The threat actors continuously evolve their tactics and techniques in a novel form to evade traditional security solutions. Fileless malware attacks are one such advancement, which operates directly within system memory, leaving no footprint on the disk, so became challenging to detect. Meanwhile, the current state-of-the-art approaches detect fileless attacks at the final (post-infection) stage, although, detecting attacks at an early-stage is crucial to prevent potential damage and data breaches. In this work, we propose an early-stage detection system named Argus to detect fileless malware at early-stage. Argus extracts key features from acquired memory dumps of suspicious processes in real-time and generates explained features. It then correlates the explained features with the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework to identify fileless malware attacks before their operational stage. The experimental results show that Argus could successfully identify, 4356 fileless malware samples (out of 5026 samples) during the operational stage. Specifically, 2978 samples are detected in the pre-operational phase, while 1378 samples are detected in the operational phase.

The exponential growth of e-commerce and digital payment systems has brought significant convenience to users. Meanwhile, it has also led to a surge in fraudulent activities in online transactions. Existing fraud detection mechanisms often lack critical features like real-time alerts, transaction history, dynamic updates, fraud scoring, and continuous monitoring, all of which are vital for building an effective fraud detection system. This work proposes Fedshield, a decentralized, federated learning-based fraud detection system that ensures trust among participants while preserving data privacy in fintech environments. Fedshield used open source high performance computing (OpenMPI) library to manage model synchronization and real-time fraud detection. To handle dynamic shifts in transaction patterns, we introduce a moving time frame approach that keeps the risk prediction model resilient to evolving fraud tactics. Experimental results demonstrate that Fedshield surpasses existing state-of-the-art methods, achieving an impressive F1-score of 0.9903 using newly engineered features. A dashboard is designed with Django and integrated via a Flask API, enabling efficient data flow management, while SQLite is used to store transaction history. This dashboard supports real-time monitoring of suspicious activities and provides instant alerts to both users and issuing banks.

Ransomware attacks disrupt and disable systems, demanding a ransom from the victim to restore functionality. Most of the state-of-the-art approaches focus on analyzing their behaviour at the post-infection, to identify ransomware and therefore, fails to detect at the early stage. This work proposes a ransomware detection mechanism named Weapon, to identify the threat at the pre-operational stage in Android system. Weapon extracts the key features from the behavioural characteristics (permissions and API calls) of the APK file and generates semantic features. Consequently, the MITRE ATT&CK framework is used to correlate with the semantic features to detect ransomware before its operational stage efficiently. The experimental results demonstrate that our approach could successfully identify 89.82% ransomware samples at the pre-operational stage.

In the era of Industry 5.0, there has been tremendous usage of android platforms in several handheld and mobile devices. The openness of the android platform makes it vulnerable for critical malware attacks. Meanwhile, there is also dramatic advancement in malware obfuscation and evading strategies. This leads to failure of traditional malware detection methods. Recently, machine learning techniques have shown promising outcome for malware detection. But past works utilizing machine learning algorithms suffer from several challenges such as inadequate feature extraction, dependency on hand-crafted features, and many more. Thus, existing machine learning approaches are inefficient in detecting sophisticated malware, thus require further enhancement. In this paper, we extract behavioural characteristics of system calls and dynamic API features using our proposed multimodal deep learning model (MDLDroid). Our model extracts system call features using LSTM layers and extracts dynamic API features using CNN. Further, both the features are fused in a vector space which is finally classified for benign and malign categories. Comparison with several state-of-the-art approaches on two dataset shows a significant improvement of 4–12% by the metric accuracy.

The widespread adoption of Android OS in recent years is due to its openness and flexibility. Consequently, the Android OS continues to be a prime target for serious malware attacks. Traditional malware detection methods are ineffective as Android malware use sophisticated obfuscation and adapt to the anti-virus defenses. In this paper, we present a multimodal deep learning framework, for unseen Android malware detection, called SHIELD, which employs Markov image of opcodes and dynamic APIs. SHIELD uses multimodal autoencoder (MAE) technique, which cuts down the dependency on feature engineering and automatically discovers the relevant features for malware detection. We validate our approach of unseen malware detection using the CICandMal2020 and AMD benchmarks datasets while achieving detection rates of 94% and 87%, respectively. Further, we created 500 obfuscated backdoor applications to evaluate the effectiveness of SHIELD with respect to other existing mobile anti-malware programs. Existing anti-malware programs fail to detect obfuscated backdoor, while SHIELD successfully flagged the obfuscated backdoor as a malicious application. SHIELD exhibits state-of-the-art performance for traditional malware detection, with an accuracy of 99.52%.

The popularity of the Android operating system has been rising ever since its initial release in 2008. This is due to two major reasons. The first is that Android is open-source, due to which a lot of mobile manufacturing companies use some form of modified Android OS for their devices. The second reason is that a wide variety of applications with different designs and utility can be built with ease for Android devices. With this much popularity, gaining unwanted attention of cybercriminals is inevitable. Hence, there has been a huge rise in the number of malware being developed for Android devices. To address this problem, we present ADAM (Automatic Detection of Android Malware), an Android application that uses machine learning (ML) for automatic detection of malware in Android applications. ADAM is trained with CICMalDroid 2020 Android Malware dataset and tested for both CICMalDroid 2020 and CICMalDroid 2017 dataset. The experiment analysis showed that it achieves more than 98.5% accuracy. ADAM considers only static analysis, so becomes easy to deploy in smart phone to alert the user. ADAM is deployed over android mobile phone.

Malware is overgrowing, causing severe loss to different institutions. The existing techniques, like static and dynamic analysis, fail to mitigate newly generated malware. Also, the signature, behavior, and anomaly-based defense mechanisms are susceptible to obfuscation and polymorphism attacks. With machine learning in practice, several authors proposed different classification and visualization techniques for malware detection. Images have proved worth analyzing the behavior of malware. Deep neural networks extract much information from it without having expert domain knowledge. On the other hand, the scarcity of diverse malware data available with clients, and their privacy concerns about sharing data with a centralized curator makes it challenging to build a more reliable model. This paper proposes a lightweight Convolution Neural Network (CNN) based model extracting relevant features using call graph, n-gram, and image transformations. Further, Auxiliary Classifier Generative Adversarial Network (AC-GAN) is used for generating unseen data for training purposes. The model is extended for federated setup to build an effective malware detection system. We have used the Microsoft malware dataset for training and evaluation. The result shows that the federated approach achieves the accuracy closer to centralized training while preserving data privacy at an individual organization.