This paper focuses on the challenges and issues of detecting malware in to-day s world where cyberattacks continue to grow in number and complexity. The paper reviews current trends and technologies in malware detection and the limitations of existing detection methods such as signaturebased detection and heuristic analysis. The emergence of new types of malware, such as file-less malware, is also discussed, along with the need for real-time detection and response. The research methodology used in this paper is presented, which includes a literature review of recent papers on the topic, keyword searches, and analysis and representation methods used in each study. In this paper, the authors aim to address the key issues and challenges in detecting malware today, the current trends and technologies in malware detection, and the limitations of existing methods. They also explore emerging threats and trends in malware attacks and highlight future directions for research and development in the field. To achieve this, the authors use a research methodology that involves a literature review of recent papers related to the topic. They focus on detecting and analyzing methods, as well as representation and ex-traction methods used in each study. Finally, they classify the literature re-view, and through reading and criticism, highlight future trends and problems in the field of malware detection.

With the continuous improvement of the current level of information technology, the malicious software produced by attackers is also becoming more complex. It s difficult for computer users to protect themselves against malicious software attacks. Malicious software can steal the user s privacy, damage the user s computer system, and often cause serious consequences and huge economic losses to the user or the organization. Hence, this research study presents a novel deep learning-based malware detection scheme considering packers and encryption. The proposed model has 2 aspects of innovations: (1) Generation steps of the packer malware is analyzed. Packing involves adding code to the program to be protected, and original program is compressed and encrypted during the packing process. By understanding this step, the analysis of the software will be efficient. (2) The deep learning based detection model is designed. Through the experiment compared with the latest methods, the performance is proven to be efficient.

Malware detection constitutes a fundamental step in safe and secure computational systems, including industrial systems and the Internet of Things (IoT). Modern malware detection is based on machine learning methods that classify software samples as malware or benign, based on features that are extracted from the samples through static and/or dynamic analysis. State-of-the-art malware detection systems employ Deep Neural Networks (DNNs) whose accuracy increases as more data are analyzed and exploited. However, organizations also have significant privacy constraints and concerns which limit the data that they share with centralized security providers or other organizations, despite the malware detection accuracy improvements that can be achieved with the aggregated data. In this paper we investigate the effectiveness of federated learning (FL) methods for developing and distributing aggregated DNNs among autonomous interconnected organizations. We analyze a solution where multiple organizations use independent malware analysis platforms as part of their Security Operations Centers (SOCs) and train their own local DNN model on their own private data. Exploiting cross-silo FL, we combine these DNNs into a global one which is then distributed to all organizations, achieving the distribution of combined malware detection models using data from multiple sources without sample or feature sharing. We evaluate the approach using the EMBER benchmark dataset and demonstrate that our approach effectively reaches the same accuracy as the non-federated centralized DNN model, which is above 93\%.

IBMD(Intelligent Behavior-Based Malware Detection) aims to detect and mitigate malicious activities in cloud computing environments by analyzing the behavior of cloud resources, such as virtual machines, containers, and applications.The system uses different machine learning methods like deep learning and artificial neural networks, to analyze the behavior of cloud resources and detect anomalies that may indicate malicious activity. The IBMD system can also monitor and accumulate the data from various resources, such as network traffic and system logs, to provide a comprehensive view of the behavior of cloud resources. IBMD is designed to operate in a cloud computing environment, taking advantage of the scalability and flexibility of the cloud to detect malware and respond to security incidents. The system can also be integrated with existing security tools and services, such as firewalls and intrusion detection systems, to provide a comprehensive security solution for cloud computing environments.

