Malware Classification - The past decades witness the development of various Machine Learning (ML) models for malware classification. Semantic representation is a crucial basis for these classifiers. This paper aims to assess the effect of semantic representation methods on malware classifier performance. Two commonly-used semantic representation methods including N-gram and GloVe. We utilize diverse ML classifiers to conduct comparative experiments to analyze the capability of N-gram, GloVe and image-based methods for malware classification. We also analyze deeply the reason why the GloVe can produce negative effects on malware static analysis.

Malware Classification - Automated malware classification assigns unknown malware to known families. Most research in malware classification assumes that the defender has access to the malware for analysis. Unfortunately, malware can delete itself after execution. As a result, analysts are only left with digital residue, such as network logs or remnant artifacts of malware in memory or on the file system. In this paper, a novel malware classification method based on the Windows prefetch mechanism is presented and evaluated, enabling analysts to classify malware without a corresponding executable. The approach extracts features from Windows prefetch files, a file system artifact that contains historical process information such as loaded libraries and process dependencies. Results show that classification using these features with two different algorithms garnered F-Scores between 0.80 and 0.82, offering analysts a viable option for forensic analysis.

Malware Classification - Nowadays, increasing numbers of malicious programs are becoming a serious problem, which increases the need for automated detection and categorization of potential threats. These attacks often use undetected malware that is not recognized by the security vendor, making it difficult to protect the endpoints from viruses. Existing methods have been proposed to detect malware. However, as malware variations develop, they can lead to misdiagnosis and are difficult to diagnose accurately. To address this problem, in this work introduces a Recurrent Neural Network (RNN) to identify the malware or benign based on extract features using Information Gain Absolute Feature Selection (IGAFS) technique. First, Malware detection dataset is collected from kaggle repository. Then the proposed pre-process the dataset for removing null and noisy values to prepare the dataset. Next, the proposed Information Gain Absolute Feature Selection (IGAFS) technique is used to select most relevant features for malware from the pre-processed dataset. Selected features are trained into Recurrent Neural Network (RNN) method to classify as malware or not with better accuracy and false rate. The experimental result provides greater performance compared with previous methods.

Malware Classification - Mobile devices play a crucial role and have become an essential part of people's life particularly with online applications such as shopping, learning, mailing, etc. Android OS has continued to drive the market for other operating systems since 2012. Traditional Android malware detection methods, such as static, dynamic, hybrid analysis, or the Bayesian model, may show less accuracy to detect recent Android malware. We propose a deep learning method for Android malware detection using Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM). CNN provides efficient feature extraction from data and the use of additional LSTM layers improves prediction accuracy. According to the test results, CNN-LSTM can provide reliable malware prediction in Android applications. We train and test our approach using the CICMalDroid2020 dataset. The test results show that the CNN-LSTM classifier exceeds with an accuracy of 94%.

Malware Classification - Traditional methods of malware detection have difficulty in detecting massive malware variants. Malware detection based on malware visualization has been proved an effective method for identifying unknown malware variants. In order to improve the accuracy and reduce the detection time of above methods, a novel method for malware classification in a light-weight CNN architecture named MalshuffleNet is proposed. The model is customized based on ShuffleNet V2 by adjusting the numbers of the fully connected layer for adopting to malware classification. Empirical results on Malimg dataset indicate that our model achieves 99.03% in accuracy, and identify an unknown malware only taking 5.3 milliseconds on average.

Malware Classification - Malware attack is a severe problem that can cause a considerable loss. To prevent the malware attack, different malware detection and classification method have been implemented in recent years. This paper proposed a new method based on Markov image and transfer learning on machine learning. Also, an experience comparing the performance on malware detection and classification between the proposed and grayscale methods was done. The accuracy and loss of malware detection and classification by using the proposed method are 0.973 and 0.076, 0.987 and 0.062 respectively. The accuracy and loss of malware detection and classification using the grayscale method are 0.989 and 0.037, 0.973 and 0.202 respectively. Although the grayscale method has done better in malware detection, the proposed method's accuracy is over 0.97. Therefore, the result shows that the proposed method are suitable for malware detection and classification.

