This article proposes a security protection technology based on active dynamic defense technology. Solved unknown threats that traditional rule detection methods cannot detect, effectively resisting purposeless virus spread such as worms; Isolate new unknown viruses, Trojans, and other attack threats; Strengthen terminal protection, effectively solve east-west horizontal penetration attacks in the internal network, and enhance the adversarial capabilities of the internal network. Propose modeling user behavior habits based on machine learning algorithms. By using historical behavior models, abnormal user behavior can be detected in real-time, network danger can be perceived, and proactive changes in network defense strategies can be taken to increase the difficulty of attackers. To achieve comprehensive and effective defense, identification, and localization of network attack behaviors, including APT attacks.

Malwares have been being a major security threats to enterprises, government organizations and end-users. Beside traditional malwares, such as viruses, worms and trojans, new types of malwares, such as botnets, ransomwares, IoT malwares and crypto-jackings are released daily. To cope with malware threats, several measures for monitoring, detecting and preventing malwares have been developed and deployed in practice, such as signature-based detection, static and dynamic file analysis. This paper proposes 2 malware detection models based on statistics and machine learning using opcode n-grams. The proposed models aim at achieving high detection accuracy as well as reducing the amount of time for training and detection. Experimental results show that our proposed models give better performance measures than previous proposals. Specifically, the proposed statistics-based model is very fast and it achieves a high detection accuracy of 92.75\% and the random forest-based model produces the highest detection accuracy of 96.29\%.

With the rapid development of science and technology, information security issues have been attracting more attention. According to statistics, tens of millions of computers around the world are infected by malicious software (Malware) every year, causing losses of up to several USD billion. Malware uses various methods to invade computer systems, including viruses, worms, Trojan horses, and others and exploit network vulnerabilities for intrusion. Most intrusion detection approaches employ behavioral analysis techniques to analyze malware threats with packet collection and filtering, feature engineering, and attribute comparison. These approaches are difficult to differentiate malicious traffic from legitimate traffic. Malware detection and classification are conducted with deep learning and graph neural networks (GNNs) to learn the characteristics of malware. In this study, a GNN-based model is proposed for malware detection and classification on a renewable energy management platform. It uses GNN to analyze malware with Cuckoo Sandbox malware records for malware detection and classification. To evaluate the effectiveness of the GNN-based model, the CIC-AndMal2017 dataset is used to examine its accuracy, precision, recall, and ROC curve. Experimental results show that the GNN-based model can reach better results.

Advanced persistent threat (APT) attack is one of the most serious threats to power system cyber security. ATT\&CK framework integrates the known historical and practical APT attack tactics and techniques to form a general language for describing hacker behavior and an abstract knowledge base framework for hacker attacks. Combined with the ATT\&CK for ICS framework, this paper combed the known attack techniques used by viruses or hacker groups aimed at cyberattacks on infrastructure, especially power systems. Then found the corresponding mitigations for each attack technique, and merged them. Next, we listed the high frequency and important mitigations for reference. At last, we proposed a cyber security defense model suitable for ICS to provide a reference for security teams on how to apply ATT\&ck; other similar cyberattack frameworks.

Operating Systems Security - Now personal computers are used in which the user has free access to all the resources of the machine. This opened the door to the danger known as computer virus. The purpose of the work is to introduce the user to the basics of computer virology, to identify viruses and to teach them how to combat them. The method of the work is the analysis of printed publications on this topic. Several attempts to provide a "modern" definition of the virus have been unsuccessful. To realize the complexity of the problem, for example, try to define the concept of "editor". In this paper, the modern Antivirus security classification model to enhance the protection for commercial computer networks. The either come up with the most common one or start listing all the known types of editors. Neither can be considered acceptable. Therefore, we will limit ourselves to considering some characteristics of computer viruses that allow us to speak of certain types of programs.

