Digital Commons Network^™

The Impact Of Artificial Intelligence And Machine Learning On Organizations Cybersecurity, Mustafa Abdulhussein

Doctoral Dissertations and Projects

As internet technology proliferate in volume and complexity, the ever-evolving landscape of malicious cyberattacks presents unprecedented security risks in cyberspace. Cybersecurity challenges have been further exacerbated by the continuous growth in the prevalence and sophistication of cyber-attacks. These threats have the capacity to disrupt business operations, erase critical data, and inflict reputational damage, constituting an existential threat to businesses, critical services, and infrastructure. The escalating threat is further compounded by the malicious use of artificial intelligence (AI) and machine learning (ML), which have increasingly become tools in the cybercriminal arsenal. In this dynamic landscape, the emergence of offensive AI introduces …

Malware Detection With Artificial Intelligence: A Systematic Literature Review, Matthew G. Gaber, Mohiuddin Ahmed, Helge Janicke

Research outputs 2022 to 2026

In this survey, we review the key developments in the field of malware detection using AI and analyze core challenges. We systematically survey state-of-the-art methods across five critical aspects of building an accurate and robust AI-powered malware-detection model: malware sophistication, analysis techniques, malware repositories, feature selection, and machine learning vs. deep learning. The effectiveness of an AI model is dependent on the quality of the features it is trained with. In turn, the quality and authenticity of these features is dependent on the quality of the dataset and the suitability of the analysis tool. Static analysis is fast but is …

Evaluating Attack Surface Management In An Industrial Control System (Ics) Environment: Leveraging A Recon Ftw For Threat Classification And Incident Response, Nathalia De Sa Soares

LSU Master's Theses

Protecting Industrial Control Systems (ICS) from cyber threats is paramount to
ensure the reliability and security of critical infrastructure. Organizations must proactively identify vulnerabilities and strengthen their incident response capabilities as attack vectors evolve. This research explores implementing an Attack Surface Management (ASM) approach, utilizing Recon FTW, to assess an operating ICS environment’s security posture comprehensively.
The primary objective of this research is to develop a tool for performing recon-
naissance in an ICS environment with a non-intrusive approach, enabling the realistic simulation of potential threat scenarios and the identification of critical areas requiring immediate attention and remediation. We aim …

Malfe—Malware Feature Engineering Generation Platform, Avinash Singh, Richard Adeyemi Ikuesan, Hein Venter

All Works

The growing sophistication of malware has resulted in diverse challenges, especially among security researchers who are expected to develop mechanisms to thwart these malicious attacks. While security researchers have turned to machine learning to combat this surge in malware attacks and enhance detection and prevention methods, they often encounter limitations when it comes to sourcing malware binaries. This limitation places the burden on malware researchers to create context-specific datasets and detection mechanisms, a time-consuming and intricate process that involves a series of experiments. The lack of accessible analysis reports and a centralized platform for sharing and verifying findings has resulted …

A Proposed Artificial Intelligence Model For Android-Malware Detection, Fatma Taher, Omar Al Fandi, Mousa Al Kfairy, Hussam Al Hamadi, Saed Alrabaee

All Works

There are a variety of reasons why smartphones have grown so pervasive in our daily lives. While their benefits are undeniable, Android users must be vigilant against malicious apps. The goal of this study was to develop a broad framework for detecting Android malware using multiple deep learning classifiers; this framework was given the name DroidMDetection. To provide precise, dynamic, Android malware detection and clustering of different families of malware, the framework makes use of unique methodologies built based on deep learning and natural language processing (NLP) techniques. When compared to other similar works, DroidMDetection (1) uses API calls and …

Static Malware Family Clustering Via Structural And Functional Characteristics, David George, Andre Mauldin, Josh Mitchell, Sufiyan Mohammed, Robert Slater

SMU Data Science Review

Static and dynamic analyses are the two primary approaches to analyzing malicious applications. The primary distinction between the two is that the application is analyzed without execution in static analysis, whereas the dynamic approach executes the malware and records the behavior exhibited during execution. Although each approach has advantages and disadvantages, dynamic analysis has been more widely accepted and utilized by the research community whereas static analysis has not seen the same attention. This study aims to apply advancements in static analysis techniques to demonstrate the identification of fine-grained functionality, and show, through clustering, how malicious applications may be grouped …

