* update 2024-10-03 06:20:41

arXiv_db/Malware/2024.md

@@ -2846,3 +2846,75 @@
 
 </details>
 
+<details>
+
+<summary>2024-09-28 00:47:38 - An In-depth Analysis of a Nation-Sponsored Attack: Case Study and Cybersecurity Insights</summary>
+
+- *Puya Pakshad, Abiha Hussain, Maks Dudek, Leen Mobarki, Abel Castilla*
+
+- `2409.19194v1` - [abs](http://arxiv.org/abs/2409.19194v1) - [pdf](http://arxiv.org/pdf/2409.19194v1)
+
+> Nation-sponsored cyberattacks pose a significant threat to national security by targeting critical infrastructure and disrupting essential services. One of the most impactful cyber threats affecting South Korea's banking sector and infrastructure was the Dark Seoul cyberattack, which occurred several years ago. Believed to have been orchestrated by North Korean state-sponsored hackers, the attack employed spear phishing, DNS poisoning, and malware to compromise systems, causing widespread disruption. In this paper, we conduct an in-depth analysis of the Dark Seoul attack, examining the techniques used and providing insights and defense recommendations for the global cybersecurity community. The motivations behind the attack are explored, along with an assessment of South Korea's response and the broader implications for cybersecurity policy. Our analysis highlights the vulnerabilities exploited and underscores the need for more proactive defenses against state-sponsored cyber threats. This paper, therefore, emphasizes the critical need for stronger national cybersecurity defenses in the face of such threats.
+
+</details>
+
+<details>
+
+<summary>2024-09-28 04:42:21 - Decoding Android Malware with a Fraction of Features: An Attention-Enhanced MLP-SVM Approach</summary>
+
+- *Safayat Bin Hakim, Muhammad Adil, Kamal Acharya, Houbing Herbert Song*
+
+- `2409.19234v1` - [abs](http://arxiv.org/abs/2409.19234v1) - [pdf](http://arxiv.org/pdf/2409.19234v1)
+
+> The escalating sophistication of Android malware poses significant challenges to traditional detection methods, necessitating innovative approaches that can efficiently identify and classify threats with high precision. This paper introduces a novel framework that synergistically integrates an attention-enhanced Multi-Layer Perceptron (MLP) with a Support Vector Machine (SVM) to make Android malware detection and classification more effective. By carefully analyzing a mere 47 features out of over 9,760 available in the comprehensive CCCS-CIC-AndMal-2020 dataset, our MLP-SVM model achieves an impressive accuracy over 99% in identifying malicious applications. The MLP, enhanced with an attention mechanism, focuses on the most discriminative features and further reduces the 47 features to only 14 components using Linear Discriminant Analysis (LDA). Despite this significant reduction in dimensionality, the SVM component, equipped with an RBF kernel, excels in mapping these components to a high-dimensional space, facilitating precise classification of malware into their respective families. Rigorous evaluations, encompassing accuracy, precision, recall, and F1-score metrics, confirm the superiority of our approach compared to existing state-of-the-art techniques. The proposed framework not only significantly reduces the computational complexity by leveraging a compact feature set but also exhibits resilience against the evolving Android malware landscape.
+
+</details>
+
+<details>
+
+<summary>2024-09-28 10:45:28 - Model X-Ray: Detection of Hidden Malware in AI Model Weights using Few Shot Learning</summary>
+
+- *Daniel Gilkarov, Ran Dubin*
+
+- `2409.19310v1` - [abs](http://arxiv.org/abs/2409.19310v1) - [pdf](http://arxiv.org/pdf/2409.19310v1)
+
+> The potential for exploitation of AI models has increased due to the rapid advancement of Artificial Intelligence (AI) and the widespread use of platforms like Model Zoo for sharing AI models. Attackers can embed malware within AI models through steganographic techniques, taking advantage of the substantial size of these models to conceal malicious data and use it for nefarious purposes, e.g. Remote Code Execution. Ensuring the security of AI models is a burgeoning area of research essential for safeguarding the multitude of organizations and users relying on AI technologies. This study leverages well-studied image few-shot learning techniques by transferring the AI models to the image field using a novel image representation. Applying few-shot learning in this field enables us to create practical models, a feat that previous works lack. Our method addresses critical limitations in state-of-the-art detection techniques that hinder their practicality. This approach reduces the required training dataset size from 40000 models to just 6. Furthermore, our methods consistently detect delicate attacks of up to 25% embedding rate and even up to 6% in some cases, while previous works were only shown to be effective for a 100%-50% embedding rate. We employ a strict evaluation strategy to ensure the trained models are generic concerning various factors. In addition, we show that our trained models successfully detect novel spread-spectrum steganography attacks, demonstrating the models' impressive robustness just by learning one type of attack. We open-source our code to support reproducibility and enhance the research in this new field.
