* update 2024-03-07 06:17:28

arXiv_db/Malware/2024.md

@@ -530,3 +530,63 @@
 
 </details>
 
+<details>
+
+<summary>2024-03-04 17:22:43 - Comprehensive evaluation of Mal-API-2019 dataset by machine learning in malware detection</summary>
+
+- *Zhenglin Li, Haibei Zhu, Houze Liu, Jintong Song, Qishuo Cheng*
+
+- `2403.02232v1` - [abs](http://arxiv.org/abs/2403.02232v1) - [pdf](http://arxiv.org/pdf/2403.02232v1)
+
+> This study conducts a thorough examination of malware detection using machine learning techniques, focusing on the evaluation of various classification models using the Mal-API-2019 dataset. The aim is to advance cybersecurity capabilities by identifying and mitigating threats more effectively. Both ensemble and non-ensemble machine learning methods, such as Random Forest, XGBoost, K Nearest Neighbor (KNN), and Neural Networks, are explored. Special emphasis is placed on the importance of data pre-processing techniques, particularly TF-IDF representation and Principal Component Analysis, in improving model performance. Results indicate that ensemble methods, particularly Random Forest and XGBoost, exhibit superior accuracy, precision, and recall compared to others, highlighting their effectiveness in malware detection. The paper also discusses limitations and potential future directions, emphasizing the need for continuous adaptation to address the evolving nature of malware. This research contributes to ongoing discussions in cybersecurity and provides practical insights for developing more robust malware detection systems in the digital era.
+
+</details>
+
+<details>
+
+<summary>2024-03-04 23:46:19 - Catch'em all: Classification of Rare, Prominent, and Novel Malware Families</summary>
+
+- *Maksim E. Eren, Ryan Barron, Manish Bhattarai, Selma Wanna, Nicholas Solovyev, Kim Rasmussen, Boian S. Alexandrov, Charles Nicholas*
+
+- `2403.02546v1` - [abs](http://arxiv.org/abs/2403.02546v1) - [pdf](http://arxiv.org/pdf/2403.02546v1)
+
+> National security is threatened by malware, which remains one of the most dangerous and costly cyber threats. As of last year, researchers reported 1.3 billion known malware specimens, motivating the use of data-driven machine learning (ML) methods for analysis. However, shortcomings in existing ML approaches hinder their mass adoption. These challenges include detection of novel malware and the ability to perform malware classification in the face of class imbalance: a situation where malware families are not equally represented in the data. Our work addresses these shortcomings with MalwareDNA: an advanced dimensionality reduction and feature extraction framework. We demonstrate stable task performance under class imbalance for the following tasks: malware family classification and novel malware detection with a trade-off in increased abstention or reject-option rate.
+
+</details>
+
+<details>
+
+<summary>2024-03-05 07:58:02 - Self-adaptive Traffic Anomaly Detection System for IoT Smart Home Environments</summary>
+
+- *Naoto Watanabe, Taku Yamazaki, Takumi Miyoshi, Ryo Yamamoto, Masataka Nakahara, Norihiro Okui, Ayumu Kubota*
+
+- `2403.02744v1` - [abs](http://arxiv.org/abs/2403.02744v1) - [pdf](http://arxiv.org/pdf/2403.02744v1)
+
+> With the growth of internet of things (IoT) devices, cyberattacks, such as distributed denial of service, that exploit vulnerable devices infected with malware have increased. Therefore, vendors and users must keep their device firmware updated to eliminate vulnerabilities and quickly handle unknown cyberattacks. However, it is difficult for both vendors and users to continually keep the devices safe because vendors must provide updates quickly and the users must continuously manage the conditions of all deployed devices. Therefore, to ensure security, it is necessary for a system to adapt autonomously to changes in cyberattacks. In addition, it is important to consider network-side security that detects and filters anomalous traffic at the gateway to comprehensively protect those devices. This paper proposes a self-adaptive anomaly detection system for IoT traffic, including unknown attacks. The proposed system comprises a honeypot server and a gateway. The honeypot server continuously captures traffic and adaptively generates an anomaly detection model using real-time captured traffic. Thereafter, the gateway uses the generated model to detect anomalous traffic. Thus, the proposed system can adapt to unknown attacks to reflect pattern changes in anomalous traffic based on real-time captured traffic. Three experiments were conducted to evaluate the proposed system: a virtual experiment using pre-captured traffic from various regions across the world, a demonstration experiment using real-time captured traffic, and a virtual experiment using a public dataset containing the traffic generated by malware. The experimental results indicate that a system adaptable in real time to evolving cyberattacks is a novel approach for ensuring the comprehensive security of IoT devices against both known and unknown attacks.
