A comprehensive survey on deep learning based malware detection techniques

Anderson, 2013, Measuring the cost of cybercrime, 265 https://ciso.economictimes.indiatimes.com/news/most-firms-see-rise-in-cyberattacks-during-pandemic-survey/75043660. https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-covid-19-report-reveals-pandemic-threat-evolution/. https://www.marketsandmarkets.com/Market-Reports/malware-analysis-market-108766513.html. https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2019-2020.pdf. Dixit, 2021, Deep learning algorithms for cybersecurity applications: A technological and status review, Comp. Sci. Rev., 39, 10.1016/j.cosrev.2020.100317 Aslan, 2020, A comprehensive review on malware detection approaches, IEEE Trans., 8, 6249 Li, 2019, A machine learning framework for domain generation algorithm-based malware detection, IEEE Access, 7, 32765, 10.1109/ACCESS.2019.2891588 Gandotra, 2014, Malware analysis and classification: a survey, J. Inf. Secur., 5, 56 N. Udayakumar, V.J. Saglani, A.V. Cupta, T. Subbulakshmi, Malware classification using machine learning algorithms, in: 2018 2nd International Conference on Trends in Electronics and Informatics, ICOEI, Tirunelveli, 2018, pp. 1–9. Alazab, 2019, Towards understanding malware behaviour by the extraction of API calls, 52 Tang, 2019, Big data for cybersecurity: Vulnerability disclosure trends and dependencies, IEEE Trans. Big Data, 5, 317, 10.1109/TBDATA.2017.2723570 Gibert, 2019, A hierarchical convolutional neural network for malware classification, 1 Alazab, 2015, Profiling and classifying the behavior of malicious codes, J. Syst. Softw., 100, 91, 10.1016/j.jss.2014.10.031 Huda, 2016, Hybrids of support vector machine wrapper and filter based framework for malware detection, Future Gener. Comput. Syst., 55, 376, 10.1016/j.future.2014.06.001 Alazab, 2012, Cybercrime: The case of obfuscated malware, vol. 99 Raff, 2017, Learning the PE header, malware detection with minimal domain knowledge, 121 Rossow, 2012, Prudent practices for designing malware experiments: Status quo and outlook, 65 Anderson, 2017 Verma, 2018, Security analytics: Adapting data science for security challenges, 40 LeCun, 2015, Deep learning, Nature, 521, 436, 10.1038/nature14539 Sudhakar, 2020, An emerging threat fileless malware: a survey and research challenges, Cybersecur, 3, 1, 10.1186/s42400-019-0043-x Chakkaravarthy, 2019, A survey on malware analysis and mitigation techniques, Comp. Sci. Rev., 32, 1, 10.1016/j.cosrev.2019.01.002 Gibert, 2020, The rise of machine learning for detection and classification of malware: Research developments, trends and challenges, J. Netw. Comput. Appl., 153, 10.1016/j.jnca.2019.102526 Koroniotis, 2019, Forensics and deep learning mechanisms for botnets in internet of things: A survey of challenges and solutions, IEEE Access, 7, 61764, 10.1109/ACCESS.2019.2916717 Dixit, 2021, Deep learning algorithms for cybersecurity applications: A technological and status review, Comp. Sci. Rev., 39, 10.1016/j.cosrev.2020.100317 Davis, 2015 Pascanu, 2015, Malware classification with recurrent networks, 1916e1920 Gibert Llaurad, 2016 Ahmadi, 2016, Novel feature extraction, selection and fusion for effective malware family classification, 183e194 Hardy, 2016, 61e67 David, 2015, Deepsign: deep learning for automatic malware signature generation and classification, 1e8 Raff, 2017 Rhode, 2018, Early-stage malware prediction using recurrent neural networks, Comput. Secur., 77, 578, 10.1016/j.cose.2018.05.010 Krcál, 2018 Rezende, 2018, Malicious software classification using VGG16 deep neural network’s bottleneck features, 51 Agarap, 2017 Huang, 2016, Mtnet: A multi-task neural network for dynamic malware classification, 399 Feizollah, 2017, Androdialysis: analysis of android intent effectiveness in malware detection, Comput. Secur., 65, 121, 10.1016/j.cose.2016.11.007 Fang, 2019 Firdausi, 2010, Analysis of machine learning techniques used in behaviorbased malware detection, 201 Han, 2019, Maldae: detecting and explaining malware based on correlation and fusion of static and dynamic characteristics, Comput. Secur., 83, 208, 10.1016/j.cose.2019.02.007 Han, 2019, Malinsight: a systematic profiling based malware detection framework, J. Netw. Comput. Appl., 125, 236, 10.1016/j.jnca.2018.10.022 Duc Nguyen, 2019, DÏoT: a self-learning system for detecting compromised IoT devices Wu, 2019, Bayesian model updating method based android malware detection for