Classification and detection of zero-day attacks remain a significant challenge within the domain of cybersecurity. Due to the vast types of malware families and the presence of an imbalanced dataset, real-time detection and classification become increasingly complex and inaccurate. Thus, there’s an urgent need to develop an intelligent and adaptive defense mechanism capable of identifying and classifying such attacks with improved precision and robustness. This paper proposed a stacked ensemble federated learning model with an accuracy-aware node weighting scheme to address the challenges posed by inter- and intra-class similarities among different types of malwares. In the initial phase, malware Portable Executable (PE) files are collected from multiple online repositories and validated by three different antivirus programs through VirusTotal to ensure reliability. These validated files are then converted into image form and categorized into 28 families to facilitate feature extraction. In the second phase, deep feature representations are extracted through a transfer learning-based fine-tuned ResNet-50 model, which captures both low-level and high-level patterns that are relevant to malware classification. After feature extraction from multiple distributed nodes, architecture is fed into the novel proposed Ensemble Stacked Federated Model for enhanced generalization and robust classification. The model is tested on both private and publicly available datasets. The experimental results demonstrate that the proposed method outperforms existing baseline approaches in terms of accuracy and computational efficiency. This improvement is achieved because it performs independent training at each federated node separately and then stacks their outputs with a central ensemble model, which enhances the learning rate and reduces overfitting. The code used for the experiments is available here.

The rapid advancement of information technology has significantly increased the use of computer systems in daily activities. Alongside these developments, cyber threats have also grown, one of the most prevalent being the Trojan Horse virus. Trojan Horse is a type of malware that disguises itself as a legitimate program in order to deceive users and gain unauthorized access to computer systems. This study aims to analyze the patterns of Trojan Horse virus propagation, examine its impacts on computer system security, and identify effective prevention and mitigation strategies. The research method used is a literature review by analyzing books, scientific journals, and credible online sources related to Trojan Horse malware and information system security. The results show that Trojan Horse viruses commonly spread through email attachments, malicious downloads, fake software, and social engineering techniques. The impacts include data theft, system performance degradation, unauthorized remote access, and disruption of organizational operations. Therefore, comprehensive security measures combining technical controls and user awareness are essential to minimize Trojan Horse attacks.

Classification and detection of zero-day attacks remain a significant challenge within the domain of cybersecurity. Due to the vast types of malware families and the presence of an imbalanced dataset, real-time detection and classification become increasingly complex and inaccurate. Thus, there's an urgent need to develop an intelligent and adaptive defense mechanism capable of identifying and classifying such attacks with improved precision and robustness. This paper proposed a stacked ensemble federated learning model with an accuracy-aware node weighting scheme to address the challenges posed by inter- and intra-class similarities among different types of malwares. In the initial phase, malware Portable Executable (PE) files are collected from multiple online repositories and validated by three different antivirus programs through VirusTotal to ensure reliability. These validated files are then converted into image form and categorized into 28 families to facilitate feature extraction. In the second phase, deep feature representations are extracted through a transfer learning-based fine-tuned ResNet-50 model, which captures both low-level and high-level patterns that are relevant to malware classification. After feature extraction from multiple distributed nodes, architecture is fed into the novel proposed Ensemble Stacked Federated Model for enhanced generalization and robust classification. The model is tested on both private and publicly available datasets. The experimental results demonstrate that the proposed method outperforms existing baseline approaches in terms of accuracy and computational efficiency. This improvement is achieved because it performs independent training at each federated node separately and then stacks their outputs with a central ensemble model, which enhances the learning rate and reduces overfitting. The code used for the experiments is available here.

Dormant key: Unlocking universal adversarial control in text-to-image models.

Packing presents a major challenge in cybersecurity, as it complicates malware analysis and extends the operational lifespan of malicious software. This study addresses the issue by developing a robust framework designed to detect packed executable files and identify the specific packers used. The proposed framework leverages 20 optimally selected features extracted from Portable Executable (PE) files to detect packing and recognize packer signatures. A series of extensive experiments was conducted to determine the most effective combination of classification model and feature set. The extreme gradient boost algorithm was selected based on its superior performance. The proposed model achieved a high detection accuracy of 99.27% and an F1-score of 98.84%, outperforming recent methods in the field. In addition, the study introduces a publicly accessible dataset containing 213,784 PE samples and 125 features to facilitate future research. The framework provides a practical tool for security analysts, improving their ability to identify and respond to PE file-based malware in real-world environments. This study focuses exclusively on a static analysis pipeline; no dynamic execution is performed. We also describe how the framework could interface with sandbox-derived dynamic behavioral signals in future work without extending the current study’s scope. Overall, this research contributes a static feature-based approach for packer detection and signature identification, together with a large-scale open dataset that supports ongoing advances in malware classification and analysis.