Malware Classification - Due to the constant updates of malware and its variants and the continuous development of malware obfuscation techniques. Malware intrusions targeting Windows hosts are also on the rise. Traditional static analysis methods such as signature matching mechanisms have been difficult to adapt to the detection of new malware. Therefore, a novel visual detection method of malware is proposed for first-time to convert the Windows API call sequence with sequential nature into feature images based on the Gramian Angular Field (GAF) idea, and train a neural network to identify malware. The experimental results demonstrate the effectiveness of our proposed method. For the binary classification of malware, the GAF visualization image of the API call sequence is compared with its original sequence. After GAF visualization, the classification accuracy of the classic machine learning model MLP is improved by 9.64%, and the classification accuracy of the deep learning model CNN is improved by 4.82%. Furthermore, our experiments show that the proposed method is also feasible and effective for the multi-class classification of malware.

Malware Classification - Rapid digitalisation spurred by the Covid-19 pandemic has resulted in more cyber crime. Malware-as-a-service is now a booming business for cyber criminals. With the surge in malware activities, it is vital for cyber defenders to understand more about the malware samples they have at hand as such information can greatly influence their next course of actions during a breach. Recently, researchers have shown how malware family classification can be done by first converting malware binaries into grayscale images and then passing them through neural networks for classification. However, most work focus on studying the impact of different neural network architectures on classification performance. In the last year, researchers have shown that augmenting supervised learning with self-supervised learning can improve performance. Even more recently, Data2Vec was proposed as a modality agnostic self-supervised framework to train neural networks. In this paper, we present BinImg2Vec, a framework of training malware binary image classifiers that incorporates both self-supervised learning and supervised learning to produce a model that consistently outperforms one trained only via supervised learning. We also show how our framework produces outputs that facilitate explanability.

Malware Classification - Methodologies used for the detection of malicious applications can be broadly classified into static and dynamic analysis based approaches. With traditional signature-based methods, new variants of malware families cannot be detected. A combination of deep learning techniques along with image-based features is used in this work to classify malware. The data set used here is the ‘Malimg’ dataset, which contains a pictorial representation of well-known malware families. This paper proposes a methodology for identifying malware images and classifying them into various families. The classification is based on image features. The features are extracted using the pre-trained model namely VGG16. The samples of malware are depicted as byteplot grayscale images. Features are extracted employing the convolutional layer of a VGG16 deep learning network, which uses ImageNet dataset for the pre-training step. The features are used to train different classifiers which employ SVM, XGBoost, DNN and Random Forest for the classification task into different malware families. Using 9339 samples from 25 different malware families, we performed experimental evaluations and demonstrate that our approach is effective in identifying malware families with high accuracy.

MANET Attack Detection - Mobile Adhoc Networks also known as MANETS or Wireless Adhoc Networks is a network that usually has a routable networking environment on top of a Link Layer ad hoc network. They consist of a set of mobile nodes connected wirelessly in a self-configured, self-healing network without having a fixed infrastructure. MANETS, have been predominantly utilized in military or emergency situations however, the prospects of Manets’ usage outside these realms is now being considered for possible public adoption in light of the recent global events such as the pandemic and new emerging infectious diseases. These particular events birthed new challenges, one of which was the considerable strain that was placed on mainstream ISP’s. Whilst there has been a significant amount of research conducted in the sphere Manet Security via various means such as: development of intrusion detection systems, attack classification and prediction systems, etcetera. There still exists prevailing concerns of MANET security and risks. Additionally, recently researched trends within the field has evidenced key disparities in terms of studies related to MANET Risk profiles. This paper seeks to provide an overview of existing studies with respect to MANETS as well as briefly introduces a new method of determining the initial Risk Profile of MANETS via the usage of probabilistic machine learning techniques. It explores new regions of probability-based approaches to further supplement the existing impact-based methodologies for assessing risk within Manets.

MANET Attack Detection - Mobile Ad-hoc network (MANET) has improved to be essential components of our daily lives. Due to its compatibility with multimedia data interchange in a mobile context, MANETs are employed in a variety of applications today, including those for crisis management and the battlefield, The popularity of infrastructure-less networks has grown along with the popularity of ad hoc networks in recent years as a result of the rise in wireless devices and technological developments MANETs have brought about a new type of technologies that allow them to operate without a fixed infrastructure. The dynamic nature of the MANET network makes it susceptible to numerous attacks. One of these is the wormhole, which spreads data from one site to another and can damage the network. If the source node chooses this fictitious route, the attacker has a backup plan to deliver or drop packets. In this paper, we proposed a technique by modifying the Ad-hoc On-demand Distance vector protocol (AODV) in the stage of RREQ and RREP with the sequence number transaction and the detection timer(DT). The proposed method when reached to 100 nodes, achieved the throughput of 95.5kbps, energy consumption of 55.9joule, end to end delay of 0.973sec and Packet Delivery Ratio (PDR) of 96.5%.

