Search results

This article aims to provide an interactive model for hands on training of malware analysis. Cyberwar games are the highly stylized representation of cyber conflicts in a simulation model. Game models are helpful in understanding the phenomenon of cyber attacks as well as to evolve new techniques of detection. Cyber security trainings are generally very challenging. Cyber test beds make such trainings easy both for trainees and trainers. However, it is not feasible for each organization to build a network for the sole purpose of hands-on training for employees. Therefore, it is desirable to build an interactive environment that is interesting and free of cost as well.

After exploring existing cyberwar games and their techniques, limitation and strengths, this paper presents a design to merge the cyber attacks into a unique model of war game for detection and analysis of malware. This research designs a malware analysis testbed using online free resources. The authors have used the platform of Cyber Defense Technology Experimental Research (DETER). This study proposed model of a testbed that supports malware reverse engineering scenarios, exercise logs and analysis to develop reverse engineering tactics.

The proposed cyber testbed is an automated system that can be used as a platform to train cyber warriors. A few features of the proposed testbed are as follows: testbed provides real or seemingly real malware communication with the real world. It includes automated decisions for the detection of malicious behavior without human intervention. The author gives a design to develop free of cost mechanism for remote learning of highly technical cyber security areas, and this simulation is for malware analysis.

Cyberwar games are built for strengthening offensive and defensive capabilities in cyberspace. For this purpose, many simulations, as well as emulation platforms, can be found. Some are free and open-source, whereas others are commercial and quite expensive. Existing testbeds have limitations in respect of cyberwar games for creating innovative scenarios. Existing literature does not offer any attack and response scenario developed for malware detection through some existing open-source and online simulation or emulation environments. This research includes an analysis of the existing platforms as well as the design of a new model for malware analysis and training.

Given how smart today’s malware authors have become through employing highly sophisticated techniques, it is only logical that methods be developed to combat the most potent threats, particularly where the malware is stealthy and makes indicators of compromise (IOC) difficult to detect. After the analysis is completed, the output can be employed to detect and then counteract the attack. The goal of this work is to propose a machine learning approach to improve malware detection by combining the strengths of both supervised and unsupervised machine learning techniques. This study is essential as malware has certainly become ubiquitous as cyber-criminals use it to attack systems in cyberspace. Malware analysis is required to reveal hidden IOC, to comprehend the attacker’s goal and the severity of the damage and to find vulnerabilities within the system.

This research proposes a hybrid approach for dynamic and static malware analysis that combines unsupervised and supervised machine learning algorithms and goes on to show how Malware exploiting steganography can be exposed.

The tactics used by malware developers to circumvent detection are becoming more advanced with steganography becoming a popular technique applied in obfuscation to evade mechanisms for detection. Malware analysis continues to call for continuous improvement of existing techniques. State-of-the-art approaches applying machine learning have become increasingly popular with highly promising results.

Cyber security researchers globally are grappling with devising innovative strategies to identify and defend against the threat of extremely sophisticated malware attacks on key infrastructure containing sensitive data. The process of detecting the presence of malware requires expertise in malware analysis. Applying intelligent methods to this process can aid practitioners in identifying malware’s behaviour and features. This is especially expedient where the malware is stealthy, hiding IOC.

This paper proposes an approach to deal with malware and botnets, which in recent years have become one of the major threats in the cyber world. These malicious pieces of software can cause harm not only to the infected victims but also to actors at a much larger scale. For this reason, defenders, namely, security researchers and analysts, and law enforcement have fought back and contained the spreading infections. However, the fight is fundamentally asymmetric.

In this paper, the authors argue the need to equip defenders with more powerful active defence tools such as malware and botnets, called antidotes, which must be used as last resort to mitigate malware epidemics. Additionally, the authors argue the validity of this approach by considering the ethical and legal concerns of leveraging sane and compromised hosts to mitigate malware epidemics. Finally, the authors further provide evidence of the possible success of these practices by applying their approach to Hlux, Sality and Zeus malware families.

Although attackers have neither ethical nor legal constraints, defenders are required to follow much stricter rules and develop significantly more intricate tools. Additionally, attackers have been improving their malware to make them more resilient to takeovers.

By combining existing research, the authors provide an analysis and possible implication of a more intrusive yet effective solution for fighting the spreading of malware.

Most people are probably aware of malware, but they may not be aware of malware in what may be its most dangerous form, i.e. causing physical harm, even death, to individuals. This paper aims to document how software can cause malicious harm to individuals by attacking modern systems that appear to be neglected and under-researched.

This paper will review some of the most significant areas of concern with respect to end of days malware, i.e. malware that has a dangerous intent. The areas included are automobiles, medical devices and air traffic control systems.

The potential harmful effects of malware are often not well known by consumers and businesses around the world. These issues are not limited to just financial harm. Lives can actually be in danger. Underestimating the importance of cybersecurity and understanding the dangers that are associated with advancing technology are global issues that will continue unless there is enough awareness to force businesses and governments to address these issues. It is critical that safeguards are established.

While many papers have been written about malware and the implications of having malicious software infect a computer or a network, little attention has been paid to “end of days” malware. With advancing technology, malware now has the ability to cause serious injury or death to individuals who have minimal or no knowledge of the potential consequences of, for example, driving in an automobile, wearing or having an internal medical device or flying on an airplane. It is up to businesses and governments to address these issues.

A proper understanding of malware characteristics is necessary to protect massive data generated because of the advances in Internet of Things (IoT), big data and the cloud. Because of the encryption techniques used by the attackers, network security experts struggle to develop an efficient malware detection technique. Though few machine learning-based techniques are used by researchers for malware detection, large amounts of data must be processed and detection accuracy needs to be improved for efficient malware detection. Deep learning-based methods have gained significant momentum in recent years for the accurate detection of malware. The purpose of this paper is to create an efficient malware detection system for the IoT using Siamese deep neural networks.