Detecting Malicious Packages in PyPI and NPM by Clustering Installation Scripts

Traditional Vehicles have an adverse effect on the environment. Therefore, the current technological shift is constantly seeking an alternative to replace traditional vehicles fueled by fossil fuels, and Electric vehicles are, so far, the best alternative. The adoption of Electric Vehicles (EVs) is growing rapidly due to their eco-friendly benefits and technological advancements. This growth, however, brings a significantly larger attack surface due to increased interconnectivity between electric vehicles, charging stations and the smart grid system. To prevent such types of attacks, we need a robust system to detect them beforehand and prevent the system from being compromised. Although some prior work has been conducted in this area, their approaches did not incorporate deep learning algorithms, nor did they evaluate model performance under noisy data conditions. Therefore, we proposed a novel ensemble-based intrusion detection system (IDS) to detect these attacks in Electric Vehicle Charging Stations (EVCS). We implement different Machine learning algorithms such as k-nearest neighbors (KNN), Logistic Regression (LR), Support Vector Machine (SVM) and Decision Tree (DT). Moreover, as different types of malwares often exhibit distinct structural characteristics when visualized as images, we also use Convolutional Neural Networks (CNNs) to detect such attacks and malware. We are focusing on detecting attacks in Electric vehicle charging stations by analyzing the network traffic. For this, we utilize the latest labelled dataset, the Canadian Institute of Cybersecurity EV Charger Attack Dataset 2024 (CICEVSE2024), which is a multidimensional dataset containing both benign and attack data. We then evaluate & compare the performance of these algorithm in detecting the network traffic attacks in Electric Vehicle Charging Stations (EVCS). Our proposed model employs an ensemble voting strategy to combine the predictions from different classifiers, thereby improving the system's robustness and accuracy, and achieves an accuracy of 99.5% in detecting cyberattacks. With the addition of small noise to the dataset, a few individual classifiers perform poorly; however, the ensemble model still maintains an accuracy of 99.2%.

Modern Android malware changes rapidly, making it hard for traditional anti-malware methods to identify these new, disguised and flexible threats. Because existing solutions have issues with many false positives, difficulty handling several types of malware and slow reaction times, hence the work introduce TriSentry-MD as a novel framework for detecting malware in an efficient manner in real time with greater more accurately. The proposed work main breakthrough is achieved by incorporating three different yet matching techniques: GrayCodeNet, to image the resultant bytecode and examine it with convolutional neural networks and a novel BehavWatch-X, which perform normalization and aggregate execution into behaviour feature vector that monitor run time metrics includes CPU usage, battery consumption, network activity, and system calls. Along with proposed ReVersaLearn, a technique for reverse-engineering and using app metadata in classification. Thus, it starts with getting an APK, dividing it into static analysis, bytecode analysis and testing its behaviour in a virtual sandbox. The implementation outputs are gathered and turned into a final outcome by the soft voting process. With harmless attacks from Drebin and AMD, TriSentry-MD obtained near-perfect detection accuracy and almost no false alarms. The findings demonstrate that using Manuscript Click here to access/download;Manuscript;Manuscript.docx multiple data types in a unified framework is effective for discovering a wider variety of android threats and making threat detection more accurate and stronger.

Disposable email addresses (DEAs), also known as burner emails have emerged as a trend of protecting primary email accounts against spam, phishing, and spam marketing. These disposable emails help the users to preserve privacy and avoid unwanted messages as a way of accessing online services. However, the increasing numbers of DEAs usage pose a significant cybersecurity risk because they can be misused by malicious users to avoid responsibility. This paper explores the growing popularity of the disposable email service, and categorizes them as instant, short-term inbox service and masking service, each offering a varying level of convenience and privacy. Despite these apparent benefits of DEAs, including minimization of undesired communication and protection of personal data there are some threats such as risk of security breach, inability to recover accounts, and prevention of access to major websites. The paper outlines the pros, cons, and risks of using disposable email services and offers best practices for their use.