MANET Attack Detection - Nodes in a “distributed” Adhoc network do not share a single centralized infrastructure. Hosts and routers can be found on any mobile node. In addition, it sends packets to additional mobile nodes in the network that aren't directly connected to the main network. Network layer assaults such as black hole, wormhole, and denial-of-service (DoS) are all easily carried out on mobile Ad hoc networks (MANETs). Wrong-way attacks, which divert packets from one part of the network and route them through an alternate one, are extremely difficult to detect. Even though the wormhole attack has been countered, the current solutions still suffer from excessive delivery delays, packet delivery ratio issues, and energy consumption. In this paper, a cluster-based algorithm (CBA) detects hybrid wormhole assaults by computing based on sequence number, round-trip time (RTT), which is more optimistic than existing solutions for detecting both in-band and out-of-band connections are possible. RTT thresholds are predicted in this paper using CBA to distinguish between attack and non-attack routes. NS-2 network simulator is used to test the suggested technique. The proposed algorithm's performance was evaluated by looking at its throughput. Results demonstrate that CBA reduced 20% of total energy consumption compared to AODV, the traditional On-Demand Ad-hoc Distance Vector routing protocol.

MANET Attack Detection - One of the most essential self-configuring and independent wireless networks is the MANET. MANET employs a large number of intermediate nodes to exchange information without the need for any centralized infrastructure. However, some nodes act in a selfish manner, utilizing the network's resources solely for their own benefit and refusing to share with the surrounding nodes. Mobile ad hoc network security is a critical factor that is widely accepted. Selfish nodes are the primary problem of MANET. In a MANET, nodes that are only interested in themselves do not involve in the process of packet forwarding. A node can be identified as selfish or malicious due to some misbehavior reasons. Selfishness on the part of network nodes may be a factor in the low delivery ratio of packets and data loss. A high end-to-end delay is caused by node failure in a MANET network. To study the selfish node attack, a malicious selfish node is put into the network, and a trust-based algorithm for the selfish node attack is also suggested. In order to discover a solution to this issue, we have developed an algorithm called SNRM for the detection of selfish nodes. The routing protocol used in this paper for analysis is AODV. Using a simulation tool, PDR and end-to-end delay are evaluated and compared.

MANET Attack Detection - Recently, the mobile ad hoc network (MANET) has enjoyed a great reputation thanks to its advantages such as: high performance, no expensive infrastructure to install, use of unlicensed frequency spectrum, and fast distribution of information around the transmitter. But the topology of MANETs attracts the attention of several attacks. Although authentication and encryption techniques can provide some protection, especially by minimizing the number of intrusions, such cryptographic techniques do not work effectively in the case of unseen or unknown attacks. In this case, the machine learning approach is successful to detect unfamiliar intrusive behavior. Security methodologies in MANETs mainly focus on eliminating malicious attacks, misbehaving nodes, and providing secure routing. In this paper we present to most recent works that propose or apply the concept of Machine Learning (ML) to secure the MANET environment.

MANET Attack Detection - The current stady is confined in proposing a reputation based approach for detecting malicious activity where past activities of each node is recorded for future reference. It has been regarded that the Mobile ad-hoc network commonly called as (MANET) is stated as the critical wireless network on the mobile devices using self related assets. Security considered as the main challenge in MANET. Many existing work has done on the basis of detecting attacks by using various approaches like Intrusion Detection, Bait detection, Cooperative malicious detection and so on. In this paper some approaches for identifying malicious nodes has been discussed. But this Reputation based approach mainly focuses on sleuthing the critcal nodes on the trusted path than the shortest path. Each node will record the activity of its own like data received from and Transferred to information. As soon as a node update its activity it is verified and a trust factor is assigned. By comparing the assigned trust factor a list of suspicious or malicious node is created.

MANET Attack Detection - The MANET architecture's future growth will make extensive use of encryption and encryption to keep network participants safe. Using a digital signature node id, we illustrate how we may stimulate the safe growth of subjective clusters while simultaneously addressing security and energy efficiency concerns. The dynamic topology of MANET allows nodes to join and exit at any time. A form of attack known as a black hole assault was used to accomplish this. To demonstrate that he had the shortest path with the least amount of energy consumption, an attacker in MATLAB R2012a used a digital signature ID to authenticate the node from which he wished to intercept messages (DSEP). “Digital Signature”, “MANET,” and “AODV” are all terms used to describe various types of digital signatures. Black Hole Attack, Single Black Hole Attack, Digital Signature, and DSEP are just a few of the many terms associated with MANET.

