A Survey on Malware Analysis Techniques: Static, Dynamic, Hybrid and Memory Analysis

Now a day the threat of malware is increasing rapidly. A software that sneaks to your computer system without your knowledge with a harmful intent to disrupt your computer operations. Due to the vast number of malware, it is impossible to handle malware by human engineers. Therefore, security researchers are taking great efforts to develop accurate and effective techniques to detect malware. This paper presents a semantic and detailed survey of methods used for malware detection like signature-based and heuristic-based. The Signature-based technique is largely used today by anti-virus software to detect malware, is fast and capable to detect known malware. However, it is not effective in detecting zero-day malware and it is easily defeated by malware that use obfuscation techniques. Likewise, a considerable false positive rate and high amount of scanning time are the main limitations of heuristic-based techniques. Alternatively, memory analysis is a promising technique that gives a comprehensive view of malware and it is expected to become more popular in malware analysis. The main contributions of this paper are: (1) providing an overview of malware types and malware detection approaches, (2) discussing the current malware analysis techniques, their findings and limitations, (3) studying the malware obfuscation, attacking and anti-analysis techniques, and (4) exploring the structure of memory-based analysis in malware detection. The detection approaches have been compared with each other according to their techniques, selected features, accuracy rates, and their advantages and disadvantages. This paper aims to help the researchers to have a general view of malware detection field and to discuss the importance of memory-based analysis in malware detection

Gait Recognition based on Inverse Fast Fourier Transform Gaussian and Enhancement Histogram Oriented of Gradient

Gait recognition using the energy image representation of the average silhouette image in one complete cycle becomes a baseline in model-free approaches research. Nevertheless, gait is sensitive to any changes. Up to date in the area of feature extraction, image feature representation method based on the spatial gradient is still lacking in efficiency especially for the covariate case like carrying bag and wearing a coat. Although the use of Histogram of orientation Gradient (HOG) in pedestrian detection is the most effective method, its accuracy is still considered low after testing on covariate dataset. Thus this research proposed a combination of frequency and spatial features based on Inverse Fast Fourier Transform and Histogram of Oriented Gradient (IFFTG-HoG) for gait recognition. It consists of three phases, namely image processing phase, feature extraction phase in the production of a new image representation and the classification. The first phase comprises image binarization process and energy image generation using gait average image in one cycle. In the second phase, the IFFTG-HoG method is used as a features gait extraction after generating energy image. Here, the IFFTG-HoG method has also been improved by using Chebyshev distance to calculate the magnitude of the gradient to increase the rate of recognition accuracy. Lastly, K-Nearest Neighbour (k=NN) classifier with K=1 is employed for individual classification in the third phase. A total of 124 people from CASIA B dataset were tested using the proposed IFTG-HoG method. It performed better in gait individual classification as the value of average accuracy for the standard dataset 96.7%, 93.1% and 99.6%compared to HoG method by 94.1%, 85.9% and 96.2% in order. With similar motivation, we tested on Rempit datasets to recognize motorcycle rider anomaly event and our proposed method also outperforms Dalal Method

HYBRID AND HOLISTIC APPROACHES FOR TRACKING AND ANALYSIS OF COMPUTER MEMORY

This research focused on the Computer Forensic with the aim to capture as much as possible the objects from the computer memory (RAM) image. In the past. the Digital Forensic Analyst only stressed on the analysis of the non-volatile drive such as hard drive. USB thumb drive and CD. Although these devices provide the platform to find the evidence in the computer equipment. it provides limited information especially in cases where the computer is being used for criminal purposes. Moreover. the past works on the computer memory only applied for mal ware analysis such as study on its behavior and capturing the virus signature. Nevertheless. with the improvement and advancement in computer technology and the introduction of Cloud Computing. computer memory has become the principal focus in obtaining the information since all the data is stored there before being processed by the CPU

HYBRID AND HOLISTIC APPROACHES FOR TRACKING AND ANALYSIS OF COMPUTER MEMORY

This research focused on the Computer Forensic with the aim to capture as much as possible the objects from the computer memory (RAM) image. In the past. the Digital Forensic Analyst only stressed on the analysis of the non-volatile drive such as hard drive. USB thumb drive and CD. Although these devices provide the platform to find the evidence in the computer equipment. it provides limited information especially in cases where the computer is being used for criminal purposes. Moreover. the past works on the computer memory only applied for mal ware analysis such as study on its behavior and capturing the virus signature. Nevertheless. with the improvement and advancement in computer technology and the introduction of Cloud Computing. computer memory has become the principal focus in obtaining the information since all the data is stored there before being processed by the CPU

