Umme Zahoora

Asifullah Khan, Aimen Wadood, Mubashar Iqbal et al.

Ransomware has become one of the most serious cybersecurity threats causing major financial losses and operational disruptions worldwide.Traditional detection methods such as static analysis, heuristic scanning and behavioral analysis often fall short when used alone. To address these limitations, this paper presents multimodal multi agent ransomware analysis framework designed for ransomware classification. Proposed multimodal multiagent architecture combines information from static, dynamic and network sources. Each data type is handled by specialized agent that uses auto encoder based feature extraction. These representations are then integrated through a fusion agent. After that fused representation are used by transformer based classifier. It identifies the specific ransomware family. The agents interact through an interagent feedback mechanism that iteratively refines feature representations by suppressing low confidence information. The framework was evaluated on large scale datasets containing thousands of ransomware and benign samples. Multiple experiments were conducted on ransomware dataset. It outperforms single modality and nonadaptive fusion baseline achieving improvement of up to 0.936 in Macro-F1 for family classification and reducing calibration error. Over 100 epochs, the agentic feedback loop displays a stable monotonic convergence leading to over +0.75 absolute improvement in terms of agent quality and a final composite score of around 0.88 without fine tuning of the language models. Zeroday ransomware detection remains family dependent on polymorphism and modality disruptions. Confidence aware abstention enables reliable real world deployment by favoring conservativeand trustworthy decisions over forced classification. The findings indicate that proposed approach provides a practical andeffective path toward improving real world ransomware defense systems.

Muhammad Asam, Saddam Hussain Khan, Tauseef Jamal et al.

Malicious activities in cyberspace have gone further than simply hacking machines and spreading viruses. It has become a challenge for a nations survival and hence has evolved to cyber warfare. Malware is a key component of cyber-crime, and its analysis is the first line of defence against attack. This work proposes a novel deep boosted hybrid learning-based malware classification framework and named as Deep boosted Feature Space-based Malware classification (DFS-MC). In the proposed framework, the discrimination power is enhanced by fusing the feature spaces of the best performing customized CNN architectures models and its discrimination by an SVM for classification. The discrimination capacity of the proposed classification framework is assessed by comparing it against the standard customized CNNs. The customized CNN models are implemented in two ways: softmax classifier and deep hybrid learning-based malware classification. In the hybrid learning, Deep features are extracted from customized CNN architectures and fed into the conventional machine learning classifier to improve the classification performance. We also introduced the concept of transfer learning in a customized CNN architecture based malware classification framework through fine-tuning. The performance of the proposed malware classification approaches are validated on the MalImg malware dataset using the hold-out cross-validation technique. Experimental comparisons were conducted by employing innovative, customized CNN, trained from scratch and fine-tuning the customized CNN using transfer learning. The proposed classification framework DFS-MC showed improved results, Accuracy: 98.61%, F-score: 0.96, Precision: 0.96, and Recall: 0.96.

Arslan Ashraf, Abdul Aziz, Umme Zahoora et al.

Detection and analysis of a potential malware specifically, used for ransom is a challenging task. Recently, intruders are utilizing advanced cryptographic techniques to get hold of digital assets and then demand a ransom. It is believed that generally, the files comprise of some attributes, states, and patterns that can be recognized by a machine learning technique. This work thus focuses on the detection of Ransomware by performing feature engineering, which helps in analyzing vital attributes and behaviors of the malware. The main contribution of this work is the identification of important and distinct characteristics of Ransomware that can help in detecting them. Finally, based on the selected features, both conventional machine learning techniques and Transfer Learning based Deep Convolutional Neural Networks have been used to detect Ransomware. In order to perform feature engineering and analysis, two separate datasets (static and dynamic) were generated. The static dataset has 3646 samples (1700 Ransomware and 1946 Goodware). On the other hand, the dynamic dataset comprised of 3444 samples (1455 Ransomware and 1989 Goodware). Through various experiments, it is observed that the Registry changes, API calls, and DLLs are the most important features for Ransomware detection. Additionally, important sequences are found with the help of the N-Gram technique. It is also observed that in the case of Registry Delete operation, if a malicious file tries to delete registries, it follows a specific and repeated sequence. However, for the benign file, it doesnt follow any specific sequence or repetition. Similarly, an interesting observation made through this study is that there is no common Registry deleted sequence between malicious and benign files. And thus this discernible fact can be readily exploited for Ransomware detection.

Asifullah Khan, Anabia Sohail, Umme Zahoora et al.

Deep Convolutional Neural Network (CNN) is a special type of Neural Networks, which has shown exemplary performance on several competitions related to Computer Vision and Image Processing. Some of the exciting application areas of CNN include Image Classification and Segmentation, Object Detection, Video Processing, Natural Language Processing, and Speech Recognition. The powerful learning ability of deep CNN is primarily due to the use of multiple feature extraction stages that can automatically learn representations from the data. The availability of a large amount of data and improvement in the hardware technology has accelerated the research in CNNs, and recently interesting deep CNN architectures have been reported. Several inspiring ideas to bring advancements in CNNs have been explored, such as the use of different activation and loss functions, parameter optimization, regularization, and architectural innovations. However, the significant improvement in the representational capacity of the deep CNN is achieved through architectural innovations. Notably, the ideas of exploiting spatial and channel information, depth and width of architecture, and multi-path information processing have gained substantial attention. Similarly, the idea of using a block of layers as a structural unit is also gaining popularity. This survey thus focuses on the intrinsic taxonomy present in the recently reported deep CNN architectures and, consequently, classifies the recent innovations in CNN architectures into seven different categories. These seven categories are based on spatial exploitation, depth, multi-path, width, feature-map exploitation, channel boosting, and attention. Additionally, the elementary understanding of CNN components, current challenges, and applications of CNN are also provided.