In this work, a novel Siamese deep neural network system with an embedding vector is proposed. Siamese systems have generated significant interest because of their capacity to pick up a significant portion of the input. The proposed method is efficient in malware detection in the IoT because it learns from a few records to improve forecasts. The goal is to determine the evolution of malware similarity in emerging domains of technology.

The cloud platform is used to perform experiments on the Malimg data set. ResNet50 was pretrained as a component of the subsystem that established embedding. Each system reviews a set of input documents to determine whether they belong to the same family. The results of the experiments show that the proposed method outperforms existing techniques in terms of accuracy and efficiency.

The proposed work generates an embedding for each input. Each system examined a collection of data files to determine whether they belonged to the same family. Cosine proximity is also used to estimate the vector similarity in a high-dimensional area.

The new ways to complete financial transactions have been developed by setting up mobile payment (m-payment) platforms and such platforms to access banking in the financial mainstream can transact as never before. But, does m-payment have veiled consequences? To seek an answer, the research was undertaken to explore the dark sides of m-payment for consumers by extending the theory of innovation resistance (IR) and by measuring non-adoption intention (NAI).

Three hundred individuals using popular online m-payment apps such as Paytm, PhonePe, Amazon Pay and Google Pay were surveyed for the primary data. IBM AMOS based structural equation modelling (SEM) was used to analyse the data.

Each m-payment transaction leaves a digital record, making some vulnerable consumers concerned about privacy threats. Lack of global standards prevents consumers from participating in the m-payment system properly until common interfaces are established based on up-to-date standards. Self-compassion (SC) characteristics such as anxiety, efficacy, fatigue, wait-and-see tendencies and the excessive choice of technology effect contribute to the non-adoption of m-payment.

This study proposes a threat model and empirically explores the dark sides of m-payment. In addition, it also unveils the moderator's role of SC in building the structural relationship between IR and NAI.

Scams are indeed malicious attempts to influence people and can take many forms, including online scams. With the increasing availability of technology, scammers have more tools at their disposal to create convincing and sophisticated communications that appear to come from legitimate sources, such as emails, text messages or social media posts. These scams can be designed to trick individuals into clicking on malicious links, downloading malware or ransomware or providing sensitive information such as login information, financial information or personal details. Scammers often use social engineering techniques to persuade their targets to take specific actions, such as creating a sense of urgency, offering a reward or prize or posing as a trusted authority. These tactics can be highly effective, particularly if the target is unaware of the warning signs of a scam or is unfamiliar with how to protect themselves from online fraud. This paper aims to explore the extent and nature of this problem and evokes the concern that the general public is vulnerable and susceptible to scams if they are not resilient and aware. This paper also explores why victims fall for online scams and uncovers preventive measures to enable a direction in tacitly strategizing ways to create more impactful and effective awareness campaigns.

This study explores these aspects through a holistic qualitative approach. Using in-depth interview techniques with six victims, six non-victims, four law enforcement officers, four scammers and seven stakeholders from various agencies such as banks, telecommunication agencies and the Malaysian Communications and Multimedia Commission involved in combating the issue of scams.

The findings generally revealed that participants who were victims of scams felt Malaysians were susceptible to scams, easily fooled and had a nonchalant attitude. Most participants also highlighted that public safety is important for ensuring a high quality of life for citizens that should work closely between the government and non-government agencies, including effective law enforcement and crime prevention strategies.

The uniqueness of this study is the feedback from scammers themselves and their input towards authority and victims. Overall, the respondents provide their views drawing strength from the ever-changing technological background as well as the susceptibility of security features and vulnerability of human engagement.

The purpose of the study is to identify cybersecurity threats that hinder the adoption of digital banking and provide sustainable strategies to combat cybersecurity risks in the banking industry.

Systematic literature review guidelines were used to conduct a quantitative synthesis of empirical evidence regarding the impact of cybersecurity threats and risks on the adoption of digital banking.

A total of 84 studies were initially examined, and after applying the selection and eligibility criteria for this systematic review, 58 studies were included. These selected articles consistently identified identity theft, malware attacks, phishing and vishing as significant cybersecurity threats that hinder the adoption of digital banking.

With the country’s banking sector being new in this area, this study contributes to the scant literature on cyber security, which is mostly in need due to the myriad breaches that the industry has already suffered thus far.

The purpose of this paper is to identify and investigate the security issues an organisation operating in the “new” online environment is exposed to through Web 2.0 applications, with specific focus on unauthorised access (encompassing hackers). The study aims to recommend possible safeguards to mitigate these incremental risks to an acceptable level.

An extensive literature review was performed to obtain an understanding of the technologies driving Web 2.0 applications. Thereafter, the technologies were mapped against Control Objectives for Information and Related Technology (CobiT) and Trust Service Principles and Criteria and associated control objectives relating to security risks, specifically to hacker risks. These objectives were used to identify relevant risks and formulate appropriate internal control measures.

The findings show that every organisation, technology and application is unique and the safeguards depend on the nature of the organisation, information at stake, degree of vulnerability and risks. A comprehensive security program, including a multi‐layer technological, as well as an administrative component, should be implemented. User training on acceptable practices should also be conducted.

Obtaining an understanding of Web 2.0 and Web 2.0 security is important, as Web 2.0 is a new, poorly understood technology and with the growing mobility of users, the potential surface area of attack increases and should be managed. The paper will help organisations, information repository managers, information technology (IT) professionals, librarians and internal and external auditors to understand the “new” risks relating to unauthorised access, which previously did not exist in an on‐line environment, and will assist the development of a framework to limit the most significant risks.