Linux Malware Obfuscation, Brian Roden

Computer Science and Computer Engineering Undergraduate Honors Theses

Many forms of malicious software use techniques and tools that make it harder for their functionality to be parsed, both by antivirus software and reverse-engineering methods. Historically, the vast majority of malware has been written for the Windows operating system due to its large user base. As such, most efforts made for malware detection and analysis have been performed on that platform. However, in recent years, we have seen an increase in malware targeting servers running Linux and other Unix-like operating systems resulting in more emphasis of malware research on these platforms. In this work, several obfuscation techniques for Linux …

Assessing The Frequency And Severity Of Malware Attacks: An Exploratory Analysis Of The Advisen Cyber Loss Dataset, Ahmed M. Abdelmagid, Farshid Javadnejad, C. Ariel Pinto, Michael K. Mcshane, Rafael Diaz, Elijah Gartell

Modeling, Simulation and Visualization Student Capstone Conference

In today's business landscape, cyberattacks present a significant threat that can lead to severe financial losses and damage to a company's reputation. To mitigate this risk, it is essential for stakeholders to have an understanding of the latest types and patterns of cyberattacks. The primary objective of this research is to provide this knowledge by utilizing the Advisen cyber loss dataset, which comprises over 137,000 cyber incidents that occurred across various industry sectors from 2013 to 2020. By using text mining techniques, this paper will conduct an exploratory data analysis to identify the most common types of malware, including ransomware. …

Developing Resilient Cyber-Physical Systems: A Review Of State-Of-The-Art Malware Detection Approaches, Gaps, And Future Directions, M. Imran Malik, Ahmed Ibrahim, Peter Hannay, Leslie F. Sikos

Research outputs 2022 to 2026

Cyber-physical systems (CPSes) are rapidly evolving in critical infrastructure (CI) domains such as smart grid, healthcare, the military, and telecommunication. These systems are continually threatened by malicious software (malware) attacks by adversaries due to their improvised tactics and attack methods. A minor configuration change in a CPS through malware has devastating effects, which the world has seen in Stuxnet, BlackEnergy, Industroyer, and Triton. This paper is a comprehensive review of malware analysis practices currently being used and their limitations and efficacy in securing CPSes. Using well-known real-world incidents, we have covered the significant impacts when a CPS is compromised. In …

Apt Adversarial Defence Mechanism For Industrial Iot Enabled Cyber-Physical System, Safdar Hussain Javed, Maaz Bin Ahmad, Muhammad Asif, Waseem Akram, Khalid Mahmood, Ashok Kumar Das, Sachin Shetty

VMASC Publications

The objective of Advanced Persistent Threat (APT) attacks is to exploit Cyber-Physical Systems (CPSs) in combination with the Industrial Internet of Things (I-IoT) by using fast attack methods. Machine learning (ML) techniques have shown potential in identifying APT attacks in autonomous and malware detection systems. However, detecting hidden APT attacks in the I-IoT-enabled CPS domain and achieving real-time accuracy in detection present significant challenges for these techniques. To overcome these issues, a new approach is suggested that is based on the Graph Attention Network (GAN), a multi-dimensional algorithm that captures behavioral features along with the relevant information that other methods …

A Survey Of Using Machine Learning In Iot Security And The Challenges Faced By Researchers, Khawlah M. Harahsheh, Chung-Hao Chen

Electrical & Computer Engineering Faculty Publications

The Internet of Things (IoT) has become more popular in the last 15 years as it has significantly improved and gained control in multiple fields. We are nowadays surrounded by billions of IoT devices that directly integrate with our lives, some of them are at the center of our homes, and others control sensitive data such as military fields, healthcare, and datacenters, among others. This popularity makes factories and companies compete to produce and develop many types of those devices without caring about how secure they are. On the other hand, IoT is considered a good insecure environment for cyber …

Applications Of Transfer Learning From Malicious To Vulnerable Binaries, Sean Patrick Mcnulty

