* update 2023-11-30 06:16:43

arXiv_db/Malware/2023.md

@@ -3204,6 +3204,18 @@
 
 <details>
 
+<summary>2023-11-05 18:16:53 - Ransomware Detection and Classification using Machine Learning</summary>
+
+- *Kavitha Kunku, ANK Zaman, Kaushik Roy*
+
+- `2311.16143v1` - [abs](http://arxiv.org/abs/2311.16143v1) - [pdf](http://arxiv.org/pdf/2311.16143v1)
+
+> Vicious assaults, malware, and various ransomware pose a cybersecurity threat, causing considerable damage to computer structures, servers, and mobile and web apps across various industries and businesses. These safety concerns are important and must be addressed immediately. Ransomware detection and classification are critical for guaranteeing rapid reaction and prevention. This study uses the XGBoost classifier and Random Forest (RF) algorithms to detect and classify ransomware attacks. This approach involves analyzing the behaviour of ransomware and extracting relevant features that can help distinguish between different ransomware families. The models are evaluated on a dataset of ransomware attacks and demonstrate their effectiveness in accurately detecting and classifying ransomware. The results show that the XGBoost classifier, Random Forest Classifiers, can effectively detect and classify different ransomware attacks with high accuracy, thereby providing a valuable tool for enhancing cybersecurity.
+
+</details>
+
+<details>
+
 <summary>2023-11-06 22:43:46 - Pinky: A Modern Malware-oriented Dynamic Information Retrieval Tool</summary>
 
 - *Paul Irofti*
@@ -3346,3 +3358,15 @@
 
 </details>
 
+<details>
+
+<summary>2023-11-27 23:25:00 - Mate! Are You Really Aware? An Explainability-Guided Testing Framework for Robustness of Malware Detectors</summary>
+
+- *Ruoxi Sun, Minhui Xue, Gareth Tyson, Tian Dong, Shaofeng Li, Shuo Wang, Haojin Zhu, Seyit Camtepe, Surya Nepal*
+
+- `2111.10085v4` - [abs](http://arxiv.org/abs/2111.10085v4) - [pdf](http://arxiv.org/pdf/2111.10085v4)
+
+> Numerous open-source and commercial malware detectors are available. However, their efficacy is threatened by new adversarial attacks, whereby malware attempts to evade detection, e.g., by performing feature-space manipulation. In this work, we propose an explainability-guided and model-agnostic testing framework for robustness of malware detectors when confronted with adversarial attacks. The framework introduces the concept of Accrued Malicious Magnitude (AMM) to identify which malware features could be manipulated to maximize the likelihood of evading detection. We then use this framework to test several state-of-the-art malware detectors' abilities to detect manipulated malware. We find that (i) commercial antivirus engines are vulnerable to AMM-guided test cases; (ii) the ability of a manipulated malware generated using one detector to evade detection by another detector (i.e., transferability) depends on the overlap of features with large AMM values between the different detectors; and (iii) AMM values effectively measure the fragility of features (i.e., capability of feature-space manipulation to flip the prediction results) and explain the robustness of malware detectors facing evasion attacks. Our findings shed light on the limitations of current malware detectors, as well as how they can be improved.
+
+</details>
+