IoT services, 61 Moradi, 2004, A neural network based system for intrusion detection and classification of attacks, 15 Zhu, 2021, SEDMDroid: An enhanced stacking ensemble framework for android malware detection, IEEE Trans. Netw. Sci. Eng., 8, 984, 10.1109/TNSE.2020.2996379 Sharma, 2020, A deep learning approach to image-based malware analysis, progress in computing, analytics and networking, 327, 10.1007/978-981-15-2414-1_33 A. Irshad, R. Maurya, M.K. Dutta, R. Burget, V. Uher, Feature Optimization for Run Time Analysis of Malware in Windows Operating System using Machine Learning Approach, in: 2019 42nd International Conference on Telecommunications and Signal Processing, TSP, Budapest, Hungary, 2019, pp. 255–260. Genç, 2018, No random, no ransom: a key to stop cryptographic ransomware, vol. 10885, 234 Shibahara, 2016, Efficient dynamic malware analysis based on network behavior using deep learning, 1 Kolosnjaji, 2016, Deep learning for classification of malware system call sequences, 137 Raff, 2018, An investigation of byte n-gram features for malware classification, J. Comput. Virol. Hacking Tech., 14, 1, 10.1007/s11416-016-0283-1 Anderson, 2018 https://arxiv.org/abs/1804.04637. https://www.unb.ca/cic/datasets/. https://www.sonicwall.com/2022-cyber-threat-report/sonicwall-cyber-threat-report-thank-you/. Saxe, 2015, Deep neural network based malware detection using two dimensional binary program features, 11 TaeGuen Kim, BooJoong Kang, Mina Rho, Sakir Sezer, Eul Gyu Im, A multimodal deep learning method for android malware detection using various features, IEEE Trans. Inf. Forensics Secur. http://dx.doi.org/10.1109/TIFS.2018.2866319. Fang, 2019, 48867 Damodaran, 2017, A comparison of static, dynamic, and hybrid analysis for malware detection, J. Comput. Virol. Hacking Tech., 13, 1, 10.1007/s11416-015-0261-z Zhong, 2019, A multi-level deep learning system for malware detection, Expert Syst. Appl., 133, 151, 10.1016/j.eswa.2019.04.064 Vinayakumar, 2019, Robust intelligent Malware detectionusing deep learning, IEEE Trans., 7, 46717 Alazab, 2011, Zero-day malware detection based on supervised learning algorithms of API call signatures, 171 Azmoodeh, 2018, Robust malware detection for internet of (battlefield) things devices using deep eigenspace learning, IEEE Trans. Sustain. Comput. Nataraj, 2015 Nataraj, 2016 Nataraj, 2013, Sarvam: Search and retrieval of malware, 1 L. Nataraj, V. Yegneswaran, P. Porras, J. Zhang, A comparative assessment of malware classification using binary texture analysis and dynamic analysis, in: Proc. 4th ACM Workshop Secur. Artif. Intell., ACM, New York, NY, USA, pp. 21–30. Nataraj, 2010 Farrokhmanesh, 2016, A novel method for malware detection using audio signal processing techniques, 85 Kirat, 2013, SigMal: A static signal processing based malware triage, 89 Yongkang Jiang, Shenghong Li, Yue Wu(B), Futai Zou, A Novel Image-Based Malware Classification Model Using Deep Learning, in: 26th International Conference, ICONIP 2019 Sydney, NSW, Australia, December 12–15, 2019 Proceedings, Part II. Gibert, 2017, Convolutional neural networks for classification of malware assembly code, 221 Gibert, 2018, An end-to-end deep learning architecture for classification of malware’s binary content, 383 Kosmidis, 2017 Gibert, 2018, Using convolutional neural networks for classification of malware represented as images, J. Comput. Virol. Hacking Tech. Gibert, 2018, Classification of malware by using structural entropy on convolutional neural networks, 7759 Dib, 2021, A multi-dimensional deep learning framework for IoT malware classification and family attribution, IEEE Trans. Netw. Serv. Manag., 18, 1165, 10.1109/TNSM.2021.3075315 Dahl, 2013, Large-scale malware classification using random projections and neural networks, 3422 Yuan, 2014, Droid sec: Deep learning in Android malware detection, ACM SIGCOMM Comput. Commun. Rev., 44, 371, 10.1145/2740070.2631434 Bengio, 2009, Learning deep architectures for AL, Found. Trends Mach. Learn., 2, 1, 10.1561/2200000006 LeCun, 1995, Convolutional networks for images, speech, and time series, Handb. Brain Theory Neural Netw., 3361, 1995 Krizhevsky, 2012, Imagenet classification with deep convolutional neural networks, 1097e1105 Le, 2018, Deep learning at the shallow end: Malware classification for non-domain experts, Digit. Investig., 26, S118eS126, 10.1016/j.diin.2018.04.024 Hochreiter, 1997, Long short-term memory, Neural Comput., 9, 1735e1780, 