Neural Network Security - With the development of computer and network technology, industrial control systems are connecting with the Internet and other public networks in various ways, viruses, trojans and other threats are spreading to industrial control systems, industrial control system information security issues are becoming increasingly prominent. Under this background, it is necessary to construct the network security evaluation model of industrial control system based on the safety evaluation criteria and methods, and complete the safety evaluation of the industrial control system network according to the design scheme. Based on back propagation (BP) neural network’s evaluation of the network security status of industrial control system, this paper determines the number of neurons in BP neural network input layer, hidden layer and output layer by analyzing the actual demand, empirical equation calculation and experimental comparison, and designs the network security evaluation index system of industrial control system according to factors affecting industrial control safety, and constructs a safety rating table. Finally, by comparing the performance of BP neural network and multilinear regression to the evaluation of the network security status of industrial control system through experimental simulation, it can be found that BP neural network has higher accuracy for the evaluation of network security status of industrial control system.

Network Control Systems Security - With the development of computer and network technology, industrial control systems are connecting with the Internet and other public networks in various ways, viruses, trojans and other threats are spreading to industrial control systems, industrial control system information security issues are becoming increasingly prominent. Under this background, it is necessary to construct the network security evaluation model of industrial control system based on the safety evaluation criteria and methods, and complete the safety evaluation of the industrial control system network according to the design scheme. Based on back propagation (BP) neural network’s evaluation of the network security status of industrial control system, this paper determines the number of neurons in BP neural network input layer, hidden layer and output layer by analyzing the actual demand, empirical equation calculation and experimental comparison, and designs the network security evaluation index system of industrial control system according to factors affecting industrial control safety, and constructs a safety rating table. Finally, by comparing the performance of BP neural network and multilinear regression to the evaluation of the network security status of industrial control system through experimental simulation, it can be found that BP neural network has higher accuracy for the evaluation of network security status of industrial control system.

Malware Classification - Nowadays, increasing numbers of malicious programs are becoming a serious problem, which increases the need for automated detection and categorization of potential threats. These attacks often use undetected malware that is not recognized by the security vendor, making it difficult to protect the endpoints from viruses. Existing methods have been proposed to detect malware. However, as malware variations develop, they can lead to misdiagnosis and are difficult to diagnose accurately. To address this problem, in this work introduces a Recurrent Neural Network (RNN) to identify the malware or benign based on extract features using Information Gain Absolute Feature Selection (IGAFS) technique. First, Malware detection dataset is collected from kaggle repository. Then the proposed pre-process the dataset for removing null and noisy values to prepare the dataset. Next, the proposed Information Gain Absolute Feature Selection (IGAFS) technique is used to select most relevant features for malware from the pre-processed dataset. Selected features are trained into Recurrent Neural Network (RNN) method to classify as malware or not with better accuracy and false rate. The experimental result provides greater performance compared with previous methods.

Malware Analysis - Detection of malware and security attacks is a complex process that can vary in its details and analysis activities. As part of the detection process, malware scanners try to categorize a malware once it is detected under one of the known malware categories (e.g. worms, spywares, viruses, etc.). However, many studies and researches indicate problems with scanners categorizing or identifying a particular malware under more than one malware category. This paper, and several others, show that machine learning can be used for malware detection especially with ensemble base prediction methods. In this paper, we evaluated several custom-built ensemble models. We focused on multi-label malware classification as individual or classical classifiers showed low accuracy in such territory.This paper showed that recent machine models such as ensemble and deep learning can be used for malware detection with better performance in comparison with classical models. This is very critical in such a dynamic and yet important detection systems where challenges such as the detection of unknown or zero-day malware will continue to exist and evolve.