In today s digital landscape, the task of identifying various types of malicious files has become progressively challenging. Modern malware exhibits increasing sophistication, often evading conventional anti-malware solutions. The scarcity of data on distinct and novel malware strains further complicates effective detection. In response, this research presents an innovative approach to malware detection, specifically targeting multiple distinct categories of malicious software. In the initial stage, Principal Component Analysis (PCA) is performed and achieved a remarkable accuracy rate of 95.39\%. Our methodology revolves around leveraging features commonly accessible from user-uploaded files, aligning with the contextual behavior of typical users seeking to identify malignancy. This underscores the efficacy of the unique featurebased detection strategy and its potential to enhance contemporary malware identification methodologies. The outcomes achieved attest to the significance of addressing emerging malware threats through inventive analytical paradigms.

Malwares have been being a major security threats to enterprises, government organizations and end-users. Beside traditional malwares, such as viruses, worms and trojans, new types of malwares, such as botnets, ransomwares, IoT malwares and crypto-jackings are released daily. To cope with malware threats, several measures for monitoring, detecting and preventing malwares have been developed and deployed in practice, such as signature-based detection, static and dynamic file analysis. This paper proposes 2 malware detection models based on statistics and machine learning using opcode n-grams. The proposed models aim at achieving high detection accuracy as well as reducing the amount of time for training and detection. Experimental results show that our proposed models give better performance measures than previous proposals. Specifically, the proposed statistics-based model is very fast and it achieves a high detection accuracy of 92.75\% and the random forest-based model produces the highest detection accuracy of 96.29\%.

With the rapid development of science and technology, information security issues have been attracting more attention. According to statistics, tens of millions of computers around the world are infected by malicious software (Malware) every year, causing losses of up to several USD billion. Malware uses various methods to invade computer systems, including viruses, worms, Trojan horses, and others and exploit network vulnerabilities for intrusion. Most intrusion detection approaches employ behavioral analysis techniques to analyze malware threats with packet collection and filtering, feature engineering, and attribute comparison. These approaches are difficult to differentiate malicious traffic from legitimate traffic. Malware detection and classification are conducted with deep learning and graph neural networks (GNNs) to learn the characteristics of malware. In this study, a GNN-based model is proposed for malware detection and classification on a renewable energy management platform. It uses GNN to analyze malware with Cuckoo Sandbox malware records for malware detection and classification. To evaluate the effectiveness of the GNN-based model, the CIC-AndMal2017 dataset is used to examine its accuracy, precision, recall, and ROC curve. Experimental results show that the GNN-based model can reach better results.

Cybersecurity concerns have arisen due to extensive information exchange among networked smart grid devices which also employ seamless firmware update. An outstanding issue is the presence of malware-injected malicious devices at the grid edge which can cause severe disturbances to grid operations and propagate malware on the power grid. This paper proposes a cloud-based, device-specific malware file detection system for smart grid devices. In the proposed system, a quantum-convolutional neural network (QCNN) with a deep transfer learning (DTL) is designed and implemented in a cloud platform to detect malware files targeting various smart grid devices. The proposed QCNN algorithm incorporates quantum circuits to extract more features from the malware image files than the filter in conventional CNNs and the DTL method to improve detection accuracy for different types of devices (e.g., processor architecture and operating systems). The proposed algorithm is implemented in the IBM Watson Studio cloud platform that utilizes IBM Quantum processor. The experimental results validate that the proposed malware file detection method significantly improves the malware file detection rates compared to the conventional CNN-based method.

The term Internet of Things(IoT) describes a network of real-world items, gadgets, structures, and other things that are equipped with communication and sensors for gathering and exchanging data online. The likelihood of Android malware attacks on IoT devices has risen due to their widespread use. Regular security precautions might not be practical for these devices because they frequently have limited resources. The detection of malware attacks on IoT environments has found hope in ML approaches. In this paper, some machine learning(ML) approaches have been utilized to detect IoT Android malware threats. This method uses a collection of Android malware samples and good apps to build an ML model. Using the Android Malware dataset, many ML techniques, including Naive Bayes (NB), K-Nearest Neighbour (KNN), Decision Tree (DT), and Random Forest (RF), are used to detect malware in IoT. The accuracy of the DT model is 95\%, which is the highest accuracy rate, while that of the NB, KNN, and RF models have accuracy rates of 84\%, 89\%, and 92\%, respectively.