+
+</details>
+
+<details>
+
+<summary>2024-09-28 21:34:14 - Accelerating Malware Classification: A Vision Transformer Solution</summary>
+
+- *Shrey Bavishi, Shrey Modi*
+
+- `2409.19461v1` - [abs](http://arxiv.org/abs/2409.19461v1) - [pdf](http://arxiv.org/pdf/2409.19461v1)
+
+> The escalating frequency and scale of recent malware attacks underscore the urgent need for swift and precise malware classification in the ever-evolving cybersecurity landscape. Key challenges include accurately categorizing closely related malware families. To tackle this evolving threat landscape, this paper proposes a novel architecture LeViT-MC which produces state-of-the-art results in malware detection and classification. LeViT-MC leverages a vision transformer-based architecture, an image-based visualization approach, and advanced transfer learning techniques. Experimental results on multi-class malware classification using the MaleVis dataset indicate LeViT-MC's significant advantage over existing models. This study underscores the critical importance of combining image-based and transfer learning techniques, with vision transformers at the forefront of the ongoing battle against evolving cyber threats. We propose a novel architecture LeViT-MC which not only achieves state of the art results on image classification but is also more time efficient.
+
+</details>
+
+<details>
+
+<summary>2024-09-29 07:22:47 - MASKDROID: Robust Android Malware Detection with Masked Graph Representations</summary>
+
+- *Jingnan Zheng, Jiaohao Liu, An Zhang, Jun Zeng, Ziqi Yang, Zhenkai Liang, Tat-Seng Chua*
+
+- `2409.19594v1` - [abs](http://arxiv.org/abs/2409.19594v1) - [pdf](http://arxiv.org/pdf/2409.19594v1)
+
+> Android malware attacks have posed a severe threat to mobile users, necessitating a significant demand for the automated detection system. Among the various tools employed in malware detection, graph representations (e.g., function call graphs) have played a pivotal role in characterizing the behaviors of Android apps. However, though achieving impressive performance in malware detection, current state-of-the-art graph-based malware detectors are vulnerable to adversarial examples. These adversarial examples are meticulously crafted by introducing specific perturbations to normal malicious inputs. To defend against adversarial attacks, existing defensive mechanisms are typically supplementary additions to detectors and exhibit significant limitations, often relying on prior knowledge of adversarial examples and failing to defend against unseen types of attacks effectively. In this paper, we propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware and remarkable robustness against adversarial attacks. Specifically, we introduce a masking mechanism into the Graph Neural Network (GNN) based framework, forcing MASKDROID to recover the whole input graph using a small portion (e.g., 20%) of randomly selected nodes.This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks. While capturing stable malicious semantics in the form of dependencies inside the graph structures, we further employ a contrastive module to encourage MASKDROID to learn more compact representations for both the benign and malicious classes to boost its discriminative power in detecting malware from benign apps and adversarial examples.
+
+</details>
+
+<details>
+
+<summary>2024-09-30 09:19:52 - CyberForce: A Federated Reinforcement Learning Framework for Malware Mitigation</summary>
+
+- *Chao Feng, Alberto Huertas Celdran, Pedro Miguel Sanchez Sanchez, Jan Kreischer, Jan von der Assen, Gerome Bovet, Gregorio Martinez Perez, Burkhard Stiller*
+
+- `2308.05978v4` - [abs](http://arxiv.org/abs/2308.05978v4) - [pdf](http://arxiv.org/pdf/2308.05978v4)
+
+> Recent research has shown that the integration of Reinforcement Learning (RL) with Moving Target Defense (MTD) can enhance cybersecurity in Internet-of-Things (IoT) devices. Nevertheless, the practicality of existing work is hindered by data privacy concerns associated with centralized data processing in RL, and the unsatisfactory time needed to learn right MTD techniques that are effective against a rising number of heterogeneous zero-day attacks. Thus, this work presents CyberForce, a framework that combines Federated and Reinforcement Learning (FRL) to collaboratively and privately learn suitable MTD techniques for mitigating zero-day attacks. CyberForce integrates device fingerprinting and anomaly detection to reward or penalize MTD mechanisms chosen by an FRL-based agent. The framework has been deployed and evaluated in a scenario consisting of ten physical devices of a real IoT platform affected by heterogeneous malware samples. A pool of experiments has demonstrated that CyberForce learns the MTD technique mitigating each attack faster than existing RL-based centralized approaches. In addition, when various devices are exposed to different attacks, CyberForce benefits from knowledge transfer, leading to enhanced performance and reduced learning time in comparison to recent works. Finally, different aggregation algorithms used during the agent learning process provide CyberForce with notable robustness to malicious attacks.
+
+</details>
+