* update 2025-01-09 06:20:17

arXiv_db/Malware/2024.md

@@ -4060,6 +4060,18 @@
 
 <details>
 
+<summary>2024-12-24 17:22:51 - Machine Learning and Deep Learning Techniques used in Cybersecurity and Digital Forensics: a Review</summary>
+
+- *Jaouhar Fattahi*
+
+- `2501.03250v1` - [abs](http://arxiv.org/abs/2501.03250v1) - [pdf](http://arxiv.org/pdf/2501.03250v1)
+
+> In the paced realms of cybersecurity and digital forensics machine learning (ML) and deep learning (DL) have emerged as game changing technologies that introduce methods to identify stop and analyze cyber risks. This review presents an overview of the ML and DL approaches used in these fields showcasing their advantages drawbacks and possibilities. It covers a range of AI techniques used in spotting intrusions in systems and classifying malware to prevent cybersecurity attacks, detect anomalies and enhance resilience. This study concludes by highlighting areas where further research is needed and suggesting ways to create transparent and scalable ML and DL solutions that are suited to the evolving landscape of cybersecurity and digital forensics.
+
+</details>
+
+<details>
+
 <summary>2024-12-24 17:50:01 - Can LLMs Obfuscate Code? A Systematic Analysis of Large Language Models into Assembly Code Obfuscation</summary>
 
 - *Seyedreza Mohseni, Seyedali Mohammadi, Deepa Tilwani, Yash Saxena, Gerald Ndawula, Sriram Vema, Edward Raff, Manas Gaur*

arXiv_db/Malware/2025.md

@@ -66,3 +66,39 @@
 
 </details>
 
+<details>
+
+<summary>2025-01-07 10:04:51 - Reinforcement Learning for an Efficient and Effective Malware Investigation during Cyber Incident Response</summary>
+
+- *Dipo Dunsin, Mohamed Chahine Ghanem, Karim Ouazzane, Vassil Vassilev*
+
+- `2408.01999v2` - [abs](http://arxiv.org/abs/2408.01999v2) - [pdf](http://arxiv.org/pdf/2408.01999v2)
+
+> This research focused on enhancing post-incident malware forensic investigation using reinforcement learning RL. We proposed an advanced MDP post incident malware forensics investigation model and framework to expedite post incident forensics. We then implement our RL Malware Investigation Model based on structured MDP within the proposed framework. To identify malware artefacts, the RL agent acquires and examines forensics evidence files, iteratively improving its capabilities using Q Table and temporal difference learning. The Q learning algorithm significantly improved the agent ability to identify malware. An epsilon greedy exploration strategy and Q learning updates enabled efficient learning and decision making. Our experimental testing revealed that optimal learning rates depend on the MDP environment complexity, with simpler environments benefiting from higher rates for quicker convergence and complex ones requiring lower rates for stability. Our model performance in identifying and classifying malware reduced malware analysis time compared to human experts, demonstrating robustness and adaptability. The study highlighted the significance of hyper parameter tuning and suggested adaptive strategies for complex environments. Our RL based approach produced promising results and is validated as an alternative to traditional methods notably by offering continuous learning and adaptation to new and evolving malware threats which ultimately enhance the post incident forensics investigations.
+
+</details>
+
+<details>
+
+<summary>2025-01-07 15:48:15 - Advanced Persistent Threats (APT) Attribution Using Deep Reinforcement Learning</summary>
+
+- *Animesh Singh Basnet, Mohamed Chahine Ghanem, Dipo Dunsin, Wiktor Sowinski-Mydlarz*
+
+- `2410.11463v2` - [abs](http://arxiv.org/abs/2410.11463v2) - [pdf](http://arxiv.org/pdf/2410.11463v2)
+
+> The development of the DRL model for malware attribution involved extensive research, iterative coding, and numerous adjustments based on the insights gathered from predecessor models and contemporary research papers. This preparatory work was essential to establish a robust foundation for the model, ensuring it could adapt and respond effectively to the dynamic nature of malware threats. Initially, the model struggled with low accuracy levels, but through persistent adjustments to its architecture and learning algorithms, accuracy improved dramatically from about 7 percent to over 73 percent in early iterations. By the end of the training, the model consistently reached accuracy levels near 98 percent, demonstrating its strong capability to accurately recognise and attribute malware activities. This upward trajectory in training accuracy is graphically represented in the Figure, which vividly illustrates the model maturation and increasing proficiency over time.
+
+</details>
+
+<details>
+
+<summary>2025-01-07 16:05:27 - SPECTRE: A Hybrid System for an Adaptative and Optimised Cyber Threats Detection, Response and Investigation in Volatile Memory</summary>
+
+- *Arslan Tariq Syed, Mohamed Chahine Ghanem, Elhadj Benkhelifa, Fauzia Idrees Abro*
+
+- `2501.03898v1` - [abs](http://arxiv.org/abs/2501.03898v1) - [pdf](http://arxiv.org/pdf/2501.03898v1)
+
+> The increasing sophistication of modern cyber threats, particularly file-less malware relying on living-off-the-land techniques, poses significant challenges to traditional detection mechanisms. Memory forensics has emerged as a crucial method for uncovering such threats by analysing dynamic changes in memory. This research introduces SPECTRE (Snapshot Processing, Emulation, Comparison, and Threat Reporting Engine), a modular Cyber Incident Response System designed to enhance threat detection, investigation, and visualization. By adopting Volatility JSON format as an intermediate output, SPECTRE ensures compatibility with widely used DFIR tools, minimizing manual data transformations and enabling seamless integration into established workflows. Its emulation capabilities safely replicate realistic attack scenarios, such as credential dumping and malicious process injections, for controlled experimentation and validation. The anomaly detection module addresses critical attack vectors, including RunDLL32 abuse and malicious IP detection, while the IP forensics module enhances threat intelligence by integrating tools like Virus Total and geolocation APIs. SPECTRE advanced visualization techniques transform raw memory data into actionable insights, aiding Red, Blue and Purple teams in refining strategies and responding effectively to threats. Bridging gaps between memory and network forensics, SPECTRE offers a scalable, robust platform for advancing threat detection, team training, and forensic research in combating sophisticated cyber threats.
+
+</details>
+