The rapid growth of Internet-of-Things (IoT) deployments has substantially expanded the attack surface of modern cyber-physical systems, making accurate and computationally feasible malware detection essential for enterprise and industrial environments. This study presents a large-scale, systematic comparison of 27 machine learning (ML) and 18 deep learning (DL) models for IoT malware detection across eight major malware categories: Trojan, Botnet, Ransomware, Rootkit, Worm, Spyware, Keylogger, and Virus. A realistic dataset was constructed using 50,000 executable samples collected from the Any.Run platform, including 8000 malware instances (1000 per class) and 42,000 benign samples. Each sample was executed in a sandbox to extract detailed static and behavioral telemetry. A targeted feature-selection pipeline reduced the feature space to 47 diagnostic features spanning static properties, behavioral indicators, process/file/registry activity, debug signals, and network telemetry, yielding a compact representation suitable for malware detection in IoT settings. Experimental results demonstrate that ensemble tree-based ML models consistently dominate performance on the engineered tabular feature set as 7 of the top 10 models are ML, with CatBoost and LightGBM achieving near-ceiling accuracy and low false-positive rates. Per-malware analysis further shows that optimal model choice depends on malware behavior. CatBoost is best for Trojan/Spyware, LightGBM for Botnet, XGBoost for Worm, Extra Trees for Rootkit, and Random Forest for Keylogger, while DL models are competitive only for specific categories, with TabNet performing best for Ransomware and FT-Transformer for Virus. In addition, an end-to-end computational time analysis across all 45 models reveals a clear efficiency advantage for boosted tree ensembles relative to most DL architectures, supporting deployment feasibility on commodity CPU hardware. Overall, the study provides actionable guidance for designing adaptive IoT malware detection frameworks, recommending gradient-boosted ensemble ML models as the primary deployment choice, with selective DL models only when category-specific gains justify additional computational cost.
The process of developing and evolving the firmware in today's computers has reached a stage where it may be successfully attacked in some situations, and in the scope of these attacks, there is also the installation of additional codes and spyware on it. Meanwhile, there is no comprehensive method to notify the user or server administrator about this type of attack. In this paper we will introduce a workaround that covers the recognition of such attacks on almost all systems based on the 'x86' architecture, according to the structure of SPI flash provided for them and the idea of FWH from its first generation to today's designs. To test this solution and to make it more accessible to researchers and enthusiasts, we have also produced the sample code of this method which can be used on real systems and has been placed on GitHub. In this method, which is called BIOSIC, the correctness of the executable code of the firmware is evaluated based on OEM version comparisons, SPI hardware specifications and characteristics of the firmware status control. Compared to other methods, this method brings superiority in recognizing all firmware changes, including unknown spyware attacks, unsuccessful spyware attacks and providing a possibility to prevent them.
In today's digital landscape, organizations face significant challenges, including sensitive data leaks and the proliferation of hate speech, both of which can lead to severe consequences such as financial losses, reputational damage, and psychological impacts on employees. This work considers a comprehensive solution using a microservices architecture to monitor computer usage within organizations effectively. The approach incorporates spyware techniques to capture data from employee computers and a web application for alert management. The system detects data leaks, suspicious behaviors, and hate speech through efficient data capture and predictive modeling. Therefore, this paper presents a comparative performance analysis between Spring Boot and Quarkus, focusing on objective metrics and quantitative statistics. By utilizing recognized tools and benchmarks in the computer science community, the study provides an in-depth understanding of the performance differences between these two platforms. The implementation of Quarkus over Spring Boot demonstrated substantial improvements: memory usage was reduced by up to 80% and CPU usage by 95%, and system uptime decreased by 119%. This solution offers a robust framework for enhancing organizational security and mitigating potential threats through proactive monitoring and predictive analysis while also guiding developers and software architects in making informed technological choices.
Smartphones are an essential part of all aspects of our lives. Socially, politically, and commercially, there is almost complete reliance on smartphones as a communication tool, a source of information, and for entertainment. Rapid developments in the world of information and cyber security have necessitated close attention to the privacy and protection of smartphone data. Spyware detection systems have recently been developed as a promising and encouraging solution for smartphone users' privacy protection. The Android operating system is the most widely used worldwide, making it a significant target for many parties interested in targeting smartphone users' privacy. This paper introduces a novel dataset collected in a realistic environment, obtained through a novel data collection methodology based on a unified activity list. The data are divided into three main classes: the first class represents normal smartphone traffic; the second class represents traffic data for the spyware installation process; finally, the third class represents spyware operation traffic data. The random forest classification algorithm was adopted to validate this dataset and the proposed model. Two methodologies were adopted for data classification: binary-class and multi-class classification. Good results were achieved in terms of accuracy. The overall average accuracy was 79% for the binary-class classification, and 77% for the multi-class classification. In the multi-class approach, the detection accuracy for spyware systems (UMobix, TheWiSPY, MobileSPY, FlexiSPY, and mSPY) was 90%, 83.7%, 69.3%, 69.2%, and 73.4%, respectively; in binary-class classification, the detection accuracy for spyware systems (UMobix, TheWiSPY, MobileSPY, FlexiSPY, and mSPY) was 93.9%, 85.63%, 71%, 72.3%, and 75.96%; respectively.