In a digital landscape where malicious software evolves faster than traditional defenses, intelligent andproactive detection has become essential. This study presents a machine learning framework for staticmalware detection based on the analysis of 138,047 Portable Executable samples, including both malwareand benign files. The dataset comprises 56 static structural features extracted without code execution.Four supervised classifiers—Backpropagation Neural Network, Decision Tree, Random Forest,and Support Vector Machine—were evaluated following the Knowledge Discovery in Databases process.Ensemble-based feature selection methods (Random Forest and Extra Trees) were applied to identify themost informative attributes, while random undersampling was used to mitigate class imbalance. Experimentalresults show that the Random Forest classifier achieved the best performance, reaching 99.45%accuracy and a 0.9909 F1-score on imbalanced data, and 99.32% accuracy on the balanced dataset. Thesefindings highlight the reliability and scalability of tree-based models for static malware detection. Overall,the proposed framework demonstrates that careful feature selection and balance adjustment can significantlyenhance the performance and interpretability of cybersecurity classification systems.

The rapid expansion of malicious websites poses a critical threat to online security, as conventional blacklist-based and manual inspection methods cannot keep pace with evolving attacks. In this study, we present a hybrid detection framework that integrates ensemble learning models, Random Forest, Extreme Gradient Boosting, and Light Gradient Boosting with a Deep Neural Network to distinguish malicious from benign websites accurately. The framework leverages a large-scale dataset of 63,191 URLs, combining application-layer attributes (such as URL structure, server type, and WHOIS data) with network-layer features (including TCP exchanges, DNS queries, and packet statistics). Dimensionality reduction is achieved through Principal Component Analysis, while model explainability is provided by SHapley Additive exPlanations. To enhance predictive performance, hyperparameters are tuned using two recent metaheuristic algorithms: the Weevil Damage Optimization Algorithm and the Energy Valley Optimizer. A rigorous k-fold cross-validation strategy confirms the robustness and generalization capability of the model. Experimental results demonstrate that the optimized hybrid framework surpasses individual classifiers, delivering high accuracy, strong scalability, and interpretability. This work contributes to proactive cybersecurity defenses by offering a reliable, data-driven, and explainable solution for real-time malicious website detection.

Side-Channel-based Anomaly Detection (SCAD) offers a powerful and non-intrusive means of detecting unauthorized behavior in IoT and cyber-physical systems. It leverages signals that emerge from physical activity-such as electromagnetic (EM) emissions or power consumption traces-as passive indicators of software execution integrity. This capability is particularly critical in IoT/IIoT environments, where large fleets of deployed devices are at heightened risk of firmware tampering, malicious code injection, and stealthy post-deployment compromise. However, its deployment remains constrained by the costly and time-consuming need to re-fingerprint whenever a program is updated or modified, as fingerprinting involves a precision-intensive manual capturing process for each execution path. To address this challenge, we propose a generative modeling framework that synthesizes realistic EM signals for newly introduced or updated execution paths. Our approach utilizes a Conditional Wasserstein Generative Adversarial Network with Gradient Penalty (CWGAN-GP) framework trained on real EM traces that are conditioned on Execution State Descriptors (ESDs) that encode instruction sequences, operands, and register values. Comprehensive evaluations at instruction-level granularity demonstrate that our approach generates synthetic signals that faithfully reproduce the distinctive features of real EM emissions-achieving 85-92% similarity to real emanations. The inclusion of ESD conditioning further improves fidelity, reducing the similarity distance by ∼13%. To gauge SCAD utility, we train a basic semi-supervised detector on the synthetic signals and find ROC-AUC results within ±1% of detectors trained on real EM data across varying noise conditions. Furthermore, the proposed 1DCNNGAN model (a CWGAN-GP variant) achieves faster training and reduced memory requirements compared with the previously leading ResGAN.

The Health Data Space (HDS) is a promising platform for the secure health data sharing among entities including patients and healthcare providers. However, health data is highly sensitive and critical for diagnosis, and unauthorized access or destruction by malicious users can lead to serious privacy leaks or medical negligence. Thus, robust access control, privacy preservation, and data integrity are essential for HDS. Although Ciphertext-Policy Attribute-Based Encryption (CP-ABE) supports secure sharing, it has limitations when directly applied to HDS. Many current schemes cannot simultaneously handle data integrity violations, trace and revoke malicious users, and protect against privacy leaks from plaintext access policies, with key escrow being another major risk. To overcome these issues, we put forward a Traceable and Revocable Privacy-Preserving Data Sharing (TRPPDS) scheme. Our solution uses a novel distributed CP-ABE with a large universe alongside data auditing to provide fine-grained, key-escrow-resistant access control over unbounded attributes and guarantee data integrity. It also features tracing-then-revocation and full policy hiding to thwart malicious users and protect policy privacy. Formal security analysis is presented for our proposal, with thorough performance assessment also demonstrates its feasibility in HDS.

