Malware detection constitutes a fundamental step in safe and secure computational systems, including industrial systems and the Internet of Things (IoT). Modern malware detection is based on machine learning methods that classify software samples as malware or benign, based on features that are extracted from the samples through static and/or dynamic analysis. State-of-the-art malware detection systems employ Deep Neural Networks (DNNs) whose accuracy increases as more data are analyzed and exploited. However, organizations also have significant privacy constraints and concerns which limit the data that they share with centralized security providers or other organizations, despite the malware detection accuracy improvements that can be achieved with the aggregated data. In this paper we investigate the effectiveness of federated learning (FL) methods for developing and distributing aggregated DNNs among autonomous interconnected organizations. We analyze a solution where multiple organizations use independent malware analysis platforms as part of their Security Operations Centers (SOCs) and train their own local DNN model on their own private data. Exploiting cross-silo FL, we combine these DNNs into a global one which is then distributed to all organizations, achieving the distribution of combined malware detection models using data from multiple sources without sample or feature sharing. We evaluate the approach using the EMBER benchmark dataset and demonstrate that our approach effectively reaches the same accuracy as the non-federated centralized DNN model, which is above 93\%.

In today s digital landscape, the task of identifying various types of malicious files has become progressively challenging. Modern malware exhibits increasing sophistication, often evading conventional anti-malware solutions. The scarcity of data on distinct and novel malware strains further complicates effective detection. In response, this research presents an innovative approach to malware detection, specifically targeting multiple distinct categories of malicious software. In the initial stage, Principal Component Analysis (PCA) is performed and achieved a remarkable accuracy rate of 95.39\%. Our methodology revolves around leveraging features commonly accessible from user-uploaded files, aligning with the contextual behavior of typical users seeking to identify malignancy. This underscores the efficacy of the unique featurebased detection strategy and its potential to enhance contemporary malware identification methodologies. The outcomes achieved attest to the significance of addressing emerging malware threats through inventive analytical paradigms.

With the rapid development of science and technology, information security issues have been attracting more attention. According to statistics, tens of millions of computers around the world are infected by malicious software (Malware) every year, causing losses of up to several USD billion. Malware uses various methods to invade computer systems, including viruses, worms, Trojan horses, and others and exploit network vulnerabilities for intrusion. Most intrusion detection approaches employ behavioral analysis techniques to analyze malware threats with packet collection and filtering, feature engineering, and attribute comparison. These approaches are difficult to differentiate malicious traffic from legitimate traffic. Malware detection and classification are conducted with deep learning and graph neural networks (GNNs) to learn the characteristics of malware. In this study, a GNN-based model is proposed for malware detection and classification on a renewable energy management platform. It uses GNN to analyze malware with Cuckoo Sandbox malware records for malware detection and classification. To evaluate the effectiveness of the GNN-based model, the CIC-AndMal2017 dataset is used to examine its accuracy, precision, recall, and ROC curve. Experimental results show that the GNN-based model can reach better results.

The motive of this paper is to detect the malware from computer systems in order to protect the confidential data, information, documents etc. from being accessing. The detection of malware is necessary because it steals the data from that system which is affected by malware. There are different malware detection techniques (cloud-based, signature-based, Iot-based, heuristic based etc.) and different malware detection tools (static, dynamic) area used in this paper to detect new generation malware. It is necessary to detect malware because the attacks of malware badly affect our economy and no one sector is untouched by it. The detection of malware is compulsory because it exploits goal devices vulnerabilities, along with a Trojan horse in valid software e.g. browser that may be hijacked. There are also different tools used for detection of malware like static or dynamic that we see in this paper. We also see different methods of detection of malware in android.