Spyware products sold to general consumer audiences are a greater threat to those who own Android devices than those who own iPhones. This is a consequence of the Android operating system being more permissive of software functionality, allowing third-party developers greater latitude to build programs of less-restrained capability. Such risks, however, are disproportionately carried by victims of family violence who are significantly threatened by the rise of spyware. This article reflects on the connections between coding choices and personal security risks, and the implications for responding to the use of spyware in the context of family violence.
School nurses access an enormous amount of information through the Internet. Although most avid computer users are savvy to the threat of viruses to the integrity of data, many who surf the Web do not know that their data and the functioning of their computer is at risk to another hidden threat--spyware. This article will describe spyware, why it is a problem, how it is transmitted to a personal or business computer, how to prevent spyware infestation, and how to delete it.
This article examines Israel's surveillance architecture in Gaza as a modality of coercive governance, assessing when and how digitally mediated practices may meet elements of torture under the UN Convention against Torture (UNCAT). The analysis is situated within debates on necropolitics, panopticism, and surveillance. We conduct a doctrinal review of UNCAT Article 1, triangulating NGO investigations, legal filings, and investigative journalism with scholarship on surveillance and trauma. Reported systems-facial-recognition programs, large data-fusion databases, spyware, and persistent aerial surveillance-create conditions of continuous visibility and anticipatory threat. Testimonies and clinical reports describe hypervigilance, sleep disruption, depressive symptoms, and other markers of severe mental suffering, alongside state-actor involvement and asserted purposes (intimidation, coercion, punishment). Corroboration varies by source, but evidence converges on patterned psychological harm linked to surveillance exposure. On the record reviewed, Gaza's surveillance practices plausibly satisfy UNCAT's severity, state-involvement, and purpose elements, with intent inferred from design and deployment patterns; definitive legal determinations rest with competent tribunals. We recommend independent monitoring with unimpeded access, standardized documentation of surveillance-related mental harm, export-control due diligence for military-AI systems, and safeguards against indiscriminate datafication in conflict zones.
Technology-facilitated abuse (TFA) is a significant, harmful phenomenon and emerging trend in intimate partner violence. TFA encompasses a range of behaviours and is facilitated in online spaces (on social media and networking platforms) and through the misuse of everyday technology (e.g. mobile phone misuse, surveillance apps, spyware, surveillance via video cameras and so on). The body of work on TFA in intimate relationships is emerging, and so this scoping review set out to establish what types of abuse, impacts and forms of resistance are reported in current studies. The scoping review examined studies between 2000 and 2020 that focused on TFA within intimate partnerships (adults aged 18+) within the setting of any of these countries: the UK and Ireland, USA, Canada, New Zealand and Australia. The databases MEDLINE, CINAHL and Scopus were searched in December 2020. A total of 22 studies were included in the review. The main findings were that TFA is diverse in its presentation and tactics, but can be typed according to the eight domains of the Duluth Power & Control Wheel. Impacts are not routinely reported across studies but broadly fall into the categories of social, mental health and financial impacts and omnipresence. Similarly, modes of resistance are infrequently reported in studies. In the few studies that described victim/survivor resistance, this was in the context of direct action, access to legal or professional support or in the identification of barriers to resistance.
Women are increasingly at risk of gender-based violence through technology and digital tools. Some digital devices and apps such as GPS location tracking, spyware, mobile phones and social media platforms have become new tools for perpetrators to monitor, harass and abuse victims. However, the nature and impacts of technology on intimate partner violence (IPV) have remained perplexing and ambiguous. Hence, this scoping review was conducted to explore the nature, patterns and consequences of technology-facilitated domestic abuse (TFDA). All journal articles and grey literature exploring the TFDA phenomenon, its nature and impacts on victims and services providers were scanned, and twenty-two papers were included in this scoping review. Overall, findings showed that digital devices, online applications and social media accounts facilitated IPV and exacerbated the consequences of abuse. Yet, many victims and frontline workers found understanding the nature and impacts of TFDA difficult. They faced many challenges addressing this form of abuse. Thus, several strategies are needed to adequately tackle TFDA, including conducting further research on the issue, developing appropriate policy and addressing gender inequality in the online environment.
