. Experimental results on 2000 hourly smart grid measurements demonstrate an F1-score of 0.873 ± 0.114 for detection, representing a 51.4% improvement over ARIMA (0.576), 621% over LSTM-AE (0.121), 791% over standard Anomaly Transformer (0.098), and 904% over TimesNet (0.087). The recovery mechanism achieves remarkably precise restoration with a mean absolute error (MAE) of only 0.0055 kWh, representing a 99.91% improvement compared to traditional ARIMA models and 98.46% compared to standard Anomaly Transformer models. We also explore an alternative implementation using the Lag-LLaMA architecture, which achieves an MAE of 0.2598 kWh. The system maintains real-time capability with a 66.6 ± 7.2 ms inference time, making it suitable for operational deployment. Sensitivity analysis reveals robust performance across anomaly magnitudes (5–100 kWh), with the detection accuracy remaining above 88%.

The proliferation of Internet of Things (IoT) devices has revolutionized various domains, but it has also brought forth numerous security challenges. One of the most concerning threats is the emergence of hybrid attacks, which combine multiple attack vectors to exploit vulnerabilities in IoT networks. Existing security mechanisms often struggle to effectively predict and detect these sophisticated hybrid attacks, leading to compromised system integrity and data confidentiality. In this paper, we propose robust learning approach, named HybridRobustNet (HRN), for predicting and detecting hybrid attacks over IoT networks. HRN integrates machine learning algorithms, deep neural networks, and ensemble techniques to achieve enhanced detection accuracy and resilience against evolving hybrid attack patterns. By leveraging a diverse set of features, including network traffic patterns, device behavior, and communication characteristics, HRN effectively captures the complex relationships and dependencies between various attack components. Furthermore, the proposed approach incorporates real-time adaptive learning mechanisms, enabling it to dynamically adapt to new attack strategies and mitigate false positives. To evaluate the effectiveness of HRN, extensive experiments were conducted on a realistic IoT testbed comprising heterogeneous devices and attack scenarios. The results demonstrate that HRN outperforms state-of-the-art approaches in terms of attack detection accuracy, robustness against evasion techniques, and low false positive rates. Additionally, its computational efficiency makes it suitable for deployment in resource-constrained IoT environments. The contributions of this work are twofold. Firstly, it addresses the pressing need for robust detection mechanisms against hybrid attacks, which can have severe consequences for IoT networks. Secondly, it introduces a unique and adaptive learning approach, HRN, which exhibits superior performance and adaptability in the face of emerging attack strategies. The findings presented in this article provide valuable insights into the design of effective security mechanisms for IoT networks and pave the way for future research in the field of hybrid attack detection.

Most of prior hardware Trojan detection approaches require golden chips for references. A classification-based golden chips-free hardware Trojan detection technique has been proposed in the authors’ previous work. However, the algorithm in that work is trained by simulated ICs without considering a shift between the simulation and silicon fabrication. In this study, a co-training based hardware Trojan detection method by exploiting inaccurate simulation models and unlabeled fabricated ICs is proposed to provide reliable detection capability when facing fabricated ICs, which eliminates the need of golden chips. Two classification algorithms are trained using simulated ICs. These two algorithms can identify different patterns in the unlabelled ICs during test-time, and thus can label some of these ICs for the further training of the other algorithm. Moreover, a statistical examination is used to choose ICs labelling for the other algorithm. A statistical confidence interval based technique is also used to combine the hypotheses of the two classification algorithms. Furthermore, the partial least squares method is used to preprocess the raw data of ICs for feature selection. Both EDA experiment results and field programmable gate array (FPGA) experiment results show that the proposed technique can detect unknown Trojans with high accuracy and recall.

Trustworthy has been included as proof of the passed-in quality, which is safety, security, and privacy, and is not time limited. A real-time system operates according to a set of expected behaviors and conditions. Internet of Things (IoT) systems and applications are essential industrial investments expected to be of critical importance. Maintaining the reliability ofq7 such systems and networks is expensive, time-consuming and costly. A reliable IoT system considers the system operation’s security features and IoT reliability. These difficulties incorporate information breaks, phishing and spam crusades, and dispersed refusal of administration (DRoA) assaults, and malevolent exercises, for example, security breaks focusing on IoT gadgets. Deep learning (DL) strategies have been proposed to recognize pernicious traffic information, especially for malignant assaults against IoT gadgets. The proposed layered, profound learning strategy is stacked long short-term memory (SLSTM) coordinated with pre-prepared deep learning (DL) to gain proficiency with the attributes of dubious exercises inside and out and recognize them from ordinary traffic. Each pre-prepared DL model comprises the remaining blocks. We have utilized two huge datasets to evaluate the presentation of our discovery technique. Mixed IoT conditions guarantee that this approach can be applied to any IoT climate. Our proposed method, SLSTM, can recognize most IoT assaults by identifying harmless and malignant traffic information. The train results demonstrate that the proposed layered, profound learning technique can give a higher continuous location rate than existing grouping strategies.