Internet Malware Research Articles

The Rise of Deep Learning in Cyber Security: Bibliometric Analysis of Deep Learning and Malware

Deep learning is a machine learning technology that allows computational models to learn via experience, mimicking human cognitive processes. This method is critical in the development of identifying certain objects, and provides the computational intelligence required to identify multiple objects and distinguish it between object A or Object B. On the other hand, malware is defined as malicious software that seeks to harm or disrupt computers and systems. Its main categories include viruses, worms, Trojan horses, spyware, adware, and ransomware. Hence, many deep learning researchers apply deep learning in their malware studies. However, few articles still investigate deep learning and malware in a bibliometric approach (productivity, research area, institutions, authors, impact journals, and keyword analysis). Hence, this paper reports bibliometric analysis used to discover current and future trends and gain new insights into the relationship between deep learning and malware. This paper’s discoveries include: Deployment of deep learning to detect domain generation algorithm (DGA) attacks; Deployment of deep learning to detect malware in Internet of Things (IoT); The rise of adversarial learning and adversarial attack using deep learning; The emergence of Android malware in deep learning; The deployment of transfer learning in malware research; and active authors on deep learning and malware research, including Soman KP, Vinayakumar R, and Zhang Y.

Security Function Virtualization for IoT Applications in 6G Networks

One of the important characteristics envisioned for 6G is security function virtualization (SFV). Similar to network function virtualization (NFV) in 5G networks, SFV provides new opportunities for improving security while reducing the security overhead. In particular, it provides an attractive way of solving compatibility issues related to security. Malware in Internet of Things (IoT) systems is gaining popularity among cyber-criminals because of the expected number of IoT devices in 5G and 6G networks. To solve this issue, this article proposes a security framework that exploits softwarization of security functions via SFV to improve trust in IoT systems and contain the propagation of malware. IoT devices are categorized into trusted, vulnerable, and compromised levels using remote attestation. To isolate the devices in the three distinct categories, NFV is used to create separate networks for each category, and a distributed ledger is used to store the state of each device. Virtualized remote attestation routines are employed to avoid any compatibility issues among heterogeneous IoT devices and effectively contain malware propagation. The results show that the proposed framework can reduce the number of infected devices by 66 percent in only 10 seconds.

FIViz: Forensics Investigation through Visualization for Malware in Internet of Things

Adoption of the Internet of Things for the realization of smart cities in various domains has been pushed by the advancements in Information Communication and Technology. Transportation, power delivery, environmental monitoring, and medical applications are among the front runners when it comes to leveraging the benefits of IoT for improving services through modern decision support systems. Though with the enormous usage of the Internet of Medical Things, security and privacy become intrinsic issues, thus adversaries can exploit these devices or information on these devices for malicious intents. These devices generate and log large and complex raw data which are used by decision support systems to provide better care to patients. Investigation of these enormous and complicated data from a victim’s device is a daunting and time-consuming task for an investigator. Different feature-based frameworks have been proposed to resolve this problem to detect early and effectively the access logs to better assess the event. But the problem with the existing approaches is that it forces the investigator to manually comb through collected data which can contain a huge amount of irrelevant data. These data are provided normally in textual form to the investigators which are too time-consuming for the investigations even if they can utilize machine learning or natural language processing techniques. In this paper, we proposed a visualization-based approach to tackle the problem of investigating large and complex raw data sets from the Internet of Medical Things. Our contribution in this work is twofold. Firstly, we create a data set through a dynamic behavioral analysis of 400 malware samples. Secondly, the resultant and reduced data set were then visualized most feasibly. This is to investigate an incident easily. The experimental results show that an investigator can investigate large amounts of data in an easy and time-efficient manner through the effective use of visualization techniques.

A concise cost analysis of Internet malware

In this paper we present a cost model to analyze impacts of Internet malware in order to estimate the cost of incidents and risk caused by them. The model is useful in determining parameters needed to estimate recovery efficiency, probabilistic risk distributions, and cost of malware incidents. Many users tend to underestimate the cost of curiosity coming with stealth malware such as email-attachments, freeware/shareware, spyware (including keyloggers, password thieves, phishing-ware, network sniffers, stealth backdoors, and rootkits), popups, and peer-to-peer fileshares. We define two sets of functions to describe evolution of attacks and potential loss caused by malware, where the evolution functions analyze infection patterns, while the loss functions provide risk-impact analysis of failed systems. Due to a wide range of applications, such analyses have drawn the attention of many engineers and researchers. Analysis of malware propagation itself has little to contribute unless tied to analysis of system performance, economic loss, and risks.

Scalability, fidelity, and containment in the potemkin virtual honeyfarm

The rapid evolution of large-scale worms, viruses and bot-nets have made Internet malware a pressing concern. Such infections are at the root of modern scourges including DDoS extortion, on-line identity theft, SPAM, phishing, and piracy. However, the most widely used tools for gathering intelligence on new malware -- network honeypots -- have forced investigators to choose between monitoring activity at a large scale or capturing behavior with high fidelity. In this paper, we describe an approach to minimize this tension and improve honeypot scalability by up to six orders of magnitude while still closely emulating the execution behavior of individual Internet hosts. We have built a prototype honeyfarm system, called Potemkin , that exploits virtual machines, aggressive memory sharing, and late binding of resources to achieve this goal. While still an immature implementation, Potemkin has emulated over 64,000 Internet honeypots in live test runs, using only a handful of physical servers.