NetSecBed: A Container-Native Testbed for Reproducible Cybersecurity Experimentation

Cybersecurity research increasingly depends on reproducible evidence, such as traffic traces, logs, and labeled datasets, yet most public datasets remain static and offer limited support for controlled re-execution and traceability, especially in heterogeneous multi-protocol environments. This...

Context-Aware Phishing Email Detection Using Machine Learning and NLP

Phishing attacks remain among the most prevalent cybersecurity threats, causing significant financial losses for individuals and organizations worldwide. This paper presents a machine learning-based phishing email detection system that analyzes email body content using natural language processing...

MH-1M: A 1.34 Million-Sample Comprehensive Multi-Feature Android Malware Dataset for Machine Learning, Deep Learning, Large Language Models, and Threat Intelligence Research

We present MH-1M, one of the most comprehensive and up-to-date datasets for advanced Android malware research. The dataset comprises 1,340,515 applications, encompassing a wide range of features and extensive metadata. To ensure accurate malware classification, we employ the VirusTotal API,...

SAND: A Self-Supervised and Adaptive NAS-Driven Framework for Hardware Trojan Detection

The globalized semiconductor supply chain has made Hardware Trojans HT a significant security threat to embedded systems, necessitating the design of efficient and adaptable detection mechanisms. Despite promising machine learning-based HT detection techniques in the literature, they suffer from ...

EUVD-2015-2202

Malware in sbrugna...

Feature-Centric Approaches to Android Malware Analysis: a Survey

Sophisticated malware families exploit the openness of the Android platform to infiltrate IoT networks, enabling large-scale disruption, data exfiltration, and denial-of-service attacks. This systematic literature review SLR examines cutting-edge approaches to Android malware analysis with direct...

Quantum AI Algorithm Development for Enhanced Cybersecurity: a Hybrid Approach to Malware Detection

This study explores the application of quantum machine learning QML algorithms to enhance cybersecurity threat detection, particularly in the classification of malware and intrusion detection within high-dimensional datasets. Classical machine learning approaches encounter limitations when dealin...

Evaluating Diverse Feature Extraction Techniques of Multifaceted IoT Malware Analysis: a Survey

As IoT devices continue to proliferate, their reliability is increasingly constrained by security concerns. In response, researchers have developed diverse malware analysis techniques to detect and classify IoT malware. These techniques typically rely on extracting features at different levels fr...

MambaITD: an Efficient Cross-Modal Mamba Network for Insider Threat Detection

Enterprises are facing increasing risks of insider threats, while existing detection methods are unable to effectively address these challenges due to reasons such as insufficient temporal dynamic feature modeling, computational efficiency and real-time bottlenecks and cross-modal information...

PotentRegion4MalDetect: Advanced Features from Potential Malicious Regions for Malware Detection

Malware developers exploit the fact that most detection models focus on the entire binary to extract the feature rather than on the regions of potential maliciousness. Therefore, they reverse engineer a benign binary and inject malicious code into it. This obfuscation technique circumvents the...

OpCode-Based Malware Classification Using Machine Learning and Deep Learning Techniques

This technical report presents a comprehensive analysis of malware classification using OpCode sequences. Two distinct approaches are evaluated: traditional machine learning using n-gram analysis with Support Vector Machine SVM, K-Nearest Neighbors KNN, and Decision Tree classifiers; and a deep...

graduation_design

This is a Python script for a web intrusion detection system using machine learning. The script uses the scikit-learn library to implement a supervised learning approach. It collects and preprocesses normal requests and attack payloads, and uses a Support Vector Machine SVM to classify new reques...

PEpper - An Open Source Script To Perform Malware Static Analysis On Portable Executable

An open source tool to perform malware static analysis on P ortable E xecutable Installation eva@paradise:$ git clone https://github.com/Th3Hurrican3/PEpper/ eva@paradise:$ cd PEpper eva@paradise:$ pip3 install -r requirements.txt eva@paradise:$ python3 pepper.py ./malwaredir Screenshot...

Clustering App Attacks with Machine Learning Part 2: Calculating Distance

In our previous post in this series we discussed our motivation to cluster attacks on apps, the data we used and how we enriched it by extracting more meaningful features out of the raw data. We talked about the many features that can be extracted from IP and URL. In this blog post we’ll discuss...

Revoke-Obfuscation - PowerShell Obfuscation Detection Framework

Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework. Authors Daniel Bohannon @danielhbohannon Lee Holmes @LeeHomes Research Blog Post: https://www.fireeye.com/blog/threat-research/2017/07/revoke-obfuscation-powershell.html White Paper:...

PowerShell Obfuscation Detection Framework: Revoke-Obfuscation

Revoke-Obfuscation is an open-source PowerShell v3.0+ framework for detecting obfuscated PowerShell commands and scripts at scale. It relies on PowerShell’s AST Abstract Syntax Tree to rapidly extract thousands of features from any input PowerShell script and compare this feature vector against o...

An Analytical Framework for Network Data: Flare

An Analytical Framework for Network Data Flare is a network analytic framework designed for data scientists, security researchers, and network professionals. Written in Python, it is designed for rapid prototyping and development of behavioral analytics, and intended to make identifying malicious...

Agilent Technologies Feature Extraction AnnotationX.AnnList.1 ActiveX Control Arbitrary Code Execution Vulnerability

Agilent Technologies Feature Extraction is a set of feature extraction software for automatically reading and processing image files from multiple original chips from Agilent Technologies. A security vulnerability exists in Agilent Technologies Feature Extraction's AnnotationX.AnnList.1 ActiveX...

CVE-2015-2092

The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies Feature Extraction allows remote attackers to execute arbitrary code via a crafted object parameter in the Insert function, related to "Index Out-Of-Bounds."...

Out-of-bounds

The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies Feature Extraction allows remote attackers to execute arbitrary code via a crafted object parameter in the Insert function, related to "Index Out-Of-Bounds."...