The motive of this paper is to detect the malware from computer systems in order to protect the confidential data, information, documents etc. from being accessing. The detection of malware is necessary because it steals the data from that system which is affected by malware. There are different malware detection techniques (cloud-based, signature-based, Iot-based, heuristic based etc.) and different malware detection tools (static, dynamic) area used in this paper to detect new generation malware. It is necessary to detect malware because the attacks of malware badly affect our economy and no one sector is untouched by it. The detection of malware is compulsory because it exploits goal devices vulnerabilities, along with a Trojan horse in valid software e.g. browser that may be hijacked. There are also different tools used for detection of malware like static or dynamic that we see in this paper. We also see different methods of detection of malware in android.

With the development of network technologies, network intrusion has become increasing complex which makes the intrusion detection challenging. Traditional intrusion detection algorithms detect intrusion traffic through intrusion traffic characteristics or machine learning. These methods are inefficient due to the dependence of manual work. Therefore, in order to improve the efficiency and the accuracy, we propose an intrusion detection method based on deep learning. We integrate the Transformer and LSTM module with intrusion detection model to automatically detect network intrusion. The Transformer and LSTM can capture the temporal information of the traffic data which benefits to distinguish the abnormal data from normal data. We conduct experiments on the publicly available NSL-KDD dataset to evaluate the performance of our proposed model. The experimental results show that the proposed model outperforms other deep learning based models.

In the ever-evolving landscape of cybersecurity threats, Intrusion detection systems are critical in protecting network and server infrastructure in the ever-changing spectrum ofcybersecurity threats. This research introduces a hybrid detection approach that uses deep learning techniques to improve intrusion detection accuracy and efficiency. The proposed prototype combines the strength of the XGBoost and MaxPooling1D algorithms within an ensemble model, resulting in a stable and effective solution. Through the fusion of these methodologies, the hybrid detection system achieves superior performance in identifying and mitigating various types of intrusions. This paper provides an overview of the prototype s architecture, discusses the benefits of using deep learning in intrusion detection, and presents experimental results showcasing the system s efficacy.

Network intrusion detection is a crucial task in ensuring the security and reliability of computer networks. In recent years, machine learning algorithms have shown promising results in identifying anomalous activities indicative of network intrusions. In the context of intrusion detection systems, novelty detection often receives limited attention within machine learning communities. This oversight can be attributed to the historical emphasis on optimizing performance metrics using established datasets, which may not adequately represent the evolving landscape of cyber threats. This research aims to compare four widely used novelty detection algorithms for network intrusion detection, namely SGDOneClassSVM, LocalOutlierDetection, EllipticalEnvelope Covariance, and Isolation Forest. Our experiments with the UNSW-NB15 dataset show that Isolation Forest was the best-performing algorithm with an F1-score of 0.723. The result shows that network-based intrusion detection systems are still challenging for novelty detection algorithms.

In cybersecurity, Intrusion Detection Systems (IDS) protect against emerging cyber threats. Combining signature-based and anomaly-based detection methods may improve IDS accuracy and reduce false positives. This research analyzes hybrid intrusion detection systems signature-based components performance and limitations. The paper begins with a detailed history of signature-based detection methods responding to changing threat situations. This research analyzes signature databases to determine their capacity to identify and guard against current threats and cover known vulnerabilities. The paper also examines the intricate relationship between signature-based detection and anomalybased techniques in hybrid IDS systems. This investigation examines how these two methodologies work together to uncover old and new attack strategies, focusing on zero-day vulnerabilities and polymorphic malware. A diverse dataset of network traffic and attack scenarios is used to test. Detection, false positives, and response times assess signature-based components. Comparative examinations investigate how signature-based detection affects system accuracy and efficiency. This research illuminates the role of signature-based aspects in hybrid intrusion detection systems. This study recommends integrating signature-based detection techniques with anomaly-based methods to improve hybrid intrusion detection systems (IDS) at recognizing and mitigating various cyber threats.