MANET Attack Prevention - Mobile ad hoc networks (MANETS) have gained much attention due to their dynamic nature and efficiency. These networks are operated in highly dynamic and unpredictable environment. Rapid advances in the field of correspondence have vastly enhanced today's transmission networks. As a result, the measurement of data transmission in business and military applications has grown dramatically. Since these applications include the transmission of information, the need for security concerns has grown as well. Due to their dynamic nature, they are susceptible to various attacks. The lack of a centralized authority to supervise the individual nodes operating in the network makes security in the mobile adhoc network a major challenge. Attacks can originate both within and outside the network. In this paper, a survey of various attacks in MANETs and their prevention and mitigation techniques given by researchers have been presented.

MANET Attack Prevention - Wireless ad hoc networks are characterized by dynamic topology and high node mobility. Network attacks on wireless ad hoc networks can significantly reduce performance metrics, such as the packet delivery ratio from the source to the destination node, overhead, throughput, etc. The article presents an experimental study of an intrusion detection system prototype in mobile ad hoc networks based on machine learning. The experiment is carried out in a MANET segment of 50 nodes, the detection and prevention of DDoS and cooperative blackhole attacks are investigated. The dependencies of features on the type of network traffic and the dependence of performance metrics on the speed of mobile nodes in the network are investigated. The conducted experimental studies show the effectiveness of an intrusion detection system prototype on simulated data.

MANET Attack Prevention - All across the world, majority of humans rely upon wireless ADHOC network. So, it turns into the maximum priority to lessen the vulnerability of wireless network. Wireless networks are exposed to many distinct varieties of attacks out of which wormhole attack is most dangerous. Unlike many different attacks on ad hoc routing, wormhole attack could be very effective and cannot be avoided with cryptographic approach due to the fact intruders do now no longer modify the packet data, it replays the packets. An intentionally positioned wormhole can cause a significant breakdown in communication. An analysis was performed in this study that removed wormhole attacks from MANET using changes to the AODV routing protocol. We have used Smart Packet Detection and Prevention Technique (SPDPT) to remove Wormhole. We have examined simulation parameters such as packet delivery ratio, end-to-end delay, energy consumption, and throughput.

MANET Attack Prevention - Recently, the rising use of portable devices with advanced wireless communication gives Mobile ad-hoc networks more significance with the expanding number of widespread applications. This infrastructure uses a link-to-link wireless connection to transfer the data called route, which uses a routing protocol. AODV is a reactive protocol that uses control packets to discover a route toward the destination node in the network. Since MANET is an open infrastructure without a centralized controller, it is at risk of security assaults that are generated through the malicious node at the time of route discovery and data transmission. For example, the Blackhole attack in which the offender node retains and drops few or all data/control packets by using vulnerabilities of the on-demand routing protocols. This paper proposed a trust-based method to prevent the network against blackhole attack. This paper modeled the behavior of blackhole node and proposes a trust-based security technique. Further suggested technique is analyzed and evaluated against various evaluation metrics like PDR, throughput, end-to-end delay, attack percentage, etc. The proposed security technique is also compared with three different scenarios, namely attack, watchdog, and IDS scenarios, using the above evaluation metrics. The comparison shows that the proposed trust-based security ensures the detection and prevention against blackhole nodes not only at the time of route discovery but also at the time of real-time data transmission.

MANET Attack Prevention - Since the mid-1990s, the growth of laptops and Wi-Fi networks has led to a great increase in the use of MANET (Mobile ad hoc network) in wireless communication. MANET is a group of mobile devices for example mobile phones, computers, laptops, radios, sensors, etc., that communicate with each other wirelessly without any support from existing internet infrastructure or any other kind of fixed stations. As MANET is an infrastructure-less network it is prone to various attacks, which can lead to loss of information during communication, security breaches or other unauthentic malpractices. Various types of attacks to which MANET can be vulnerable are denial of service (DOS) and packet dropping attacks such as Gray hole, Blackhole, Wormhole, etc. In this research, we are particularly focusing on the detection and prevention of Gray hole attack. Gray hole node drops selective data packets, while participating in the routing process like other nodes, and advertises itself as a genuine node. The Intrusion Detection System (IDS) technique is used for identification and aversion of the Gray hole attack. Use of AODV routing protocol is made in the network. The network is incorporated and simulation parameters such as PDR (Packet Delivery Ratio), Energy Consumption, End-to-end delay, and Throughput are analyzed using simulation software.