10.1162/neco.1997.9.8.1735 Athiwaratkun, 2017, Malware classification with lstm and gru language models and a character-level CNN, 2482 Yin, 2017, A deep learning approach for intrusion detection using recurrent neural networks, IEEE Access, 12, 21954, 10.1109/ACCESS.2017.2762418 Strelkov, 2008, A new similarity measure for histogram comparison and its application in time series analysis, Pattern Recognit. Lett., 29, 1768, 10.1016/j.patrec.2008.05.002 Kang, 2011, Fast malware family detection method using control flow graphs, 287 Gonzalez, 2013, Malware classification using euclidean distance and artificial neural networks, 103 Annachhatre, 2015, Hidden Markov models for malware classification, J. Comput. Virol. Hacking Tech., 11, 59, 10.1007/s11416-014-0215-x Han, 2015, Malware analysis using visualized images and entropy graphs, Int. J. Inf. Secur., 14, 1, 10.1007/s10207-014-0242-0 Alani, 2022, PAIRED: An explainable lightweight android malware detection system, IEEE Access, 10, 73214, 10.1109/ACCESS.2022.3189645 Rieck, 2011, Automatic analysis of malware behavior using machine learning, J. Comput. Secur., 19, 639, 10.3233/JCS-2010-0410 Rasthofer, 2014, A machine-learning approach for classifying and categorizing android sources and sinks, 23 Schwenk, 2011, Adaptive detection of covert communication in HTTP requests, 25 Nissim, 2018, Trusted system-calls analysis methodology aimed at detection of compromised virtual machines using sequential mining, Knowl.-Based Syst., 153, 147, 10.1016/j.knosys.2018.04.033 Hospodar, 2011, Machine learning in side-channel analysis: A first study, J. Cryptogr. Eng., 1, 293, 10.1007/s13389-011-0023-x Demme, 2013, On the feasibility of online malware detection with performance counters, ACM SIGARCH Comput. Archit. News, 41, 559, 10.1145/2508148.2485970 Nazari, 2017, EDDIE: EM-based detection of deviations in program execution, 333 Nguyen, 2022, An advanced computing approach for IoT-botnet detection in industrial internet of things, IEEE Trans. Ind. Inform., 18, 8298, 10.1109/TII.2022.3152814 Husainiamer, 2020, Classification for iOS mobile malware inspired by phylogenetic: Proof of concept, 59 Jeon, 2020, Dynamic analysis for IoT malware detection with convolution neural network model, IEEE Access, 8, 96899, 10.1109/ACCESS.2020.2995887 Pekta, 2017, Classification of malware families based on runtime behaviors, J. Inf. Secur. Appl., 37, 91 2018, Microft: Sam cybersecurity engagement kit, Internet Ye, 2017, A survey on Malware detection using data mining techniques, ACM Comput. Surv., 50, 41 Nataraj, 2011, Malware images: Visualization and automatic classification, 4 Yan, 2018, Detecting malware with an ensemble method based on deep neural network, Secur. Commun. Netw., 16 Kebede, 2017, Classification of malware programs using autoencoders based deep learning architecture and its application to the Microsoft Malware classification challenge (big 2015) dataset, 70 Kim, 2018, Image-based malware classification using convolutional neural network, vol. 474, 1352 Garcia, 2016, Random forest for malware classification, Cryptogr. Secur. Raff, 2017, An alternative to NCD for large sequences, Lempel–Ziv Jaccard distance, 1007 Drew, 2017, Polymorphic malware detection using sequence classification methods and ensembles, EURASIP J. Inf. Secur., 2 2011 Ciobanu, 2019, A data life cycle modeling proposal by means of formal methods, 670 Fasano, 2019, Energy consumption metrics for mobile device dynamic malware detection, Procedia Comput. Sci., 159, 1045, 10.1016/j.procs.2019.09.273 Martinelli, 2019, Social network polluting contents detection through deep learning techniques, 1 Xiao, 2019, Android malware detection based on system call sequences andLSTM, Multimedia Tools Appl., 78, 3979, 10.1007/s11042-017-5104-0 Rastogi, 2014, Catch me if you can: evaluating android anti-malware against transformation attacks, IEEE Trans. Inf. Forensics Secur., 9, 99, 10.1109/TIFS.2013.2290431 Jiang, 2012, Dissecting android malware: characterization and evolution, 95 Canfora, 2018, Leila: formal tool for identifying mobile malicious behaviour, IEEE Trans. Softw. Eng., 45, 1230, 10.1109/TSE.2018.2834344 2015 2018 Fasano, 2019, Investigating mobile applications quality in official and third-party marketplaces, 169 Fasano, 2018, Measuring mobile applications quality and security in higher education, 5319 Scalas, 2019, On the effectiveness of system API-related information for android ransomware detection, Comput. Secur., 