The use of computers and the internet has spread rapidly over the course of the past few decades. Every day, more and more peopleare coming to rely heavily on the internet. When it comes to the field of information security, the subject of security is one that is becoming an increasingly important focus. It is vital to design a powerful intrusion detection system in order to prevent computer hackers and other intruders from effectively getting into computer networks or systems. This can be accomplished by: (IDS). The danger and attack detection capabilities of the computer system are built into the intrusion detection system. Abuse has occurred and can be used to identify invasions when there is a deviation between a preset pattern of intrusion and an observedpattern of intrusion. An intrusion detection system (IDS) is a piece of hardware (or software) that is used to generate reports for a Management Station as well as monitor network and/or system activities for unethical behaviour or policy violations. In the current study, an approach known as machine learning is suggested as a possible paradigm for the development of a network intrusion detection system. The results of the experiment show that the strategy that was suggested improves the capability of intrusion detection.

Cyber physical system (CPS) Critical infrastructures (CIs) like the power and energy systems are increasingly becoming vulnerable to cyber attacks. Mitigating cyber risks in CIs is one of the key objectives of the design and maintenance of these systems. These CPS CIs commonly use legacy devices for remote monitoring and control where complete upgrades are uneconomical and infeasible. Therefore, risk assessment plays an important role in systematically enumerating and selectively securing vulnerable or high-risk assets through optimal investments in the cybersecurity of the CPS CIs. In this paper, we propose a CPS CI security framework and software tool, CySec Game, to be used by the CI industry and academic researchers to assess cyber risks and to optimally allocate cybersecurity investments to mitigate the risks. This framework uses attack tree, attackdefense tree, and game theory algorithms to identify high-risk targets and suggest optimal investments to mitigate the identified risks. We evaluate the efficacy of the framework using the tool by implementing a smart grid case study that shows accurate analysis and feasible implementation of the framework and the tool in this CPS CI environment.

The releases of Intel SGX and AMD SEV mark the transition of hardware-based enclaves from research prototypes to mainstream products. These two paradigms of secure enclaves are attractive to both the cloud providers and tenants, since security is one of the key pillars of cloud computing. However, it is found that current hardware-defined enclaves are not flexible and efficient enough for the cloud. For example, although SGX can provide strong memory protection with both confidentiality and integrity, the size of secure memory is tightly restricted. On the contrary, SEV enables enclaves to use more memory but has critical security flaws due to no memory integrity protection. Meanwhile, both types of enclaves have relatively long booting latency, which makes them not suitable for short-term tasks like serverless workloads. After an in-depth analysis, we find that there are some intrinsic tradeoffs between security and performance due to the limitation of architectural designs. In this article, we investigate a novel hardware-software co-design of enclaves to meet the requirements of cloud by placing a part of the logic of the enclave mechanism into a lightweight software layer, named Enclavisor, to achieve a balance between security, performance, and flexibility. Specifically, our implementation is based on AMD’s SEV and, Enclavisor is placed in the guest kernel mode of SEV’s secure virtual machines. Enclavisor inherently supports memory encryption with no memory limitation and also achieves efficient booting, multiple enclave granularities, and post-launch remote attestation. Meanwhile, we also propose hardware/ software solutions to mitigate the security flaws caused by the lack of memory integrity. We implement a prototype of Enclavisor on an AMD SEV server. The experiments on both micro-benchmarks and application benchmarks show that enclaves on Enclavisor can have close-to-native performance.

In the face of an increasing attack landscape, it is necessary to cater for efficient mechanisms to verify software and device integrity for detecting run-time modifications in next-generation systems-of-systems. In this context, remote attestation is a promising defense mechanism that allows a third party, the verifier, to ensure a remote device’s configuration integrity and behavioural execution correctness. However, most of the existing families of attestation solutions suffer from the lack of software-based mechanisms for the efficient extraction of rigid control-flow information. This limits their applicability to only those cyber-physical systems equipped with additional hardware support. This paper proposes a multi-level execution tracing framework capitalizing on recent software features, namely the extended Berkeley Packet Filter and Intel Processor Trace technologies, that can efficiently capture the entire platform configuration and control-flow stacks, thus, enabling wide attestation coverage capabilities that can be applied on both resource-constrained devices and cloud services. Our goal is to enhance run-time software integrity and trustworthiness with a scalable tracing solution eliminating the need for federated infrastructure trust.