Malware Analysis - The rising use of smartphones each year is matched by the development of the smartphone s operating system, Android. Due to the immense popularity of the Android operating system, many unauthorized users (in this case, the attackers) wish to exploit this vulnerability to get sensitive data from every Android user. The flubot malware assault, which happened in 2021 and targeted Android devices practically globally, is one of the attacks on Android smartphones. It was known at the time that the flubot virus stole information, particularly from banking applications installed on the victim s device. To prevent this from happening again, we research the signature and behavior of flubot malware. In this study, a hybrid analysis will be conducted on three samples of flubot malware that are available on the open-source Hatching Triage platform. Using the Android Virtual Device (AVD) as the primary environment for malware installation, the analysis was conducted with the Android Debug Bridge (ADB) and Burpsuite as supporting tools for dynamic analysis. During the static analysis, the Mobile Security Framework (MobSF) and the Bytecode Viewer were used to examine the source code of the three malware samples. Analysis of the flubot virus revealed that it extracts or drops dex files on the victim s device, where the file is the primary malware. The Flubot virus will clone the messaging application or Short Message Service (SMS) on the default device. Additionally, we discovered a form of flubot malware that operates as a Domain Generation Algorithm (DGA) and communicates with its Command and Control (C\&C) server.

Malware Analysis and Graph Theory - The rapidly increasing malware threats must be coped with new effective malware detection methodologies. Current malware threats are not limited to daily personal transactions but dowelled deeply within large enterprises and organizations. This paper introduces a new methodology for detecting and discriminating malicious versus normal applications. In this paper, we employed Ant-colony optimization to generate two behavioural graphs that characterize the difference in the execution behavior between malware and normal applications. Our proposed approach relied on the API call sequence generated when an application is executed. We used the API calls as one of the most widely used malware dynamic analysis features. Our proposed method showed distinctive behavioral differences between malicious and non-malicious applications. Our experimental results showed a comparative performance compared to other machine learning methods. Therefore, we can employ our method as an efficient technique in capturing malicious applications.

Malware Analysis - Detection of malware and security attacks is a complex process that can vary in its details and analysis activities. As part of the detection process, malware scanners try to categorize a malware once it is detected under one of the known malware categories (e.g. worms, spywares, viruses, etc.). However, many studies and researches indicate problems with scanners categorizing or identifying a particular malware under more than one malware category. This paper, and several others, show that machine learning can be used for malware detection especially with ensemble base prediction methods. In this paper, we evaluated several custom-built ensemble models. We focused on multi-label malware classification as individual or classical classifiers showed low accuracy in such territory.This paper showed that recent machine models such as ensemble and deep learning can be used for malware detection with better performance in comparison with classical models. This is very critical in such a dynamic and yet important detection systems where challenges such as the detection of unknown or zero-day malware will continue to exist and evolve.

Malware Analysis - The rising use of smartphones each year is matched by the development of the smartphone s operating system, Android. Due to the immense popularity of the Android operating system, many unauthorized users (in this case, the attackers) wish to exploit this vulnerability to get sensitive data from every Android user. The flubot malware assault, which happened in 2021 and targeted Android devices practically globally, is one of the attacks on Android smartphones. It was known at the time that the flubot virus stole information, particularly from banking applications installed on the victim s device. To prevent this from happening again, we research the signature and behavior of flubot malware. In this study, a hybrid analysis will be conducted on three samples of flubot malware that are available on the open-source Hatching Triage platform. Using the Android Virtual Device (AVD) as the primary environment for malware installation, the analysis was conducted with the Android Debug Bridge (ADB) and Burpsuite as supporting tools for dynamic analysis. During the static analysis, the Mobile Security Framework (MobSF) and the Bytecode Viewer were used to examine the source code of the three malware samples. Analysis of the flubot virus revealed that it extracts or drops dex files on the victim s device, where the file is the primary malware. The Flubot virus will clone the messaging application or Short Message Service (SMS) on the default device. Additionally, we discovered a form of flubot malware that operates as a Domain Generation Algorithm (DGA) and communicates with its Command and Control (C\&C) server.

Intelligent Data and Security - Artificial technology developed in recent years. It is an intelligent system that can perform tasks without human intervention. AI can be used for various purposes, such as speech recognition, face recognition, etc. AI can be used for good or bad purposes, depending on how it is implemented. The discuss the application of AI in data security technology and its advantages over traditional security methods. We will focus on the good use of AI by analyzing the impact of AI on the development of big data security technology. AI can be used to enhance security technology by using machine learning algorithms, which can analyze large amounts of data and identify patterns that cannot be detected automatically by humans. The computer big data security technology platform based on artificial intelligence in this paper is the process of creating a system that can identify and prevent malicious programs. The system must be able to detect all types of threats, including viruses, worms, Trojans and spyware. It should also be able to monitor network activity and respond quickly in the event of an attack.