86, 168, 10.1016/j.cose.2019.06.004 2018 2018 Martinelli, 2018, Evaluating model checking for cyber threats code obfuscation identification, J. Parallel Distrib. Comput., 119, 203, 10.1016/j.jpdc.2018.04.008 Oberheide, 2012, Dissecting the android bouncer Mercaldo, 2016, Ransomware inside out, 628 Mercaldo, 2016, Hey malware, i can find you!, 261 Petsas, 2014, Rage against the virtual machine: hindering dynamic analysis of android malware, 5 Razgallah, 2021, A survey of malware detection in Android apps: Recommendations and perspectives for future research, Comp. Sci. Rev., 39, 10.1016/j.cosrev.2020.100358 Garg, 2021, Comparative analysis of android and iOS from security viewpoint, Comp. Sci. Rev., 40, 10.1016/j.cosrev.2021.100372 Canfora, 2013, A classifier of malicious android applications Cimitile, 2017, Talos: no more ransomware victims with formal methods, Int. J. Inf. Secur., 17, 1 Canfora, 2015, Obfuscation techniques against signature-based detection: a case study, 21 Mercaldo, 2016, Ransomware steals your phone. formal methods rescue it, 212 Octeau, 2013, Effective inter-component communication mapping in android: an essential step towards holistic security analysis, 543 Arzt, 2014, Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps, ACM SIGPLAN Not., 49, 259, 10.1145/2666356.2594299 Lindorfer, 2015, Marvin: Efficient and comprehensive mobile app classification through static and dynamic analysis, 422 Faiella, 2017, A distributed framework for collaborative and dynamic analysis of android malware, 321 Martinelli, 2017, Bridemaid: An hybrid tool for accurate detection of android malware, 899 Shabtai, 2012, Andromaly : a behavioral malware detection framework for android devices, J. Intell. Inf. Syst., 38, 161, 10.1007/s10844-010-0148-x Blasing, 2010, An android application sandbox system for suspicious software detection Dixon, 2011, Location based power analysis to detect malicious code in smartphones Polino, 2015, Jackdaw: Towards automatic reverse engineering of large datasets of binaries, 121 Enck, 2014, Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones, ACM Trans. Comput. Syst. (TOCS), 32, 5, 10.1145/2619091 Shabtai, 2010, Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method, J. Syst. Softw., 83, 1524, 10.1016/j.jss.2010.03.046 Zhou, 2012, Hey, you, get off of my market: detecting malicious apps in official and alternative android markets C. Zheng, S. Zhu, S. Dai, G. Gu, X. Gong, X. Han, W. Zou, Smartdroid: an automatic system for revealing UI-based trigger conditions in android applications, in: Proceedings of the 2nd ACMWorkshop on Security and Privacy in Smartphones and Mobile Devices, SPSM, New York, NY, USA, 2012, pp. 93–104. Lindorfer, 2014, Andrubis-1, 000, 000 apps later: a view on current android malware behaviors Spreitzenbarth, 2014, Mobilesandbox: combining static and dynamic analysis with machine-learning techniques, Int. J. Inf. Secur., 14, 141, 10.1007/s10207-014-0250-0 Ferrante, 2016, Spotting the malicious moment: Characterizing malware behavior using dynamic features, 372 Hashemi, 2019, Visual malware detection using local malicious pattern, J. Comput. Virol. Hacking Tech., 15, 1, 10.1007/s11416-018-0314-1 Farrokhmanesh, 2019, Music classification as a new approach for malware detection, J. Comput. Virol. Hacking Tech., 15, 77, 10.1007/s11416-018-0321-2 Rathore, 2021, Towards robust android malware detection models using adversarial learning, 424 Surendran, 2021, On existence of common malicious system call codes in android malware families, IEEE Trans. Reliab., 70, 248, 10.1109/TR.2020.2982537 Y. Hei, et al. Hawk: Rapid android malware detection through heterogeneous graph attention networks, IEEE Trans. Neural Netw. Learn. Syst. http://dx.doi.org/10.1109/TNNLS.2021.3105617. Bai, 2020, FAMD: A fast multifeature android malware detection framework, design, and implementation, IEEE Access, 8, 194729, 10.1109/ACCESS.2020.3033026 Gao, 2021, GDroid: Android malware detection and classification with graph convolutional network, Comput. Secur., 106, 10.1016/j.cose.2021.102264 Sasidharan, 2021, ProDroid — An android malware detection framework based on profile hidden Markov model, Pervasive Mob. Comput., 72, 10.1016/j.pmcj.2021.101336 Xu, 2022, SDAC: A slow-aging solution for android malware detection using semantic distance based API clustering, IEEE Trans. Dependable Secure Comput., 19, 1149 Yang, 2022, An android malware detection and classification approach