The releases of Intel SGX and AMD SEV mark the transition of hardware-based enclaves from research prototypes to mainstream products. These two paradigms of secure enclaves are attractive to both the cloud providers and tenants, since security is one of the key pillars of cloud computing. However, it is found that current hardware-defined enclaves are not flexible and efficient enough for the cloud. For example, although SGX can provide strong memory protection with both confidentiality and integrity, the size of secure memory is tightly restricted. On the contrary, SEV enables enclaves to use more memory but has critical security flaws due to no memory integrity protection. Meanwhile, both types of enclaves have relatively long booting latency, which makes them not suitable for short-term tasks like serverless workloads. After an in-depth analysis, we find that there are some intrinsic tradeoffs between security and performance due to the limitation of architectural designs. In this article, we investigate a novel hardware-software co-design of enclaves to meet the requirements of cloud by placing a part of the logic of the enclave mechanism into a lightweight software layer, named Enclavisor, to achieve a balance between security, performance, and flexibility. Specifically, our implementation is based on AMD’s SEV and, Enclavisor is placed in the guest kernel mode of SEV’s secure virtual machines. Enclavisor inherently supports memory encryption with no memory limitation and also achieves efficient booting, multiple enclave granularities, and post-launch remote attestation. Meanwhile, we also propose hardware/ software solutions to mitigate the security flaws caused by the lack of memory integrity. We implement a prototype of Enclavisor on an AMD SEV server. The experiments on both micro-benchmarks and application benchmarks show that enclaves on Enclavisor can have close-to-native performance.

In the face of an increasing attack landscape, it is necessary to cater for efficient mechanisms to verify software and device integrity for detecting run-time modifications in next-generation systems-of-systems. In this context, remote attestation is a promising defense mechanism that allows a third party, the verifier, to ensure a remote device’s configuration integrity and behavioural execution correctness. However, most of the existing families of attestation solutions suffer from the lack of software-based mechanisms for the efficient extraction of rigid control-flow information. This limits their applicability to only those cyber-physical systems equipped with additional hardware support. This paper proposes a multi-level execution tracing framework capitalizing on recent software features, namely the extended Berkeley Packet Filter and Intel Processor Trace technologies, that can efficiently capture the entire platform configuration and control-flow stacks, thus, enabling wide attestation coverage capabilities that can be applied on both resource-constrained devices and cloud services. Our goal is to enhance run-time software integrity and trustworthiness with a scalable tracing solution eliminating the need for federated infrastructure trust.

Package registries host reusable code assets, allowing developers to share and reuse packages easily, thus accelerating the software development process. Current software registry ecosystems involve multiple independent stakeholders for package management. Unfortunately, abnormal behavior and information inconsistency inevitably exist, enabling adversaries to conduct malicious activities with minimal effort covertly. In this paper, we investigate potential security vulnerabilities in six popular software registry ecosystems. Through a systematic analysis of the official registries, corresponding registry mirrors and registry clients, we identify twelve potential attack vectors, with six of them disclosed for the first time, that can be exploited to distribute malicious code stealthily. Based on these security issues, we build an analysis framework, RScouter, to continuously monitor and uncover vulnerabilities in registry ecosystems. We then utilize RScouter to conduct a measurement study spanning one year over six registries and seventeen popular mirrors, scrutinizing over 4 million packages across 53 million package versions. Our quantitative analysis demonstrates that multiple threats exist in every ecosystem, and some have been exploited by attackers. We have duly reported the identified vulnerabilities to related stakeholders and received positive responses.

In the digital era, web applications have become a prevalent tool for businesses. As the number of web applications continues to grow, they become enticing targets for malicious actors seeking to exploit potential security vulnerabilities. Organizations face constant risks associated with vulnerabilities in their web-based software systems, which can result in data breaches, service disruptions, and a loss of trust. Consequently, organizations require an effective and efficient approach to assess and analyze the security of acquired web-based software, ensuring sufficient confidence in its utilization. This research aims to enhance the quantitative evaluation and analysis of web application security through a model-based approach. We focus on integrating the Open Web Application Security Project s (OWASP) Application Security Verification Standard (ASVS) into a structured and analyzable metamodel. This model aims to effectively assess the security levels of web applications while offering valuable insights into their strengths and weaknesses. By combining the ASVS with a comprehensive framework, we aim to provide a robust methodology for evaluating and analyzing web application security.

