* update 2023-12-05 06:16:47

arXiv_db/Malware/2023.md

@@ -13,6 +13,7 @@
 - [2023-09](#2023-09)
 - [2023-10](#2023-10)
 - [2023-11](#2023-11)
+- [2023-12](#2023-12)
 
 ## 2023-01
 
@@ -3382,3 +3383,42 @@
 
 </details>
 
+<details>
+
+<summary>2023-11-30 19:28:38 - DroidDissector: A Static and Dynamic Analysis Tool for Android Malware Detection</summary>
+
+- *Ali Muzaffar, Hani Ragab Hassen, Hind Zantout, Michael A Lones*
+
+- `2308.04170v3` - [abs](http://arxiv.org/abs/2308.04170v3) - [pdf](http://arxiv.org/pdf/2308.04170v3)
+
+> DroidDissector is an extraction tool for both static and dynamic features. The aim is to provide Android malware researchers and analysts with an integrated tool that can extract all of the most widely used features in Android malware detection from one location. The static analysis module extracts features from both the manifest file and the source code of the application to obtain a broad array of features that include permissions, API call graphs and opcodes. The dynamic analysis module runs on the latest version of Android and analyses the complete behaviour of an application by tracking the system calls used, network traffic generated, API calls used and log files produced by the application.
+
+</details>
+
+
+## 2023-12
+
+<details>
+
+<summary>2023-12-01 10:33:15 - MalDicom: A Memory Forensic Framework for Detecting Malicious Payload in DICOM Files</summary>
+
+- *Ayushi Mishra, Priyanka Bagade*
+
+- `2312.00483v1` - [abs](http://arxiv.org/abs/2312.00483v1) - [pdf](http://arxiv.org/pdf/2312.00483v1)
+
+> Digital Imaging and Communication System (DICOM) is widely used throughout the public health sector for portability in medical imaging. However, these DICOM files have vulnerabilities present in the preamble section. Successful exploitation of these vulnerabilities can allow attackers to embed executable codes in the 128-Byte preamble of DICOM files. Embedding the malicious executable will not interfere with the readability or functionality of DICOM imagery. However, it will affect the underline system silently upon viewing these files. This paper shows the infiltration of Windows malware executables into DICOM files. On viewing the files, the malicious DICOM will get executed and eventually infect the entire hospital network through the radiologist's workstation. The code injection process of executing malware in DICOM files affects the hospital networks and workstations' memory. Memory forensics for the infected radiologist's workstation is crucial as it can detect which malware disrupts the hospital environment, and future detection methods can be deployed. In this paper, we consider the machine learning (ML) algorithms to conduct memory forensics on three memory dump categories: Trojan, Spyware, and Ransomware, taken from the CIC-MalMem-2022 dataset. We obtain the highest accuracy of 75\% with the Random Forest model. For estimating the feature importance for ML model prediction, we leveraged the concept of Shapley values.
+
+</details>
+
+<details>
+
+<summary>2023-12-01 16:10:43 - Classification of cyber attacks on IoT and ubiquitous computing devices</summary>
+
+- *Monika Freunek, Alexandra Rombos*
+
+- `2312.00686v1` - [abs](http://arxiv.org/abs/2312.00686v1) - [pdf](http://arxiv.org/pdf/2312.00686v1)
+
+> As the Internet of Things (IoT) has become truly ubiquitous, so has the surrounding threat landscape. However, while the security of classical computing systems has significantly matured in the last decades, IoT cybersecurity is still typically low or fully neglected. This paper provides a classification of IoT malware. Major targets and used exploits for attacks are identified and referred to the specific malware. The lack of standard definitions of IoT devices and, therefore, security goals has been identified during this research as a profound barrier in advancing IoT cybersecurity. Furthermore, standardized reporting of IoT malware by trustworthy sources is required in the field. The majority of current IoT attacks continue to be of comparably low effort and level of sophistication and could be mitigated by existing technical measures.
+
+</details>
+