based on contrastive learning, Comput. Secur., 123, 10.1016/j.cose.2022.102915 Seraj, 2022, HamDroid: permission-based harmful android anti-malware detection using neural networks, Neural Comput. Appl., 34, 15165, 10.1007/s00521-021-06755-4 Zhu, 2023, Android malware detection based on multi-head squeeze-and-excitation residual network, Expert Syst. Appl., 212, 10.1016/j.eswa.2022.118705 Williams, 2020 Khandelwal, 2019 Khandelwal, 2019 Damopoulos, 2011, iSAM: an iPhone stealth airborne malware, 17 Garcıa, 2016, Apeek under the hood of iOSmalware Cimitile, 2017, Machine learning meets iOS malware: Identifying malicious applications on apple environment, 487 Szydlowski, 2012, Challenges for dynamic analysis of iOS applications, 65 Lindorfer, 2013, Take a bite-finding the worm in the apple, 1 Pajouh, 2018, Intelligent OS X malware threat detection with code inspection, J. Comput. Virol. Hacking Tech., 14, 213, 10.1007/s11416-017-0307-5 Bojjagani, 2017, VAPTAi: A threat model for vulnerability assessment and penetration testing of android and iOS mobile banking apps, 77 Zhou, 2019, ChanDet: Detection model for potential channel of iOS applications, J. Phys. Conf. Ser., 1187, 10.1088/1742-6596/1187/4/042045 Lee, 2021, Understanding illicit UI in iOS apps through hidden UI analysis, IEEE Trans. Dependable Secure Comput., 18, 2390 Nissim, 2014, Novel active learning methods for enhanced PC malware detection in windows OS, Expert Syst. Appl., 41, 5843, 10.1016/j.eswa.2014.02.053 Shijo, 2015, Integrated static and dynamic analysis for malware detection, Procedia Comput. Sci., 46, 804, 10.1016/j.procs.2015.02.149 Satrya, 2015, The detection of 8 type malware botnet using hybrid malware analysis in executable file windows operating systems, 5 Mithal, 2016, Case studies on intelligent approaches for static malware analysis, 555 Alsulami, 2017, Lightweight behavioral malware detection for windows platforms, 75 Huda, 2018, A hybrid-multi filter-wrapper framework to identify run-time behaviour for fast malware detection, Future Gener. Comput. Syst., 83, 193, 10.1016/j.future.2017.12.037 Kim, 2008, Detecting energy-greedy anomalies and mobile malware variants Dija, 2020, Cyber forensics: Discovering traces of malware on windows systems, 141 R. Yang, et al. RATScope: Recording and reconstructing missing RAT semantic behaviors for forensic analysis on windows, IEEE Trans. Dependable Secure Comput. http://dx.doi.org/10.1109/TDSC.2020.3032570. Yousefi, 2020, An efficient route planning model for mobile agents on the internet of things using Markov decision process, Ad Hoc Netw., 98, 10.1016/j.adhoc.2019.102053 Al-Asli, 2019, Review of signature-based techniques in antivirus products, 1 Pajouh, 2019, A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks, IEEE Trans. Emerg. Top. Comput., 7, 314, 10.1109/TETC.2016.2633228 Sharmeen, 2018, Malware threats and detection for industrial mobile-IoT networks, IEEE Access, 6, 15941, 10.1109/ACCESS.2018.2815660 Lohachab, 2018, Critical analysis of ddos-an emerging security threat over IoT networks, J. Commun. Inf. Netw., 3, 57, 10.1007/s41650-018-0022-5 J. Su, V. Danilo Vasconcellos, S. Prasad, S. Daniele, Y. Feng, K. Sakurai, Lightweight classification of IoT malware based on image recognition, in: 2018 IEEE 42nd Annual Computer Software and Applications Conference, COMPSAC, Tokyo, 2018, pp. 664–669. Papafotikas, 2019, A machine-learning clustering approach for intrusion detection to IoT devices, 1 Xiao, 2018, IoT security techniques based on machine learning: how do IoT devices use AI to enhance security?, IEEE Signal Process. Mag., 35, 41, 10.1109/MSP.2018.2825478 Lee, 2020, Cross platform IoT-malware family classification based on printable strings, 775 Dinakarrao, 2020, Cognitive and scalable technique for securing IoT networks against malware epidemics, IEEE Access, 8, 138508, 10.1109/ACCESS.2020.3011919 M.N. Aman, U. Javaid, B. Sikdar, IoT-Proctor: A secure and lightweight device patching framework for mitigating malware spread in IoT networks, IEEE Syst. J. http://dx.doi.org/10.1109/JSYST.2021.3070404. Trajanovski, 2021, An automated and comprehensive framework for IoT botnet detection and analysis (IoT-BDA), IEEE Access, 9, 124360, 10.1109/ACCESS.2021.3110188 Bhayo, 2022, A time-efficient approach toward ddos attack detection in IoT network using SDN, IEEE Internet Things J., 9, 3612, 10.1109/JIOT.2021.3098029 Kalakoti, 2022, In-depth feature selection for the statistical