Network security framework for Internet of medical things applications: A survey

Limited device resources and an ever-changing cybersecurity landscape compound the challenges faced by the network protection infrastructure for Internet of medical things (IoMT) applications, which include different device ecosystems, privacy concerns, and problems with interoperability. Protecting private medical information in IoMT apps is challenging; a comprehensive strategy that provides user education, standard protocols, and robust security mechanisms is necessary to overcome these obstacles. With the advancement of IoMT, the network of clinical systems, gadgets, and sensors is integrated with the Internet of things (IoT) to enable intelligent healthcare solutions. However, the sensitive data sharing and the substantial connections in the IoMT systems raise security and privacy concerns in the network. Therefore, network security is critical in IoMT applications due to data breaches, vulnerabilities, and distributed denial of service attacks on medical data. This study reviews the network security techniques implemented in the existing studies for IoMT applications using machine learning and blockchain technology. This study presents an overview of IoMT healthcare applications by highlighting the security challenges encountered and the necessity of adopting advanced techniques to deal with complex threats. The research is mainly about how deep reinforcement learning (DRL), commonly used for intrusion detection, access control, and anomaly detection, works over time and how it can be used in IoMT applications. With the notion of providing robust security in IoMT applications, this study appraises the benefits of blockchain technology, such as data integrity, accountability, and confidentiality. Besides, this study addresses the limitations and challenges of various security techniques that IoMT systems employ. This work assesses the findings, research gaps, and future advancements for enhancing network security in IoMT applications. With an extensive analysis of existing research, this survey guides researchers, medical practitioners, and decision-makers to scale up the DRL and blockchain in IoMT systems more efficiently in the future

An Analysis of the KDD99 and UNSW-NB15 Datasets for the Intrusion Detection System

The significant increase in technology development over the internet makes network security a crucial issue. An intrusion detection system (IDS) shall be introduced to protect the networks from various attacks. Even with the increased amount of works in the IDS research, there is a lack of studies that analyze the available IDS datasets. Therefore, this study presents a comprehensive analysis of the relevance of the features in the KDD99 and UNSW-NB15 datasets. Three methods were employed: a rough-set theory (RST), a back-propagation neural network (BPNN), and a discrete variant of the cuttlefish algorithm (D-CFA). First, the dependency ratio between the features and the classes was calculated, using the RST. Second, each feature in the datasets became an input for the BPNN, to measure their ability for a classification task concerning each class. Third, a feature-selection process was carried out over multiple runs, to indicate the frequency of the selection of each feature. From the result, it indicated that some features in the KDD99 dataset could be used to achieve a classification accuracy above 84%. Moreover, a few features in both datasets were found to give a high contribution to increasing the classification’s performance. These features were present in a combination of features that resulted in high accuracy; the features were also frequently selected during the feature selection process. The findings of this study are anticipated to help the cybersecurity academics in creating a lightweight and accurate IDS model with a smaller number of features for the developing technologies

A Geospatial Drug Abuse Risk Assessment and Monitoring Dashboard Tailored for School Students: Development Study With Requirement Analysis and Acceptance Evaluation

BackgroundThe enormous consequences of drugs include suicides, traffic accidents, and violence, affecting the individual, family, society, and country. Therefore, it is necessary to constantly identify and monitor the drug abuse rate among school-going youth. A geospatial dashboard is vital for the monitoring of drug abuse and related crime incidence in a decision support system. ObjectiveThis paper mainly focuses on developing MyAsriGeo, a geospatial drug abuse risk assessment and monitoring dashboard tailored for school students. It introduces innovative functionality, seamlessly orchestrating the assessment of drug abuse usage patterns and risks using multivariate student data. MethodsA geospatial drug abuse dashboard for monitoring and analysis was designed and developed in this study based on agile methodology and prototyping. Using focus group and interviews, we first examined and gathered the requirements, feedback, and user approval of the MyAsriGeo dashboard. Experts and stakeholders such as the National Anti-Drugs Agency, police, the Federal Department of Town and Country Planning, school instructors, students, and researchers were among those who responded. A total of 20 specialists were involved in the requirement analysis and acceptance evaluation of the pilot and final version of the dashboard. The evaluation sought to identify various user acceptance aspects, such as ease of use and usefulness, for both the pilot and final versions, and 2 additional factors based on the Post-Study System Usability Questionnaire and Task-Technology Fit models were enlisted to assess the interface quality and dashboard sufficiency for the final version. ResultsThe MyAsriGeo geospatial dashboard was designed to meet the needs of all user types, as identified through a requirement gathering process. It includes several key functions, such as a geospatial map that shows the locations of high-risk areas for drug abuse, data on drug abuse among students, tools for assessing the risk of drug abuse in different areas, demographic information, and a self-problem test. It also includes the Alcohol, Smoking, and Substance Involvement Screening Test and its risk assessment to help users understand and interpret the results of student risk. The initial prototype and final version of the dashboard were evaluated by 20 experts, which revealed a significant improvement in the ease of use (P=.047) and usefulness (P=.02) factors and showed a high acceptance mean scores for ease of use (4.2), usefulness (4.46), interface quality (4.29), and sufficiency (4.13). ConclusionsThe MyAsriGeo geospatial dashboard is useful for monitoring and analyzing drug abuse among school-going youth in Malaysia. It was developed based on the needs of various stakeholders and includes a range of functions. The dashboard was evaluated by a group of experts. Overall, the MyAsriGeo geospatial dashboard is a valuable resource for helping stakeholders understand and respond to the issue of drug abuse among youth