The edge computing-based Internet of Things (IoT) offers benefits in terms of efficiency, low latency, security, and privacy. However, programming models and platforms for this edge-based IoT are still an open problem, particularly regarding security and privacy. This paper proposes concrete and realizable ideas for building a secure programming platform called Secure Swarm Programming Platform (SSPP) to ensure platform-level security for the edge-based IoT while utilizing existing systemlevel security mechanisms. SSPP’s easy-to-use software components can enable static and dynamic security analysis of IoT applications, preventing vulnerabilities and detecting intrusions. Software deployed through SSPP can be remotely attested by a verifier on the edge, ensuring it remains untampered with. This paper also plans out future research and evaluation of SSPP’s programmability, security, and remote attestation.

Confidential computing services enable users to run or use applications in Trusted Execution Environments (TEEs) leveraging secure hardware, like Intel SGX or AMD SEV, and verify them by performing remote attestation. Typically this process is very rigid and not always aligned with the trust assumptions of the users regarding the hardware identities, stakeholders and software that are considered trusted. In our work, we enable the users to tailor their trust boundaries according to their security concerns and remotely attest the different TEEs specifically based on those.

The wide adoption of IoT gadgets and CyberPhysical Systems (CPS) makes embedded devices increasingly important. While some of these devices perform mission-critical tasks, they are usually implemented using Micro-Controller Units (MCUs) that lack security mechanisms on par with those available to general-purpose computers, making them more susceptible to remote exploits that could corrupt their software integrity. Motivated by this problem, prior work has proposed techniques to remotely assess the trustworthiness of embedded MCU software. Among them, Control Flow Attestation (CFA) enables remote detection of runtime abuses that illegally modify the program’s control flow during execution (e.g., control flow hijacking and code reuse attacks).

Package registries host reusable code assets, allowing developers to share and reuse packages easily, thus accelerating the software development process. Current software registry ecosystems involve multiple independent stakeholders for package management. Unfortunately, abnormal behavior and information inconsistency inevitably exist, enabling adversaries to conduct malicious activities with minimal effort covertly. In this paper, we investigate potential security vulnerabilities in six popular software registry ecosystems. Through a systematic analysis of the official registries, corresponding registry mirrors and registry clients, we identify twelve potential attack vectors, with six of them disclosed for the first time, that can be exploited to distribute malicious code stealthily. Based on these security issues, we build an analysis framework, RScouter, to continuously monitor and uncover vulnerabilities in registry ecosystems. We then utilize RScouter to conduct a measurement study spanning one year over six registries and seventeen popular mirrors, scrutinizing over 4 million packages across 53 million package versions. Our quantitative analysis demonstrates that multiple threats exist in every ecosystem, and some have been exploited by attackers. We have duly reported the identified vulnerabilities to related stakeholders and received positive responses.

In the digital era, web applications have become a prevalent tool for businesses. As the number of web applications continues to grow, they become enticing targets for malicious actors seeking to exploit potential security vulnerabilities. Organizations face constant risks associated with vulnerabilities in their web-based software systems, which can result in data breaches, service disruptions, and a loss of trust. Consequently, organizations require an effective and efficient approach to assess and analyze the security of acquired web-based software, ensuring sufficient confidence in its utilization. This research aims to enhance the quantitative evaluation and analysis of web application security through a model-based approach. We focus on integrating the Open Web Application Security Project s (OWASP) Application Security Verification Standard (ASVS) into a structured and analyzable metamodel. This model aims to effectively assess the security levels of web applications while offering valuable insights into their strengths and weaknesses. By combining the ASVS with a comprehensive framework, we aim to provide a robust methodology for evaluating and analyzing web application security.