machine learning-based botnet detection in IoT networks, IEEE Access, 10, 94518, 10.1109/ACCESS.2022.3204001 Azmoodeh, 2018, Detecting crypto-ransomware in IoT networks based on energy consumption footprint, J. Ambient Intell. Humaniz. Comput., 9, 1141, 10.1007/s12652-017-0558-5 I. Ghafira, et al. Detection of advanced persistent threat using machine-learning correlation analysis, 89 (2018) 349–359. Liu, 2013, A novel search engine to uncover potential victims for APT investigations, vol. 8147, 405 Balduzzi, 2013, Targeted attacks detection with spunge, 185 Ma, 2019, Discovering suspicious APT families through a large-scale domain graph in information-centric IoT, IEEE Access, 7, 13917, 10.1109/ACCESS.2019.2894509 X. Liu, L. Li, Z. Ma, X. Lin, J. Cao, Design of APT Attack Defence System Based on Dynamic Deception, in: 2019 IEEE 5th International Conference on Computer and Communications, ICCC, Chengdu, China, 2019, pp. 1655–1659. H. Sun, C. Shen, C. Weng, A Flexible Framework for Malicious Open XML Document Detection based on APT Attacks, in: IEEE INFOCOM 2019 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Paris, France, 2019, pp. 2005–2006. Coulter, 2020, Unmasking windows advanced persistent threat execution, 268 Su, 2020, Research on APT attack based on game model, 295 Alghamdi, 2020, Practical implementation of APTs on PTP time synchronisation networks, 1 Qi, 2020, An APT attack analysis framework based on self-define rules and mapreduce, 61 Hong, 2021, APT attack response system through AM-HIDS, 271 Yang, 2021, Defence against advanced persistent threat through data backup and recovery, IEEE Trans. Netw. Sci. Eng., 8, 2001, 10.1109/TNSE.2020.3040247 Halabi, 2021, Protecting the internet of vehicles against advanced persistent threats: A Bayesian stackelberg game, IEEE Trans. Reliab., 70, 970, 10.1109/TR.2020.3046688 Al-Saraireh, 2022, A novel approach for detecting advanced persistent threats, Egypt. Inform. J., 10.1016/j.eij.2022.06.005 Scaife, 2016, CryptoLock (and drop it): stopping ransomware attacks on user data Dargahi, 2019, A cyber-kill-chain based taxonomy of crypto-ransomware features, J. Comput. Virol. Hacking Tech., 15, 277, 10.1007/s11416-019-00338-7 Kharraz, 2018, Protecting against ransomware: a new line of research or restating classic ideas?, IEEE Secur. Priv., 16, 103, 10.1109/MSP.2018.2701165 Kharaz, 2016, UNVEIL: a largescale, automated approach to detecting ransomware, 757 Gomez-Hernandez, 2018, R-Locker: thwarting ransomware action through a honeyfile-based approach, Comput. Secur., 73, 389, 10.1016/j.cose.2017.11.019 Al-rimy, 2018, Zero-day aware decision fusion-based model for crypto-ransomware early detection, Int. J. Integr. Eng., 10, 82, 10.30880/ijie.2018.10.06.011 Honda, 2018, Ransomware detection considering user’s document editing Jung, 2018, Ransomware detection method based on context-aware entropy analysis, Soft Comput., 22, 6731, 10.1007/s00500-018-3257-z Mehnaz, 2018, Rwguard: a real-time detection system against cryptographic ransomware, vol. 11050, 114 Continella, 2016, ShieldFS: a self-healing, ransomware-aware filesystem, 336 G. Bottazzi, G.F. Italiano, D. Spera, Preventing ransomware attacks through file system filter drivers, in: Second Italian Conference on Cyber Security, Milan, Italy, 2018. Morato, 2018, Ransomware early detection by the analysis of file sharing traffic, J. Netw. Comput. Appl., 124, 14, 10.1016/j.jnca.2018.09.013 Cabaj, 2018, Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics, Comput. Electr. Eng., 66, 353, 10.1016/j.compeleceng.2017.10.012 Cabaj, 2016, Using software-defined networking for ransomware mitigation: the case of cryptowall, IEEE Netw., 30, 14, 10.1109/MNET.2016.1600110NM Netto, 2018, An integrated approach for detecting ransomware using static and dynamic analysis Alhawi, 2018, Leveraging machine learning techniques for windows ransomware network traffic detection, vol. 70, 93 Paik, 2018, A storage-level detection mechanism against crypto-ransomware Baek, 2018, SSD-insider: internal defence of the solid-state drive against ransomware with perfect data recovery Harikrishnan, 2018, Detecting ransomware using GURLS Ferrante, 2018, Extinguishing ransomware - a hybrid approach to android ransomware detection, vol. 10723, 242 Scalas, 2018 Song, 2016, The effective ransomware prevention technique using process monitoring on Android platform, Mob. Inf. Syst., 2016, 1 Baldwin, 2018, Leveraging support vector machine for