MANET Attack Prevention - The MANET architecture's future growth will make extensive use of encryption and encryption to keep network participants safe. Using a digital signature node id, we illustrate how we may stimulate the safe growth of subjective clusters while simultaneously addressing security and energy efficiency concerns. The dynamic topology of MANET allows nodes to join and exit at any time. A form of attack known as a black hole assault was used to accomplish this. To demonstrate that he had the shortest path with the least amount of energy consumption, an attacker in MATLAB R2012a used a digital signature ID to authenticate the node from which he wished to intercept messages (DSEP). “Digital Signature”, “MANET,” and “AODV” are all terms used to describe various types of digital signatures. Black Hole Attack, Single Black Hole Attack, Digital Signature, and DSEP are just a few of the many terms associated with MANET.

MANET Privacy - Ad hoc network is sensitive to attacks because it has temporary nature and frequently recognized insecure environment. Both Ad hoc On-demand Distance Vector (AODV) and Ad hoc On-demand Multipath Distance vector (AOMDV) routing protocols have the strategy to take help from Wireless and mobile ad hoc networks. A mobile ad hoc network (MANET) is recognized as an useful internet protocol and where the mobile nodes are self-configuring and self-organizing in character. This research paper has focused on the detection and influence of black hole attack on the execution of AODV and AOMDV routing protocols and has also evaluated the performance of those two on-demand routing protocols in MANETs. AODV has the characteristics for discovering a single path in single route discovery and AOMDV has the characteristics for discovering multiple paths in single route discovery. Here a proposed method for both AODV and AOMDV routing protocol, has been applied for the detection of the black hole attack, which is the merge of both SHA-3 and Diffie-Hellman algorithm. This merge technique has been applied to detect black hole attack in MANET. This technique has been applied to measure the performance matrices for both AODV and AOMDV and those performance matrices are Average Throughput, Average End to End delay and Normalized Routing Load. Both AODV and AOMDV routing protocol have been compared with each other to show that under black hole attack, AOMDV protocol always has better execution than AODV protocol. Here, NS-2.35 has been used as the Network Simulator tool for the simulation of these particular three types of performance metrics stated above.

MANET Privacy - A sub group of mobile ad hoc network(MANET) that is vehicular Ad Hoc Network (VANET) that assists in, vehicle to infrastructure (V2I) and vehicle to vehicle (V2V) intercommunications. An important characteristics of VANET consists of, highly dynamic, distributed networking and self-organizing topologies. In safeguarding billions of human live features of VANET and its uses regarding safety on roads drew attention towards huge amount of interest in academic fields and industries, moreover with study and development on enhancing the facilities of transport transit infrastructure. Major challenging and crucial security problems takes place during information transmission with open-access surrounding such as VANET. Non-repudiation, data confidentiality, Authentication, data availability and data integrity behave as a critical part of VANET’s security. Privacy preservation over VANET is major concern, in this research we will elaborate different attacks over VANET and will conclude how block chain based VANET will perform better and less error prone.

MANET Privacy - Massive amounts of data are being stored in cyberspace as a result of the expansion of the Internet, IoT, and various networking technologies. The privacy and security are the most essential aspects of a network. This survey analyzed the functions of blockchain in network security. The blockchain-based network security mechanism may be used to increase network security because of its decentralization, tamper-resistance, traceability, high availability, and credibility. This survey offers a review of network security studies and their contributions and limits with a critical comparison analysis based on a complete and comprehensive research of the evolution of Blockchain, architectures, working principle, security, and privacy features. This analysis examines network security applications based on blockchain technology with various networking technologies, such as IoT, Industrial IoT, WSN, MANET, VANET, Vehicular Social Network, In-vehicle networking, mobile networks (5G), and so on. For communication, the majority of these networking technologies were combined with IoT. As a result, in this study, the Internet of Things is considered as the primary network employed in important research as examined in the literature review. As a result, the application of network security utilizing blockchain was examined in this study using IoT. This research presents a comparison based on several network solutions that employ blockchain for network security. Finally, the blockchain application in various networks, as well as its difficulties, are examined.