With the advancement in Internet of things smart homes are rapidly developing. Smart home is the major key component of Internet of thing. With the help of IOT technology we can stay connected to our home appliance. Internet of Things is the Associations of inserted advancements that. Contained physical protests and is utilized to convey and keenness or collaborate with the internal states or the outer surroundings. Rather than individuals to individuals’ correspondence, IoT accentuation on machine-to-machine correspondence. Smart home connects the physical components of our home with the help of software and sensors so that we can access them via internet from one place. Building home automation includes computerizing a home, likewise, mentioned to as a sensible home or smart home. Domestic machines are an urgent part of the Web of Things whenever they are associated with the web. Controlled devices are commonly connected to a focal center or entryway through a domestic automation framework. A smartphone application, tablet PC, personal computer, wall-mounted terminals, or even a web interface that can be gotten to from off-website over the Web are completely utilized by the program to work the framework. Since all the devices are interconnected and interlinked to one an-another they are lot of chances for security breach and data theft. If the security layer is easily breakable any third-party attacker can easily theft the private data of the user. Which leads us to pay more attention to protecting and securing private data. With the day-to-day development of Smart Home, the safety also got to be developed and updated day to day the safety challenges of the IoT for a wise home scenario are encountered, and a comprehensive IoT security management for smart homes has been proposed. This paper acquaints the status of IoT development, and furthermore contains security issues challenges. Finally, this paper surveys the Gamble factor, security issues and challenges in every point of view.

The Internet of Things (IoT) connects the physical world to the digital world, and wireless sensor networks (WSNs) play a significant role. There are billions of IoT products in the market. We found that security was not the primary focus of software developers. The first step of designing a secure product is to analyze and note down the security requirements. This research paper proposes a modified approach, incorporating elements from the SREP (Software Requirements Engineering Process) and SQUARE (Security Quality Requirement Engineering), to define security requirements for IoT products. The revised process is applied to determine the security requirements of a Smart Lock system that utilizes the publish/subscribe protocol MQTT-SN (Message Queuing Telemetry Transport for Sensor Networks) communication protocol architecture.

This paper highlights the progress toward securing teleoperating devices over the past ten years of active technology development. The relevance of this issue lies in the widespread development of teleoperating systems with a small number of systems allowed for operations. Anomalous behavior of the operating device, caused by a disruption in the normal functioning of the system modules, can be associated with remote attacks and exploitation of vulnerabilities, which can lead to fatal consequences. There are regulations and mandates from licensing agencies such as the US Food and Drug Administration (FDA) that place restrictions on the architecture and components of teleoperating systems. These requirements are also evolving to meet new cybersecurity threats. In particular, consumers and safety regulatory agencies are attracted by the threat of compromising hardware modules along with software insecurity. Recently, detailed security frameworks and protocols for teleoperating devices have appeared. However, a matter of intelligent autonomous controllers for analyzing anomalous and suspicious actions in the system remain unattended, as well as emergency protocols from the point of cybersecurity view. This work provides a new approach for the intraoperative cybersecurity of intelligent teleoperative surgical systems, taking into account modern requirements for implementing into the Surgical Remote Intelligent Robotic System LevshAI. The proposed principal security model allows a surgeon or autonomous agent to manage the operation process during various attacks.

AI-based code generators have gained a fundamental role in assisting developers in writing software starting from natural language (NL). However, since these large language models are trained on massive volumes of data collected from unreliable online sources (e.g., GitHub, Hugging Face), AI models become an easy target for data poisoning attacks, in which an attacker corrupts the training data by injecting a small amount of poison into it, i.e., astutely crafted malicious samples. In this position paper, we address the security of AI code generators by identifying a novel data poisoning attack that results in the generation of vulnerable code. Next, we devise an extensive evaluation of how these attacks impact state-of-the-art models for code generation. Lastly, we discuss potential solutions to overcome this threat.