The World Wide Web services are essential in our daily lives and are available to communities through Uniform Resource Locator (URL). Attackers utilize such means of communication and create malicious URLs to conduct fraudulent activities and deceive others by creating deceptive and misleading websites and domains. Such threats open the doors for many critical attacks such as spams, spyware, phishing, and malware. Therefore, detecting malicious URL is crucially important to prevent the occurrence of many cybercriminal activities. In this study, we examined a set of machine learning (ML) and deep learning (DL) models to detect malicious websites using a dataset comprising 66,506 records of URLs. We engineered three different types of features including lexical-based, network-based and content-based features. To extract the most discriminative features in the dataset, we applied several features selection algorithms, namely, correlation analysis, Analysis of Variance (ANOVA), and chi-square. Finally, we conducted a comparative performance evaluation for several ML and DL models considering set of criteria commonly used to evaluate such models. Results depicted that Naïve Bayes (NB) was the best model for detecting malicious URLs using the applied data with an accuracy of 96%. This research has made contribution to the field by conducting significant features engineering and analysis to identify the best features for malicious URLs predictions, compare different models and achieve a high accuracy using a large new URL dataset.
Perinatal women are at increased risk of intimate partner violence (IPV), associated with psychiatric disorders and partner revictimization. We describe changes that were made, in response to the COVID-19 pandemic, to an in-person randomized controlled study of perinatal women with IPV who had sought mental health treatment in the last year. All phases of the study's in-person delivered computerized protocol were modified for remote delivery. Special attention was given to study participants' privacy and safety, especially with regard to the use of technology. We describe study protocol and consent procedures that were made to accommodate remote delivery of the study. All phases of remote delivery of the study have been implemented successfully and safely. Compared to the first three months of in-person delivery, the first three months of remote recruitment found that more participants were screened (69% vs. 36%) and more were enrolled in the study (13% vs. 8%). To our knowledge, this is the first remote delivered study involving participants with IPV to use the 5-item Danger Assessment and a spyware and stalkerware survey as screening tools. We demonstrate that remote delivery can reduce the risk of compromising the safety and privacy of study participants with IPV.
Malware is a blanket term for Trojan, viruses, spyware, worms, and other files that are purposely created to harm computers, mobile devices, or computer networks. Malware commonly steals, encrypts, damages, and causes a mess in these devices. The growth of malware attacks has a consequence on the growth and attractiveness of mobile features in mobile devices. Most malware research aims to probe the different methods of preventing, analysing, and detecting malware attacks. This paper aims to demonstrate an exhaustive knowledge map of the Android malware by collecting a ten (10) year dataset from the Web of Science database. A bibliometric analysis was employed for analysing articles published between 2010 and 2019. Using the keyword "malware", 5622 articles were retrieved. After scrutinising with the keywords of "Android malware", 1278 articles were then collected. This study provides an overview of the articles, productivity, research area, the Web of Science categories, authors, high-cited articles, institutions, and impact journals examining malware. Research activities are continued by placing terms in the classification of malware detection systems that outline important areas in malware research. From the analysis, it can be concluded that the highest number of publications focusing on malware studies came from the continent of Asia. Additionally, this study discusses the challenges of malware studies in the recent research studies as well as the future direction.
Working in a networked information environment brings new opportunities for getting and sharing information. Regrettably, these benefits of the Internet are challenged by forces that would interfere to satisfy their own profit or malevolent motives. Your networked computer can be infected by viruses, worms, or Trojan horses or infiltrated by spyware, adware, or pop-ups. Without being aware of the dangers and taking precautionary steps, your PC is susceptible to being compromised and your privacy invaded. This column will highlight some of the dangers and offer basic steps for securing your computer and protecting your privacy.
Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.
Malware development has seen diversity in terms of architecture and features. This advancement in the competencies of malware poses a severe threat and opens new research dimensions in malware detection. This study is focused on metamorphic malware, which is the most advanced member of the malware family. It is quite impossible for anti-virus applications using traditional signature-based methods to detect metamorphic malware, which makes it difficult to classify this type of malware accordingly. Recent research literature about malware detection and classification discusses this issue related to malware behavior. The main goal of this paper is to develop a classification method according to malware types by taking into consideration the behavior of malware. We started this research by developing a new dataset containing API calls made on the windows operating system, which represents the behavior of malicious software. The types of malicious malware included in the dataset are Adware, Backdoor, Downloader, Dropper, spyware, Trojan, Virus, and Worm. The classification method used in this study is LSTM (Long Short-Term Memory), which is a widely used classification method in sequential data. The results obtained by the classifier demonstrate accuracy up to 95% with 0.83 $F_1$-score, which is quite satisfactory. We also run our experiments with binary and multi-class malware datasets to show the classification performance of the LSTM model. Another significant contribution of this research paper is the development of a new dataset for Windows operating systems based on API calls. To the best of our knowledge, there is no such dataset available before our research. The availability of our dataset on GitHub facilitates the research community in the domain of malware detection to benefit and make a further contribution to this domain.