Graduate Student Theses, Dissertations, & Professional Papers

Malware detection and vulnerability detection are important cybersecurity tasks. Previous research has successfully applied a variety of machine learning methods to both. However, despite their potential synergies, previous research has yet to unite these two tasks. Given the recent success of transfer learning in many domains, such as language modeling and image recognition, this thesis investigated the use of transfer learning to improve vulnerability detection. Specifically, we pre-trained a series of models to detect malicious binaries and used the weights from those models to kickstart the detection of vulnerable binaries. In our study, we also investigated five different data representations …

Malware Detection And Analysis, Namratha Suraneni

Culminating Experience Projects

Malicious software poses a serious threat to the cybersecurity of network infrastructures and is a global pandemic in the form of computer viruses, Trojan horses, and Internet worms. Studies imply that the effects of malware are deteriorating. The main defense against malware is malware detectors. The methods that such a detector employ define its level of quality. Therefore, it is crucial that we research malware detection methods and comprehend their advantages and disadvantages. Attackers are creating malware that is polymorphic and metamorphic and has the capacity to modify their source code as they spread. Furthermore, existing defenses, which often utilize …

Explainable Artificial Intelligence Applications In Cyber Security: State-Of-The-Art In Research, Zhibo Zhang, Hussam Al Hamadi, Ernesto Damiani, Chan Yeob Yeun, Fatma Taher

All Works

This survey presents a comprehensive review of current literature on Explainable Artificial Intelligence (XAI) methods for cyber security applications. Due to the rapid development of Internet-connected systems and Artificial Intelligence in recent years, Artificial Intelligence including Machine Learning and Deep Learning has been widely utilized in the fields of cyber security including intrusion detection, malware detection, and spam filtering. However, although Artificial Intelligence-based approaches for the detection and defense of cyber attacks and threats are more advanced and efficient compared to the conventional signature-based and rule-based cyber security strategies, most Machine Learning-based techniques and Deep Learning-based techniques are deployed in …

Deep Learning For Anomaly Detection, Guansong Pang, Charu Aggarwal, Chunhua Shen, Nicu Sebe

Research Collection School Of Computing and Information Systems

A nomaly detection aims at identifying data points which are rare or significantly different from the majority of data points. Many techniques are explored to build highly efficient and effective anomaly detection systems, but they are confronted with many difficulties when dealing with complex data, such as failing to capture intricate feature interactions or extract good feature representations. Deep-learning techniques have shown very promising performance in tackling different types of complex data in a broad range of tasks/problems, including anomaly detection. To address this new trend, we organized this Special Issue on Deep Learning for Anomaly Detection to cover the …

Ransomware And Malware Sandboxing, Byron Denham

Computer Science and Computer Engineering Undergraduate Honors Theses

The threat of ransomware that encrypts data on a device and asks for payment to decrypt the data affects individual users, businesses, and vital systems including healthcare. This threat has become increasingly more prevalent in the past few years. To understand ransomware through malware analysis, care must be taken to sandbox the ransomware in an environment that allows for a detailed and comprehensive analysis while also preventing it from being able to further spread. Modern malware often takes measures to detect whether it has been placed into an analysis environment to prevent examination. In this work, several notable pieces of …

Malware And Memory Forensics On M1 Macs, Charles E. Glass

LSU Master's Theses

As malware continues to evolve, infection mechanisms that can only be seen in memory are increasingly commonplace. These techniques evade traditional forensic analysis, requiring the use of memory forensics. Memory forensics allows for the recovery of historical data created by running malware, including information that it tries to hide. Memory analysis capabilities have lagged behind on Apple's new M1 architecture while the number of malicious programs only grows. To make matters worse, Apple has developed Rosetta 2, the translation layer for running x86_64 binaries on an M1 Mac. As a result, all malware compiled for Intel Macs is theoretically functional …

Improving Memory Forensics Capabilities On Apple M1 Computers, Raphaela Santos Mettig Rocha