The network intrusion detection system capably safeguards our network environment from attacks. Yet, the relentless surge in bandwidth and inherent constraints within these systems often hinder detection, particularly in confrontations with substantial traffic volume. Hence, this paper introduces the IP-filtered multi-channel convolutional neural networks (IP-MCCLSTM), which filters traffic by IP, curtails system loading, and notably enhances detection efficiency. IP-MCCLSTM outperforms comparison methods in tests using the 2017CICIDS data set. The result shows IPMCCLSTM obtains 98.9\% accuracy and 99.7\% Macro-Recall rate, showcasing its potential as an avant-garde solution in intrusion detection.

Due to its adaptability and pay-per-use services, cloud computing has grown in popularity among businesses, but security and privacy issues are still very much present. Intruders can exploit vulnerabilities in the open and dispersed nature of cloud environments, leading to attacks that can damage entire projects within a short period of time. To address this issue, organizations need to implement effective intrusion detection systems (IDS) that can detect and alert administrators of any suspicious activities. There are three widely used methods for IDS: signature-based detection, anomaly-based detection, and hybrid detection. Hybrid detection, which combines the strengths of signature-based and anomaly-based detection, has been shown to produce superior results. IDS can be categorized into host- based IDS (HIDS), network-based IDS (NIDS), hypervisor-based IDS, and distributed IDS (DIDS), each with their own unique characteristics and benefits. The CICIDS2017 dataset provides a diverse set of attacks and benign traffic for researchers and practitioners to develop and evaluate IDS systems. Overall, putting in place a strong intrusion detection system is critical for maintaining the security and privacy of cloud-based projects, as well as ensuring their availability.

The advancement of information technology is closely associated with various aspects of daily life, providing people with services for a comfortable life. As the network infrastructure expands to accommodate these services, it inevitably creates several vulnerable points susceptible to cyberattacks. Researchers have gained significant momentum by focusing on deep learning-based network intrusion detection. The development of a robust network intrusion detection system based on deep learning necessitates a substantial volume of data. Traditionally, collected data for centralized learning were transmitted to a central server for training the model. However, this approach causes concern regarding the potential compromise of the personal information contained within the raw data, thereby precipitating legal implications for vendors. Therefore, this paper proposes an ImprovedFedAvg, which enhances the existing FedAvg algorithm for network intrusion detection model. This method uses the full advantages of federated learning for data privacy preservation and significantly reduces the transmission of model weights while improving the performance of the model.

In the face of a large number of network attacks, intrusion detection system can issue early warning, indicating the emergence of network attacks. In order to improve the traditional machine learning network intrusion detection model to identify the behavior of network attacks, improve the detection accuracy and accuracy. Convolutional neural network is used to construct intrusion detection model, which has better ability to solve complex problems and better adaptability of algorithm. In order to solve the problems such as dimension explosion caused by input data, the albino PCA algorithm is used to extract data features and reduce data dimensions. For the common problem of convolutional neural networks in intrusion detection such as overfitting, Dropout layers are added before and after the fully connected layer of CNN, and Sigmoid is selected as the intrusion classification prediction function. This reduces the overfitting, improves the robustness of the intrusion detection model, and enhances the fault tolerance and generalization ability of the model to improve the accuracy of the intrusion detection model. The effectiveness of the proposed method in intrusion detection is verified by comparison and analysis of numerical examples.

The use of computers and the internet has spread rapidly over the course of the past few decades. Every day, more and more peopleare coming to rely heavily on the internet. When it comes to the field of information security, the subject of security is one that is becoming an increasingly important focus. It is vital to design a powerful intrusion detection system in order to prevent computer hackers and other intruders from effectively getting into computer networks or systems. This can be accomplished by: (IDS). The danger and attack detection capabilities of the computer system are built into the intrusion detection system. Abuse has occurred and can be used to identify invasions when there is a deviation between a preset pattern of intrusion and an observedpattern of intrusion. An intrusion detection system (IDS) is a piece of hardware (or software) that is used to generate reports for a Management Station as well as monitor network and/or system activities for unethical behaviour or policy violations. In the current study, an approach known as machine learning is suggested as a possible paradigm for the development of a network intrusion detection system. The results of the experiment show that the strategy that was suggested improves the capability of intrusion detection.