The rapidly increasing malware threats must be coped with new effective malware detection methodologies. Current malware threats are not limited to daily personal transactions but dowelled deeply within large enterprises and organizations. This paper introduces a new methodology for detecting and discriminating malicious versus normal applications. In this paper, we employed Ant-colony optimization to generate two behavioural graphs that characterize the difference in the execution behavior between malware and normal applications. Our proposed approach relied on the API call sequence generated when an application is executed. We used the API calls as one of the most widely used malware dynamic analysis features. Our proposed method showed distinctive behavioral differences between malicious and non-malicious applications. Our experimental results showed a comparative performance compared to other machine learning methods. Therefore, we can employ our method as an efficient technique in capturing malicious applications.

Detection of malware and security attacks is a complex process that can vary in its details and analysis activities. As part of the detection process, malware scanners try to categorize a malware once it is detected under one of the known malware categories (e.g. worms, spywares, viruses, etc.). However, many studies and researches indicate problems with scanners categorizing or identifying a particular malware under more than one malware category. This paper, and several others, show that machine learning can be used for malware detection especially with ensemble base prediction methods. In this paper, we evaluated several custom-built ensemble models. We focused on multi-label malware classification as individual or classical classifiers showed low accuracy in such territory.This paper showed that recent machine models such as ensemble and deep learning can be used for malware detection with better performance in comparison with classical models. This is very critical in such a dynamic and yet important detection systems where challenges such as the detection of unknown or zero-day malware will continue to exist and evolve.

The rising use of smartphones each year is matched by the development of the smartphone s operating system, Android. Due to the immense popularity of the Android operating system, many unauthorized users (in this case, the attackers) wish to exploit this vulnerability to get sensitive data from every Android user. The flubot malware assault, which happened in 2021 and targeted Android devices practically globally, is one of the attacks on Android smartphones. It was known at the time that the flubot virus stole information, particularly from banking applications installed on the victim s device. To prevent this from happening again, we research the signature and behavior of flubot malware. In this study, a hybrid analysis will be conducted on three samples of flubot malware that are available on the open-source Hatching Triage platform. Using the Android Virtual Device (AVD) as the primary environment for malware installation, the analysis was conducted with the Android Debug Bridge (ADB) and Burpsuite as supporting tools for dynamic analysis. During the static analysis, the Mobile Security Framework (MobSF) and the Bytecode Viewer were used to examine the source code of the three malware samples. Analysis of the flubot virus revealed that it extracts or drops dex files on the victim s device, where the file is the primary malware. The Flubot virus will clone the messaging application or Short Message Service (SMS) on the default device. Additionally, we discovered a form of flubot malware that operates as a Domain Generation Algorithm (DGA) and communicates with its Command and Control (C\&C) server.

Due to the rise of the internet a business model known as online advertising has seen unprecedented success. However, it has also become a prime method through which criminals can scam people. Often times even legitimate websites contain advertisements that are linked to scam websites since they are not verified by the website’s owners. Scammers have become quite creative with their attacks, using various unorthodox and inconspicuous methods such as I-frames, Favicons, Proxy servers, Domains, etc. Many modern Anti-viruses are paid services and hence not a feasible option for most users in 3rd world countries. Often people don’t possess devices that have enough RAM to even run such software efficiently leaving them without any options. This project aims to create a Browser extension that will be able to distinguish between safe and unsafe websites by utilizing Machine Learning algorithms. This system is lightweight and free thus fulfilling the needs of most people looking for a cheap and reliable security solution and allowing people to surf the internet easily and safely. The system will scan all the intermittent URL clicks as well, not just the main website thus providing an even greater degree of security.