LSU Master's Theses

Malware threats are rapidly evolving to use more sophisticated attacks. By abusing rich application APIs such as Objective-C’s, they are able to gather information about user activity, launch background processes without the user’s knowledge as well as perform other malicious activities. In some cases, memory forensics is the only way to recover artifacts related to this malicious activity, as is the case with memory-only execution. The introduction of the Rosetta 2 on the Apple M1 introduces a completely new attack surface by allowing binaries of both Intel x86 64 and ARM64 architecture to run in userland. For this reason it …

Using Memory Forensics To Analyze Programming Language Runtimes, Modhuparna Manna

LSU Doctoral Dissertations

The continued increase in the use of computer systems in recent times has led to a significant rise in the capabilities of malware and attacker toolkits that target different operating systems and their users. Over the last several years, cybersecurity threat reports have documented numerous instances of users that were targeted by governments, intelligence agencies, and criminal groups, and the result was that the victims ended up having highly sophisticated malware installed on their systems. Unfortunately, the rise of these threats has not been met with equal research and development of defensive mechanisms that can detect and analyze such malware. …

C2 Microservices Api: Ch4rl3sch4l3m4gn3, Thai H. Nguyễn

School of Computer Science & Engineering Undergraduate Publications

In the 21^st century, cyber-based attackers such as advance persistent threats are leveraging bots in the form of botnets to conduct a plethora of cyber-attacks. While there are several social engineering techniques used to get targets to unknowingly download these bots, it is the command-and-control techniques advance persistent threats use to control their bots that is of critical interest to the author. In this research paper, the author aims to develop a command-and-control microservice application programming interface infrastructure to facilitate botnet command-and-control attack simulations. To achieve this the author will develop a simple bot skeletal framework, utilize the latest …

Few-Shot Malware Detection Using A Novel Adversarial Reprogramming Model, Ekula Praveen Kumar

Browse all Theses and Dissertations

The increasing sophistication of malware has made detecting and defending against new strains a major challenge for cybersecurity. One promising approach to this problem is using machine learning techniques that extract representative features and train classification models to detect malware in an early stage. However, training such machine learning-based malware detection models represents a significant challenge that requires a large number of high-quality labeled data samples while it is very costly to obtain them in real-world scenarios. In other words, training machine learning models for malware detection requires the capability to learn from only a few labeled examples. To address …

Classification And Analysis Of Android Malware Images Using Feature Fusion Technique, Jaiteg Singh, Deepak Thakur, Tanya Gera, Babar Shah, Tamer Abuhmed, Farman Ali

All Works

The super packed functionalities and artificial intelligence (AI)-powered applications have made the Android operating system a big player in the market. Android smartphones have become an integral part of life and users are reliant on their smart devices for making calls, sending text messages, navigation, games, and financial transactions to name a few. This evolution of the smartphone community has opened new horizons for malware developers. As malware variants are growing at a tremendous rate every year, there is an urgent need to combat against stealth malware techniques. This paper proposes a visualization and machine learning-based framework for classifying Android …

The Empirical Study Of The Factors That Influence Threat Avoidance Behavior In Ransomware Security Incidents, Heriberto Aurelio Acosta Maestre

CCE Theses and Dissertations

Ransomware security incidents have become one of the biggest threats to general computer users who are oblivious to the ease of infection, severity, and cost of the damage it causes. University networks and their students are susceptible to ransomware security incidents. College students have vast technical skills and knowledge, however they risk ransomware security incidents because of their lack of mitigating actions to the threats and the belief that it would not happen to them. Interaction with peers may play a part in college students’ perception of the threats and behavior to secure their computers. Identifying what influences students’ threat …

Malware Classification With Gaussian Mixture Model-Hidden Markov Models, Jing Zhao

Master's Projects

Discrete hidden Markov models (HMM) are often applied to the malware detection and classification problems. However, the continuous analog of discrete HMMs, that is, Gaussian mixture model-HMMs (GMM-HMM), are rarely considered in the field of cybersecurity. In this study, we apply GMM-HMMs to the malware classification problem and we compare our results to those obtained using discrete HMMs. As features, we consider opcode sequences and entropy-based sequences. For our opcode features, GMM-HMMs produce results that are comparable to those obtained using discrete HMMs, whereas for our entropy-based features, GMM-HMMs generally improve on the classification results that we can attain with …