In modern conditions, the relevance of the problem of assessing the information security risks for automated systems is increasing. Risk assessment is defined as a complex multi-stage task. Risk assessment requires prompt decision-making for effective information protection. To solve this problem, a method for automating risk assessment based on fuzzy cognitive maps is proposed. A fuzzy cognitive map is a model that can be represented as a directed graph in which concepts and connections between them have own weights. The automation process allows evaluate complex relationships between factors and threats, providing a more comprehensive risk assessment. The application of fuzzy cognitive maps proved to be an effective tool for automation, promptness, and quality in risk assessment.

The role of principals of schools facing digital transformation in and for the 21st century is to assure and promote effective use of digital technologies in all aspects of school functioning.

The increase in the usage of various computing and mobile devices has resulted in implementing large scale ad hoc networks as the user demand is on the rise and companies’ find it difficult to invest more in the IT infrastructure to meet the surging demand. The traditional model of networking enables the mobile devices to face various issues like lower bandwidth, mobility, security and storage et. Hence, in order to meet the overall service requirement and to enhance the overall efficiency of the network, cloud computing was introduced. The implementation of these devices tends to support in every node, it enhances better communication in a better range towards another nodes. There is a critical administration and support devices from everywhere in an effective manner.

In this paper, we present a novel statistical approach to assess and model data of water distribution network (WDN) failures which contain only few pieces of information, namely the number of failures in a month. The applied statistical method is known as the circular (directional) statistics. It concerns with angular/cyclical data in degrees or radians. The sample space is typically a circle or a sphere and due to the nature of the circular data, they cannot be analysed with commonly used statistical techniques. Circular data approaches can be adapted to analyse time-of-year data and year cycles. Using the methods of descriptive and inferential statistics for circular data, we show that the WDN failure data show a deviation from the uniform model and cannot be modelled by the parametric models. Therefore, we apply the nonparametric circular kernel density estimates to assess and model the data and predict the expected numbers of failures in the respective months of a year.

The growth of Electric Vehicles (EVs), coupled with the deployment of large-scale extreme fast charging stations (XFCSs), has increased the attack surface for EV ecosystems. To secure such critical cyber-physical systems (CPSs), it is imperative for the system defenders to perform an in-depth analysis of potential attack vectors, evaluate possible countermeasures, and analyze attack-defense scenarios quantitatively to implement a defense strategy that will provide maximum utilization of their limited resources. Therefore, a systematic framework is essential, relying on modeling tools that security experts are familiar with. In this paper, we propose a comprehensive methodology for enabling the defender to perform a high-level attack surface analysis of an XFCS and determine the defense strategy with the highest utility value. We apply STRIDE threat modeling and attack defense tree (ADT) to enumerate realizable attack paths and identify possible defense measures. We then employ analytic hierarchy process (AHP) as a multi-criteria decisionmaking algorithm to obtain the highest utility strategy for the defender to adopt. The proposed methodology is validated by demonstrating its real-world feasibility through a case study, using sample attack paths for an XFCS.

With technological advances, Cyber-Physical Systems (CPS), specifically critical infrastructures, have become strongly connected. Their exposure to cyber adversaries is higher than ever. The number of cyber-attacks perpetrated against critical infrastructure is growing in number and sophistication. The protection of such complex systems became of paramount importance. Resilience applied to critical infrastructures aims at protecting these vital systems from cyber-attacks and making them continue to deliver a certain level of performance, even when attacks occur. In this work, we explore new advances related to cyber-resilience applied to CPSs. We also explore the use of a metric to quantify the resilience of critical infrastructures. As a use case, we consider a water treatment system.