A formal modeling language MCD for concurrent systems is proposed, and its syntax, semantics and formal definitions are given. MCD uses modules as basic components, and that the detection rules are not perfect, resulting in packets that do not belong to intrusion attacks being misjudged as attacks, respectively. Then the data detection algorithm based on MCD concurrency model protects hidden computer viruses and security threats, and the efficiency is increased by 7.5% Finally, the computer network security protection system is researched based on security modeling.

The ongoing COVID-19 virus pandemic has resulted in a global tragedy due to its lethal spread. The population's vulnerability grows as a result of a lack of effective helping agents and vaccines against the virus. The spread of viruses can be mitigated by minimizing close connections between people. Social distancing is a critical containment tool for COVID-19 prevention. In this paper, the social distancing violations that are being made by the people when they are in public places are detected. As per CDC (Centers for Disease Control and Prevention) minimum distance that should be maintained by people is 2-3 meters to prevent the spread of COVID- 19, the proposed tool will be used to detect the people who are maintaining less than 2-3 meters of distance between themselves and record them as a violation. As a result, the goal of this work is to develop a deep learning-based system for object detection and tracking models in social distancing detection. For object detection models, You Only Look Once, Version 3 (YOLO v3) is used in conjunction with deep sort algorithms to balance speed and accuracy. To recognize persons in video segments, the approach applies the YOLOv3 object recognition paradigm. An efficient computer vision-based approach centered on legitimate continuous tracking of individuals is presented to determine supportive social distancing in public locations by creating a model to generate a supportive climate that contributes to public safety and detect violations through camera.

A method of detecting UHF RFID tags with SQL in-jection virus code written in its user memory bank is explored. A spectrum analyzer took signal strength readings in the frequency spectrum while an RFID reader was reading the tag. The strength of the signal transmitted by the RFID tag in the UHF range, more specifically within the 902–908 MHz sub-band, was used as data to train a Random Forest model for Malware detection. Feature reduction is accomplished by dividing the observed spectrum into 15 ranges with a bandwidth of 344 kHz each and detecting the number of maxima in each range. The malware-infested tag could be detected more than 80% of the time. The frequency ranges contributing most in this detection method were the low (903.451-903.795 MHz, 902.418-902.762 MHz) and high (907.238-907.582 MHz) bands in the observed spectrum.

Artificial intelligence (AI) and machine learning (ML) have been used in transforming our environment and the way people think, behave, and make decisions during the last few decades [1]. In the last two decades everyone connected to the Internet either an enterprise or individuals has become concerned about the security of his/their computational resources. Cybersecurity is responsible for protecting hardware and software resources from cyber attacks e.g. viruses, malware, intrusion, eavesdropping. Cyber attacks either come from black hackers or cyber warfare units. Artificial intelligence (AI) and machine learning (ML) have played an important role in developing efficient cyber security tools. This paper presents Latest Cyber Security Tools Based on Machine Learning which are: Windows defender ATP, DarckTrace, Cisco Network Analytic, IBM QRader, StringSifter, Sophos intercept X, SIME, NPL, and Symantec Targeted Attack Analytic.

In the prevailing situation, the sports like economic, industrial, cultural, social, and governmental activities are carried out in the online world. Today's international is particularly dependent on the wireless era and protective these statistics from cyber-assaults is a hard hassle. The reason for cyber-assaults is to damage thieve the credentials. In a few other cases, cyber-attacks ought to have a navy or political functions. The damages are PC viruses, facts break, DDS, and exceptional attack vectors. To this surrender, various companies use diverse answers to prevent harm because of cyberattacks. Cyber safety follows actual-time data at the modern-day-day IT data. So, far, numerous techniques have proposed with the resource of researchers around the area to prevent cyber-attacks or lessen the harm due to them. The cause of this has a look at is to survey and comprehensively evaluate the usual advances supplied around cyber safety and to analyse the traumatic situations, weaknesses, and strengths of the proposed techniques. Different sorts of attacks are taken into consideration in element. In addition, evaluation of various cyber-attacks had been finished through the platform called Kali Linux. It is predicted that the complete assessment has a have a study furnished for college students, teachers, IT, and cyber safety researchers might be beneficial.