opcode density based detection of crypto-ransomware, vol. 70, 107 Adamov, 2020, Reinforcement learning for anti-ransomware testing, 1 Homayoun, 2020, Know abnormal, find evil: Frequent pattern mining for ransomware threat hunting and intelligence, IEEE Trans. Emerg. Top. Comput., 8, 341, 10.1109/TETC.2017.2756908 Urooj, 2021, A proposed adaptive pre-encryption crypto-ransomware early detection model, 1 D. Min, Y. Ko, R. Walker, J. Lee, Y. Kim, A content-based ransomware detection and backup solid-state drive for ransomware defence, IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. http://dx.doi.org/10.1109/TCAD.2021.3099084. Khan, 2020, A digital DNA sequencing engine for ransomware detection using machine learning, IEEE Access, 8, 119710, 10.1109/ACCESS.2020.3003785 Sibi Chakkaravarthy, 2020, Design of intrusion detection honeypot using social leopard algorithm to detect IoT ransomware attacks, IEEE Access, 8, 169944, 10.1109/ACCESS.2020.3023764 Wazid, 2022, BSFR-SH: Blockchain-enabled security framework against ransomware attacks for smart healthcare, IEEE Trans. Consum. Electron. Almashhadani, 2022, MFMCNS: a multi-feature and multi-classifier network-based system for ransomworm detection, Comput. Secur., 121, 10.1016/j.cose.2022.102860 Berrueta, 2022, Crypto-ransomware detection using machine learning models in file-sharing network scenarios with encrypted traffic, Expert Syst. Appl., 209, 10.1016/j.eswa.2022.118299 Keshavarzi, 2023, An ontology-driven framework for knowledge representation of digital extortion attacks, Comput. Hum. Behav., 139, 10.1016/j.chb.2022.107520 Liu, 2017, Automatic malware detection using deep learning based on static analysis, 500 Tang, 2013 Grosse, 2016 Kolosnjaji, 2018, Adversarial malware binaries: Evading deep learning for malware detection in executables Prasse, 2017, Malware detection by analysing encrypted network traffic with neural networks, 73 AL-Hawawreh, 2018, Identification of malicious activities in industrial internet of things based on deep learning models, J. Inf. Secur. Appl., 41, 1 Kumar, 2019, Malware classification using early-stage behavioral analysis, 16 Rhode, 2019, Lab to soc: robust features for dynamic malware detection, 13 Huang, 2021, A method for windows malware detection based on deep learning, J. Signal Process. Syst., 93, 265, 10.1007/s11265-020-01588-1 Tobiyama, 2016, Malware detection with deep neural network using process behavior, 577e582 Ronen, 2018, Microsoft Malware classification challenge, Cryptogr. Secur. Mikolov, 2013, Distributed representations of words and phrases and their compositionality, 3111 Mercaldo, 2020, Deep learning for image-based mobile malware detection, J. Comput. Virol. Hacking Tech., 10.1007/s11416-019-00346-7 Bakour, 2020, VisDroid: Android malware classification based on local and global image features, a bag of visual words and machine learning techniques, Neural Comput. Appl. Almomani, 2022, An automated vision-based deep learning model for efficient detection of android malware attacks, IEEE Access, 10, 2700, 10.1109/ACCESS.2022.3140341 B. Yuan, J. Wang, P. Wu, X. Qing, IoT Malware classification based on lightweight convolutional neural networks, IEEE Internet Things J. http://dx.doi.org/10.1109/JIOT.2021.3100063. Q. Li, J. Mi, W. Li, J. Wang, M. Cheng, CNN-based malware variants detection method for internet of things, IEEE Internet Things J. http://dx.doi.org/10.1109/JIOT.2021.3075694. https://gs.statcounter.com/osmarketshare/mobile/worldwide. Wei, 2014, Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps, 1329 Yuan, 2016, Droiddetector: android malware characterization and detection using deep learning, Tsinghua Sci. Technol., 21, 114, 10.1109/TST.2016.7399288 Feng, 2021, A performance-sensitive malware detection system using deep learning on mobile devices, IEEE Trans. Inf. Forensics Secur., 16, 1563, 10.1109/TIFS.2020.3025436 Haq, 2021, A dynamic robust DL-based model for android malware detection, IEEE Access, 9, 74510, 10.1109/ACCESS.2021.3079370 Kim, 2022, Efficient deep learning network with multi-streams for android malware family classification, IEEE Access, 10, 5518, 10.1109/ACCESS.2021.3139334 Namrud, 2022, Deep-layer clustering to identify permission usage patterns of android app categories, IEEE Access, 10, 24240, 10.1109/ACCESS.2022.3156083 Kabakus, 2022, DroidMalwareDetector: A novel android malware detection framework based on convolutional neural network, Expert Syst. Appl., 206, 