Wireless communication enables an ingestible device to send sensor information and support external on-demand operation while in the gastrointestinal (GI) tract. However, it is challenging to maintain stable wireless communication with an ingestible device that travels inside the dynamic GI environment as this environment easily detunes the antenna and decreases the antenna gain. In this paper, we propose an air-gap based antenna solution to stabilize the antenna gain inside this dynamic environment. By surrounding a chip antenna with 1 2 mms of air, the antenna is isolated from the environment, recovering its antenna gain and the received signal strength by 12 dB or more according to our in vitro and in vivo evaluation in swine. The air gap makes margin for the high path loss, enabling stable wireless communication at 2.4 GHz that allows users to easily access their ingestible devices by using mobile devices with Bluetooth Low Energy (BLE). On the other hand, the data sent or received over the wireless medium is vulnerable to being eavesdropped on by nearby devices other than authorized users. Therefore, we also propose a lightweight security protocol. The proposed protocol is implemented in low energy without compromising the security level thanks to the base protocol of symmetric challenge-response and Speck, the cipher that is optimized for software implementation.

Air-gapped workstations are separated from the Internet because they contain confidential or sensitive information. Studies have shown that attackers can leak data from air-gapped computers with covert ultrasonic signals produced by loudspeakers. To counteract the threat, speakers might not be permitted on highly sensitive computers or disabled altogether - a measure known as an ’audio gap.’ This paper presents an attack enabling adversaries to exfiltrate data over ultrasonic waves from air-gapped, audio-gapped computers without external speakers. The malware on the compromised computer uses its built-in buzzer to generate sonic and ultrasonic signals. This component is mounted on many systems, including PC workstations, embedded systems, and server motherboards. It allows software and firmware to provide error notifications to a user, such as memory and peripheral hardware failures. We examine the different types of internal buzzers and their hardware and software controls. Despite their limited technological capabilities, such as 1-bit sound, we show that sensitive data can be encoded in sonic and ultrasonic waves. This is done using pulse width modulation (PWM) techniques to maintain a carrier wave with a dynamic range. We also show that malware can evade detection by hiding in the frequency bands of other components (e.g., fans and power supplies). We implement the attack using a PC transmitter and smartphone app receiver. We discuss transmission protocols, modulation, encoding, and reception and present the evaluation of the covert channel as well. Based on our tests, sensitive data can be exfiltrated from air-gapped computers through its built- in buzzer. A smartphone can receive data from up to six meters away at 100 bits per second.

The rapid advancement of technology in aviation business management, notably through the implementation of location-independent aerodrome control systems, is reshaping service efficiency and cost-effectiveness. However, this emphasis on operational enhancements has resulted in a notable gap in cybersecurity incident management proficiency. This study addresses the escalating sophistication of the cybersecurity threat landscape, where malicious actors target critical safety information, posing risks from disruptions to potential catastrophic incidents. The paper employs a specialized conceptualization technique, derived from prior research, to analyze the interplays between malicious software and degraded modes operations in location-independent aerodrome control systems. Rather than predicting attack trajectories, this approach prioritizes the development of training paradigms to rigorously evaluate expertise across engineering, operational, and administrative levels in air traffic management domain. This strategy offers a proactive framework to safeguard critical infrastructures, ensuring uninterrupted, reliable services, and fortifying resilience against potential threats. This methodology promises to cultivate a more secure and adept environment for aerodrome control operations, mitigating vulnerabilities associated with malicious interventions.

This paper presents AirKeyLogger - a novel radio frequency (RF) keylogging attack for air-gapped computers.Our keylogger exploits radio emissions from a computer’s power supply to exfiltrate real-time keystroke data to a remote attacker. Unlike hardware keylogging devices, our attack does not require physical hardware. Instead, it can be conducted via a software supply-chain attack and is solely based on software manipulations. Malware on a sensitive, air-gap computer can intercept keystroke logging by using global hooking techniques or injecting malicious code into a running process. To leak confidential data, the processor’s working frequencies are manipulated to generate a pattern of electromagnetic emissions from the power unit modulated by keystrokes. The keystroke information can be received at distances of several meters away via an RF receiver or a smartphone with a simple antenna. We provide related work, discuss keylogging methods and present multi-key modulation techniques. We evaluate our method at various typing speeds and on-screen keyboards as well. We show the design and implementation of transmitter and receiver components and present evaluation findings. Our tests show that malware can eavesdrop on keylogging data in real-time over radio signals several meters away and behind concrete walls from highly secure and air-gapped systems.