Smart cities have a complex structure and generate a large amount of data. This is precisely why the presence of artificial intelligence is necessary to effectively detect and neutralize any malware. Artificial intelligence enables not only detection but also an attack, but also to improve the entire smart city protection system. Combining available protection solutions with constant improvements and reacting at the right time are of most importance. This paper serves as a survey and tutorial on the application of artificial intelligence for malware detection in smart cities. The focus is placed on smart city domains such as the Internet of Things, Operational Technology, traffic management, utilities, and public safety systems. Areas outside the smart city context, such as personal cybersecurity or general IT infrastructure, are not covered in this study. The main contributions of this paper include: providing a comprehensive overview of how Artificial intelligence supports malware detection and prevention through advanced technologies and analytical methods, identifying key challenges and limitations in applying Artificial intelligence to urban cybersecurity, and outlining future directions for improving system resilience and adaptive protection. Artificial intelligence has a large number of algorithms and methods, which are helping to monitor and analyze the system behavior. In addition to identifying threats, it is possible to adapt to new forms of malicious software. There are certain challenges in implementing artificial intelligence for malicious software detection, as well as strategies for improving protection.

The Internet of Things (IoT) represents a vast network of interconnected devices engaged in continuous data exchange, real-time information processing, and autonomous decision-making through the Internet. The pervasive presence of sensitive data on IoT devices highlights their indispensable role in our daily lives. The rapid evolution of Information and Communications Technology (ICT) has ushered in a new era of interconnected devices, reshaping the computing landscape. With the expanding IoT ecosystem, cyberspace has become increasingly susceptible to frequent cyber threats. While IoT devices have greatly simplified and automated daily tasks, these devices have simultaneously introduced significant security vulnerabilities. The existing inadequacies in safeguarding these smart devices have rendered IoT the most vulnerable entry point for potential breaches, posing a tempting target for malicious actors. In response to these critical challenges, our study introduces an innovative solution known as Swarm-based Inline Machine Learning (SIML). This approach leverages the coordinated data processing capabilities of a swarm to effectively address and counter emerging malware threats. SIML represents a divergence from conventional standalone threat detection systems, offering a promise of more robust, distributed, and end-to-end security solutions for IoT environments. This approach significantly reduces the risk of malicious exploitation of IoT devices for launching cyber-attacks. The effectiveness of our proposed method was validated through rigorous testing using the UNSW-NB15 dataset. The results are compelling, boasting an impressive accuracy rate of 93.7% and a precision rate of 95%, achieved through the application of the Gradient-Boosting Tree algorithm under the proposed framework. Our comparative analysis reveals that the Gradient Boosting algorithm outperforms traditional methods without compromising efficiency when deployed in an inline setting. Furthermore, the proposed method has been benchmarked against the BoT-Iot and Edge-IIoTset datasets, and outperformance is noted with a minor degradation at higher throughput. This innovative approach not only enhances security in IoT but also paves the way for a safer and more resilient digital future.

In cognitive radio networks (CRNs), collaborative spectrum sensing has emerged as a promising technique for detecting primary user activity. However, the effectiveness of user cooperation is compromised by the presence of malicious users, specifically False Sensing Users (FSUs). FSUs undermine the effectiveness of collaborative sensing by providing misleading information to the fusion center (FC) in an attempt to selfishly access spectrum resources. Therefore, this study focuses on three types of FSUs that exhibit distinct attack patterns: No False Sensing (NFS, i.e., Always-No), Yes False Sensing (YFS), and Yes/No false sensing (YNFS) users. The FC collects reports from both FSUs and legitimate sensing users at varying time intervals. This study employs a denoising autoencoder (DAE) to enhance sensing reliability by mitigating the effects of abnormal sensing reports and noise disturbances at the FC. While current validation employs synthetic data that closely approximates theoretical CRN conditions, real-world RF validation represents an important direction for future work. The autoencoder produces cleaned soft energy data, which is fed into a machine learning (ML) classifier to estimate channel availability and accumulate global decisions. The present study assesses the effectiveness of various classification techniques, including decision trees (DT), k nearest neighbor (KNN), neural networks (NN), ensemble classification (EC), Gaussian naive Bayes (GNB), and random forest classifier (RFC), to classify channel states. Additionally, this paper aims to provide a comprehensive evaluation of these methods. The integration of DAE and EC yields high accuracy, F1 score, and Matthew’s Correlation Coefficient (MCC), leading to a reliable global decision at the FC with minimal sensing error.