10.1016/j.eswa.2022.117833 Mahindru, 2022, SOMDROID: android malware detection by artificial neural network trained using unsupervised learning, Evol. Intell., 15, 10.1007/s12065-020-00518-1 Tang, 2022, Android malware obfuscation variants detection method based on multi-granularity opcode features, Future Gener. Comput. Syst., 129, 141, 10.1016/j.future.2021.11.005 Xu, 2018, HADM: Hybrid analysis for detection of malware, vol. 16 Anderson, 2011, Graph-based malware detection using dynamic analysis, J. Comput. Virol., 7, 247, 10.1007/s11416-011-0152-x S.L. SD, C.D. J, Windows malware detector using convolutional neural network based on visualization images, IEEE Trans. Emerg. Top. Comput. Huang, 2020, A method for windows malware detection based on deep learning, J. Signal Process. Syst. Aslam, 2021, Optimizing features for malware-benign clustering using windows portable executables, 28 Sharma, 2022, Windows and IoT malware visualization and classification with deep CNN and Xception CNN using Markov images, J. Intell. Inf. Syst., 10.1007/s10844-022-00734-4 Rizvi, 2022, PROUD-MAL: static analysis-based progressive framework for deep unsupervised malware classification of windows portable executable, Complex Intell. Syst., 8, 673, 10.1007/s40747-021-00560-1 Petrov, 2019 Columbus, 2018 Sakhnini, 2019, Security aspects of internet of things aided smart grids: a bibliometric survey, Internet Things Binti Mohamad Noor, 2019, Current research on internet of things (IoT) security: a survey, Comput. Netw., 148, 283, 10.1016/j.comnet.2018.11.025 Nguyen, 2018, Comparison of three deep learning-based approaches for IoT malware detection, 382 Ham, 2014, Linear SVM-based android malware detection for reliable IoT services, J. Appl. Math., 2014, 10.1155/2014/594501 Kumar, 2019, A multimodal malware detection technique for android IoT devices using various features, IEEE Access, 7, 64411, 10.1109/ACCESS.2019.2916886 Markel, 2015, Building a machine learning classifier for malware detection Taheri, 2021, Fed-IIoT: A robust federated malware detection architecture in industrial IoT, IEEE Trans. Ind. Inform., 17, 8442, 10.1109/TII.2020.3043458 Panda, 2021, Developing an efficient feature engineering and machine learning model for detecting IoT-botnet cyber attacks, IEEE Access, 9, 91038, 10.1109/ACCESS.2021.3092054 Khowaja, 2021, Q-learning and LSTM based deep active learning strategy for malware defence in industrial IoT applications, Multimed. Tools Appl., 80, 14637, 10.1007/s11042-020-10371-0 Nagaraju, 2022, Attack prevention in IoT through hybrid optimization mechanism and deep learning framework, Measurement: Sensors, 24, 10.1016/j.measen.2022.100431 Chaganti, 2022, Deep learning based cross architecture internet of things malware detection and classification, Comput. Secur., 120, 10.1016/j.cose.2022.102779 Smmarwar, 2022, Deep malware detection framework for IoT-based smart agriculture, Comput. Electr. Eng., 104 Hinton, 2009, Deep belief networks, Scholarpedia, 4, 5947, 10.4249/scholarpedia.5947 Joloudari, 2020, Early detection of the advanced persistent threat attack using performance analysis of deep learning, IEEE Access, 8, 186125, 10.1109/ACCESS.2020.3029202 Mohamed, 2021, SBI model for the detection of advanced persistent threat based on strange behavior of using credential dumping technique, IEEE Access, 9, 42919, 10.1109/ACCESS.2021.3066289 Alrehaili, 2022, A hybrid deep learning approach for advanced persistent threat attack detection, 78 Do Xuan, 2021, A novel approach for APT attack detection based on combined deep learning model, Neural Comput. Appl., 33, 13251, 10.1007/s00521-021-05952-5 Li, 2022, Explainable intelligence-driven defence mechanism against advanced persistent threats: A joint edge game and AI approach, IEEE Trans. Dependable Secure Comput., 19, 757 Do Xuan, 2022, A new approach for APT malware detection based on deep graph network for endpoint systems, Appl. Intell., 52, 14005, 10.1007/s10489-021-03138-z Homayoun, 2019, DRTHIS: deep ransomware threat hunting and intelligence system at the fog layer, Future Gener. Comput. Syst., 90, 94, 10.1016/j.future.2018.07.045 Al-Hawawreh, 2021, Asynchronous peer-to-peer federated capability-based targeted ransomware detection model for industrial IoT, IEEE Access, 9, 148738, 10.1109/ACCESS.2021.3124634 Zhang, 2022, Dual generative adversarial networks based unknown encryption ransomware attack detection, IEEE Access, 10, 900, 10.1109/ACCESS.2021.3128024