+
+</details>
+
+<details>
+
+<summary>2024-03-05 09:37:13 - Here Comes The AI Worm: Unleashing Zero-click Worms that Target GenAI-Powered Applications</summary>
+
+- *Stav Cohen, Ron Bitton, Ben Nassi*
+
+- `2403.02817v1` - [abs](http://arxiv.org/abs/2403.02817v1) - [pdf](http://arxiv.org/pdf/2403.02817v1)
+
+> In the past year, numerous companies have incorporated Generative AI (GenAI) capabilities into new and existing applications, forming interconnected Generative AI (GenAI) ecosystems consisting of semi/fully autonomous agents powered by GenAI services. While ongoing research highlighted risks associated with the GenAI layer of agents (e.g., dialog poisoning, membership inference, prompt leaking, jailbreaking), a critical question emerges: Can attackers develop malware to exploit the GenAI component of an agent and launch cyber-attacks on the entire GenAI ecosystem? This paper introduces Morris II, the first worm designed to target GenAI ecosystems through the use of adversarial self-replicating prompts. The study demonstrates that attackers can insert such prompts into inputs that, when processed by GenAI models, prompt the model to replicate the input as output (replication), engaging in malicious activities (payload). Additionally, these inputs compel the agent to deliver them (propagate) to new agents by exploiting the connectivity within the GenAI ecosystem. We demonstrate the application of Morris II against GenAIpowered email assistants in two use cases (spamming and exfiltrating personal data), under two settings (black-box and white-box accesses), using two types of input data (text and images). The worm is tested against three different GenAI models (Gemini Pro, ChatGPT 4.0, and LLaVA), and various factors (e.g., propagation rate, replication, malicious activity) influencing the performance of the worm are evaluated.
+
+</details>
+
+<details>
+
+<summary>2024-03-05 14:33:33 - Improving Android Malware Detection Through Data Augmentation Using Wasserstein Generative Adversarial Networks</summary>
+
+- *Kawana Stalin, Mikias Berhanu Mekoya*
+
+- `2403.00890v2` - [abs](http://arxiv.org/abs/2403.00890v2) - [pdf](http://arxiv.org/pdf/2403.00890v2)
+
+> Generative Adversarial Networks (GANs) have demonstrated their versatility across various applications, including data augmentation and malware detection. This research explores the effectiveness of utilizing GAN-generated data to train a model for the detection of Android malware. Given the considerable storage requirements of Android applications, the study proposes a method to synthetically represent data using GANs, thereby reducing storage demands. The proposed methodology involves creating image representations of features extracted from an existing dataset. A GAN model is then employed to generate a more extensive dataset consisting of realistic synthetic grayscale images. Subsequently, this synthetic dataset is utilized to train a Convolutional Neural Network (CNN) designed to identify previously unseen Android malware applications. The study includes a comparative analysis of the CNN's performance when trained on real images versus synthetic images generated by the GAN. Furthermore, the research explores variations in performance between the Wasserstein Generative Adversarial Network (WGAN) and the Deep Convolutional Generative Adversarial Network (DCGAN). The investigation extends to studying the impact of image size and malware obfuscation on the classification model's effectiveness. The data augmentation approach implemented in this study resulted in a notable performance enhancement of the classification model, ranging from 1.5% to 7%, depending on the dataset. The highest achieved F1 score reached 0.975.   Keywords--Generative Adversarial Networks, Android Malware, Data Augmentation, Wasserstein Generative Adversarial Network
+
+</details>
+