Rethinking The Weakness Of Stream Ciphers And Its Application To Encrypted Malware Detection, William Stone, Daeyoung Kim, Victor Youdom Kemmoe, Mingon Kang, Junggab Son

Computer Science Faculty Research

One critical vulnerability of stream ciphers is the reuse of an encryption key. Since most stream ciphers consist of only a key scheduling algorithm and an Exclusive OR (XOR) operation, an adversary may break the cipher by XORing two captured ciphertexts generated under the same key. Various cryptanalysis techniques based on this property have been introduced in order to recover plaintexts or encryption keys; in contrast, this research reinterprets the vulnerability as a method of detecting stream ciphers from the ciphertexts it generates. Patterns found in the values (characters) expressed across the bytes of a ciphertext make the ciphertext distinguishable …

A Performance-Sensitive Malware Detection System Using Deep Learning On Mobile Devices, Ruitao Feng, Sen Chen, Xiaofei Xie, Guozhu Meng, Shang-Wei Lin, Yang Liu

Research Collection School Of Computing and Information Systems

Currently, Android malware detection is mostly performed on server side against the increasing number of malware. Powerful computing resource provides more exhaustive protection for app markets than maintaining detection by a single user. However, apart from the applications (apps) provided by the official market (i.e., Google Play Store), apps from unofficial markets and third-party resources are always causing serious security threats to end-users. Meanwhile, it is a time-consuming task if the app is downloaded first and then uploaded to the server side for detection, because the network transmission has a lot of overhead. In addition, the uploading process also suffers …

Understanding Android Voip Security: A System-Level Vulnerability Assessment, En He, Daoyuan Wu, Robert H. Deng

Research Collection School Of Computing and Information Systems

VoIP is a class of new technologies that deliver voice calls over the packet-switched networks, which surpasses the legacy circuit-switched telecom telephony. Android provides the native support of VoIP, including the recent VoLTE and VoWiFi standards. While prior works have analyzed the weaknesses of VoIP network infrastructure and the privacy concerns of third-party VoIP apps, no efforts were attempted to investigate the (in)security of Android’s VoIP integration at the system level. In this paper, we first demystify Android VoIP’s protocol stack and all its four attack surfaces. We then propose a novel vulnerability assessment approach that assembles on-device Intent/API fuzzing, …

Cyber Security’S Influence On Modern Society, Nicholas Vallarelli

Honors College Theses

The world of cyber security is evolving every day, and cyber-criminals are trying to take advantage of it to gain as much money and power as possible. As the Internet continues to grow, more people around the world join the Internet. The purpose of this is to see how much of an importance cyber security has and how cyber-criminals are able to utilize the cyberworld for their own personal gain. Research has been done on how the cyberworld got where it is today. Additionally, individual research has been done in an effort to learn how to hack. A hack lab …

Advanced Techniques To Detect Complex Android Malware, Zhiqiang Li

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

Android is currently the most popular operating system for mobile devices in the world. However, its openness is the main reason for the majority of malware to be targeting Android devices. Various approaches have been developed to detect malware.

Unfortunately, new breeds of malware utilize sophisticated techniques to defeat malware detectors. For example, to defeat signature-based detectors, malware authors change the malware’s signatures to avoid detection. As such, a more effective approach to detect malware is by leveraging malware’s behavioral characteristics. However, if a behavior-based detector is based on static analysis, its reported results may contain a large number of …

Automated Extraction Of Network Activity From Memory Resident Code, Austin Nicholas Sellers

LSU Master's Theses

Advancements in malware development, including the use of file-less and memory-only payloads, have led to a significant interest in the use of volatile memory analysis by digital forensics practitioners. Memory analysis can uncover a wealth of information not available via traditional analysis, such as the discovery of injected code, hooked APIs, and more. Unfortunately, the process of analyzing such malicious code is largely left to analysts who must manually reverse engineer the code to discover its intent. This task is not only slow and error-prone, but is also generally left only to senior-level analysts to perform, given that significant reverse …