Springer Science and Business Media LLC

The development of cryptocurrency has led to an increase in a type of malware called ransomware. Ransomware is a family of malware that uses malicious techniques to prevent users from accessing their systems or data. Ransomware threatens all industries, from health and hospitals to banks, training centers, and manufacturers of goods. Therefore, early ransomware detection is critical. Most researchers try to identify ransomware by examining the behavior of the software at runtime. Therefore, these approaches are costly and require resources to run every software. In this paper, ransomware detection is conducted without running the software and without any special pre-processing, only using the headers of the executable file. In the proposed approach, a graph is created using the headers of executable files (specifically portable executable files) and then the graph is mapped in an eigenspace using the “Power Iteration” method. This mapping converts an executable file to a feature vector, which is eventually used to train a Random Forest classifier. Acceptable computational complexity in large datasets compared to previous methods and high detection rates are the main advantages of the proposed method.

Since integrity of data on cloud cannot be assured, several clients and users hesitate to upload their crucial data to the cloud, which eventually hinders cloud storage development. One of the biggest challenges with respect to cloud security is to ensure data confidentiality and one of the solutions to this issue can be by restricting unauthorized access to user data stored on cloud. In due course of time much research has been proposed using cryptographic techniques along with access control model(s) to deal with security issues pertaining to untrusted cloud environments. This work illustrates Role-Based access control policies over user data and permits the owner of the data to store it in an encrypted pattern to the cloud, thereby, allowing only permissible roles to access the data. Hence, the proposed work is an amalgamation of Role-Based Encryption (RBE) scheme using Identity and Broadcast based Encryption scheme to ensure data integrity in public clouds. In this paper we discuss the usage of several algorithmic modules that demonstrates how roles are governed by the membership rights, user revocation, encryption and decryption processes. Finally, the proposed model is compared with its peers on the basis of encryption and decryption time.

Malware is any type of computer program which is developed to harm computers, networks, and information. Noticeable growth of malware development has made computer and network security a significant and challenging area in recent years. There is an intensive competition between malwares and antiviruses. Malware authors make every effort to develop new harmful codes using various programming tricks and exploits which are unseen for detection techniques. On the other hand, antivirus developers upgrade their methods and algorithms to recognize unknown malware. Therefore, an accurate and rapid detection method is an irrefutable demand in computer security area. This paper proposes a new malware detection method based on the OpCodes within an executable file. Proposed method generates a graph of operational codes (OpCode) within an executable file and then embeds this graph into eigenspace using “Power Iteration” method. This will help us represent an executable file as a linear combination of eigenvectors proportionate to their eigenvalues, which is beneficial to train machine learning classifiers such as k-nearest neighbor (KNN) and support vector machine (SVM). The main advantages of our proposed method are high detection rate despite utilizing simple classifiers like KNN, acceptable computational complexity even in large scale datasets against rival methods, and low false positive rate.

In this work, we present a graph-based method for the detection and classification of malicious software samples utilizing the Max-Flows exhibited through their corresponding behavioral graphs. In the proposed approach, we utilize the Max-Flows exhibited in the behavioral graphs that represent the interaction of software samples with their host environment, in order to depict the flow of information between System-call Groups. Obtaining the System-call Dependency Graphs of the samples under consideration, we construct the corresponding Group Relation Graphs, and proceed with the construction of the so-called, Flow Maps, another representation of Group Relation Graphs, that depict the Max-Flows among its vertices. Additionally, we provide a detailed representation over the architecture and the core components of our proposed approach for malware detection and classification discussing also several technical aspects regarding its implementation and deployment. Finally, we conduct a series of five-fold cross validation experiments in order to evaluate the potentials of our proposed approach in detecting and classifying malicious samples discussing also the exhibited experimental results.

Detecting zero-day malware in Windows PE files using dynamic analysis techniques has proven to be far more effective than traditional signature-based methods. One specific approach that has emerged in recent years is the use of graphs to represent executable behavior, which can be subsequently used to learn patterns. However, many current graph representations omit key parameter information, meaning that the behavioral impact of variable changes cannot be reliably understood. To combat these shortcomings, we present a new method for malware detection by applying a graph attention network on multi-edge directional heterogeneous graphs constructed from API calls. The experiments show the TPR and FPR scores demonstrated by our model, achieve better performance than those from other related works.

Hầu hết các ứng dụng trên điện thoại thông minh Android đều miễn phí, điều này dẫn đến việc hiển thị quảng cáo khi ứng dụng được sử dụng để tạo doanh thu. Hàng tỷ đô la bị mất hàng năm do phần mềm quảng cáo thực hiện gian lận quảng cáo. Trong nghiên cứu này, chúng tôi đề xuất và phân tích một phương pháp dựa trên học máy để phát hiện phần mềm quảng cáo trên Android dựa trên các đặc điểm tĩnh và động. Chúng tôi thu thập các đặc điểm tĩnh từ tệp manifest, trong khi các đặc điểm động được lấy từ lưu lượng mạng. Sử dụng các đặc điểm này, chúng tôi phân loại các ứng dụng Android thành phần mềm quảng cáo hoặc không và phân loại thêm từng mẫu phần mềm quảng cáo vào một gia đình cụ thể. Chúng tôi áp dụng nhiều kỹ thuật học máy khác nhau, bao gồm mạng nơ-ron, rừng ngẫu nhiên, AdaBoost và máy vectơ hỗ trợ. Chúng tôi chứng minh rằng sự kết hợp của các đặc điểm tĩnh và động là hiệu quả nhất, và chúng tôi nhận thấy rằng, một cách trớ trêu, vấn đề phân loại phần mềm quảng cáo đa lớp còn dễ hơn so với vấn đề phát hiện nhị phân.