This article is devoted to a comprehensive study of methods and technologies for monitoring and analyzing cyber threats in the educational environment, which is particularly relevant in the context of rapid digitalization and the growing dependence of educational institutions on digital platforms, electronic document management, distance learning, and cloud services. The article reveals the nature of modern threats characteristic of educational infrastructure, in particular phishing attacks, unauthorized access, malicious software, data leaks of students and staff, as well as manipulative information influences. To achieve the research objective, a comparative analysis of technological solutions used in international cyber security practices for educational institutions was applied. Combined with methods of synthesis, induction, generalization, and logical modeling, this made it possible to substantiate optimal approaches to building systems for detecting and preventing cyber threats. The application of event log analysis methods, SIEM systems, IDS/IPS technologies, signature and behavioral models of malicious activity analysis, as well as the possibilities of machine learning for predicting cyber risks were analyzed. A critical review of current scientific approaches made it possible to identify the basic requirements for an effective cyber protection system for the educational environment and to highlight its functional components. The article presents an assessment of the readiness of Ukrainian educational institutions to implement modern cyber protection technologies, describes typical problems related to insufficient funding, low digital culture of staff, and the lack of standardized protocols for responding to cyber incidents. Practical recommendations are proposed to increase cyber resilience: strengthening infrastructure security, introducing centralized monitoring systems, regular training of teachers and students, applying European cyber hygiene protocols, and adapting the best practices of international organizations, in particular ENISA and ISO/IEC. The practical significance of the work lies in the fact that the conclusions and recommendations can be used by heads of educational institutions, IT specialists, and government agencies when developing information security policies, improving cyber resilience, and creating a secure digital educational environment.

Drawing on data from the Life in Australia™ panel (ANUpoll Wave 31; n = 1,911), this study investigates the factors that shape individuals’ perceived increase of cybercrime victimisation risk and how these perceptions influence their online disclosure behaviour. Using ordered probability and partial proportional odds models, we examine the role of personal attributes, individual safety concerns, perceived capability to avoid cybercrime, and perceived capability of institutional guardianship. The study provides a unique contribution by employing recent nationally representative data from all Australian states and territories to analyse multiple dimensions of cyber-related concerns. We also use a detailed categorisation of specific cybercrime types to predict both the perceived increase of risk and preventative behavioural adaptations. Guided by Ferraro’s risk interpretation model and Beck’s risk society paradigm, we find that personal attributes and concern factors differentially shape individuals’ perceptions of increasing cybercrime risk. Concerns about identity crime and misuse, online goods fraud, banking fraud, and malicious software significantly heighten perceived increases in risk. These perceptions are further influenced by trust in online security systems and public data guardianship, consistent with the broader concept of institutional guardianship. Overall, the findings show that diminished confidence in digital and institutional safeguards predicts stronger perceptions of increasing cybercrime risk and greater caution in personal information disclosure.

The aim of this paper is to deploy a custom backdoor on to a target machine (Metasploit/Windows) from the source machine (Kali Linux) in a virtual environment (Hypervisor -Windows). For the Virtual system, a wired network is used. The overall goal of the project is to deploy malware such as a backdoor, on devices connected to the infected network, to showcase the threat posed by such malicious software. This work proposes a framework for the AI-based deployment of effective custom backdoors within a virtualized environment. The local virtualization platforms have leveraged to create scalable, isolated, and reproducible sandboxes for backdoor research. This is achieved by carrying out an ARP (Address Resolution Protocol) spoofing attack. It is followed by manipulation of DNS (Domain Name System) server response to redirect the victim to a malicious site or intercept HTTP (Hyper-Text Transfer Protocol) response to enable downloading of malicious files on the target system. Hence, the trojan downloaded can be of any form, like a key-logger or Backdoor. The Backdoor will help us get full system access to the target site and we will be able to download and upload files on or from the target machine, thus effectively creating a backdoor.

Malware detection techniques comprise static and dynamic analysis. While static analysis is rapid, it cannot detect obfuscated variants. In contrast, dynamic analysis is effective but slower and more resource-intensive. This paper introduces a machine learning base hybrid approach that improves exposure by leveraging robustness of said approaches. AMDetect is an advanced malware detection algorithm designed to protect smartphones and its application in the marketplaces along with growing threat of mobile malicious software. By utilizing hybrid assessment as well as deep neural network classifier, AMDetect effectively identifies and distinguishes between malicious and benign applications. It employs a unique class modeling technique as per utilized Application Programming Interface (APIs) that focuses on attention process to highlight specific features leading to the classification of each application. The algorithm's performance is evaluated on state of the art standard datasets, demonstrating its superiority over existing mechanism with an impressive accuracy of 98.90%. AMDetect not only improves the security of smartphones but also contributes to the safeguarding of application marketplaces by pinpointing malicious parts of mobile applications. With its robust capabilities and accurate detection of malware, AMDetect offers a powerful solution for struggling the ever-evolving challenges of mobile threats.