SACM - United States of America
Permanent URI for this collectionhttps://drepo.sdl.edu.sa/handle/20.500.14154/9668
Browse
21 results
Search Results
Item Restricted MALWARE CLASSIFICATION VIA BYTECODE VISUALIZATION AND MULTIMODAL DEEP LEARNING(Saudi Digital Library, 2026) مكاوي, صالح; Kenneth, Barner; Michael De. LuciaThe rapid proliferation of Android malware poses a critical threat to mobile security, driven by the open-source nature of the Android ecosystem, broad access to its Software Development Kit (SDK), and the availability of multiple app distribution channels. Traditional detection methods, including signature-based, static, and dynamic analysis, often fail against novel or obfuscated variants that use encryption, packing, and polymorphism to evade detection. This dissertation addresses these limitations through three progressive, interconnected contributions. Contribution I introduces a semantic bytecode-to-image encoding method based on Shannon entropy, computed over sliding windows of Dalvik Executable (DEX) bytecode and mapped to the red and blue channels of an RGB image. This encoding directly exposes obfuscation artifacts in encrypted, packed, and compressed code regions that blind color-mapping approaches cannot distinguish. Evaluated on 184,474 samples from AndroZoo for binary malware classification, the entropy encoder outperforms the MalNet and Classbyte baselines across five state-of-the-art CNN architectures, achieving up to 95.77% accuracy and 98.25% ROC-AUC. Contribution II extends this encoding into a full multiclass framework and dataset, MalVis, by incorporating byte-level N-gram frequency statistics into the green channel. By combining entropy and N-gram signals, MalVis images capture both low-level randomness and high-level structural code patterns. To support the research community, we release the MalVis dataset, the largest publicly available Android malware visualization resource, comprising over 1.3 million labeled RGB images spanning nine malware families and benign samples. To validate that CNN models rely on the proposed encodings rather than spurious image artifacts, we apply Grad-CAM and Grad-CAM++ attention mapping, confirming that model attention consistently aligns with the entropy- and N-gram-encoded channels across all malware classes. Contribution III introduces ViCoMal, a late-fusion multimodal framework that addresses the single point of failure (SPOF) inherent in unimodal approaches. ViCoMal pairs MalVis image-based malware representations with 65 DEX-based contextual features, including 19 novel engineered features consisting of normalized risk scores, binary capability indicators, and rule-based behavioral profiles extracted using static analysis. Five CNN architectures and seven classical machine learning models are trained independently per modality, and their class-probability outputs are combined through eight fusion strategies. To handle a severe 169:1 class imbalance, SMOTE oversampling and class-weighted training are applied jointly. Evaluated under five-fold stratified cross-validation on the full 1.3M ViCoMal dataset, the best ensemble, which averages the predictions of the top three models (Random Forest, ResNet50, and XGBoost), achieves 91.84% accuracy, outperforming the strongest image-only baseline by 3.43 percentage points and the strongest contextual-only baseline by 2.05 percentage points. Together, these contributions establish a scalable, interpretable, and high-performing pipeline for Android malware detection, advancing the state of the art in both malware visualization and multimodal security analysis.12 0Item Embargo Understanding Ransomware and Enhancing Their Detection Using Machine Learning(Saudi Digital Library, 2026) Alzahrani, Saleh; Xiao, YangRansomware attacks have escalated significantly in recent years, causing substantial financial losses and operational disruptions to individuals, organizations, and critical infrastructure worldwide. According to The Chainalysis 2024 Crypto Crime Report, ransomware attacks have imposed increasing financial burdens on victims over recent years. The total value received by ransomware attackers reached $1.1 billion in 2023, representing a significant rise from $567 million in 2022. This trend highlights the evolving threat posed by ransomware as attackers continue to refine their methods. Compared to $220 million in 2019. Despite the proliferation of detection methods, contemporary ransomware continues to evade traditional security measures through increasingly sophisticated evasion techniques. This dissertation addresses critical gaps in ransomware detection research through a investigation that combines in-depth malware analysis, evolutionary tracking, systematic literature review, novel detection methodology, and dataset development. The research begins with a detailed examination of Conti ransomware, one of the most notorious Ransomware-as-a-Service operations that caused approximately $45 million in damages and significantly impacted healthcare systems. Through analysis of leaked source code and controlled environment testing, this study reveals advanced evasion mechanisms including API disguise techniques, anti-hook mechanisms, and multithreaded encryption for rapid file encryption. Building upon this foundation, the research tracks Conti's evolution from its beta version through multiple iterations, categorizing samples into seven distinct versions. This longitudinal analysis demonstrates that modern ransomware success stems from continuous development and delivery practices, with features such as API hashing and runtime API loading being progressively integrated over time. To contextualize these findings within the broader detection landscape, a survey of existing ransomware detection methods was conducted, examining both machine learning and non-machine learning approaches alongside available datasets. This survey identifies critical limitations in current research, specifically that non-machine learning methods fail to identify new samples from known variants, while machine learning approaches suffer from inadequate model design and the absence of comprehensive, standardized datasets. These deficiencies severely limit their effectiveness against emerging ransomware variants. Addressing these identified gaps, this dissertation introduces RansomFormer, a Transformer-based detection model that leverages cross-attention mechanisms to fuse Portable Executable byte data with Application Programming Interface information, including both static imports and dynamic sequence calls. Unlike existing single-feature approaches that ransomware developers can circumvent, RansomFormer's multi-modal architecture achieves exceptional accuracy of 99.25% on static datasets and 99.50% on combined static-dynamic datasets across more than 150 ransomware families. Furthermore, recognizing the fundamental need for comprehensive training data, this dissertation presents RanDS, a rigorously curated dataset comprising a large collection of ransomware samples spanning hundreds of families alongside a substantial set of benign samples, collected and verified over multiple years from an initial corpus of millions of malware files. RanDS includes several processed feature extraction datasets encompassing static raw strings, English strings, imported and exported APIs, demangled APIs, and dynamic behavioral activities, all made publicly available. This dissertation makes contributions to cybersecurity by providing deep insights into modern ransomware operations, demonstrating the importance of evolutionary analysis in understanding threat progression, and delivering both an detection methodology and a foundational dataset that addresses longstanding research limitations in the field.67 0Item Restricted CRITICAL IDEOLOGIES OF CYBER DIPLOMACY FRAMEWORK FOR MANAGING FOREIGN AFFAIRS: A SAUDI ARABIAN CONTEXT(Saudi Digital Library, 2025) Alfaqih, Faisal Ibrahim; Mbaziira, Alex VThe rapid advancement of technology has facilitated globalization and interconnectedness, but it has also increased vulnerabilities to cyber threats, affecting businesses, governments, and international relations. Despite significant investments in cybersecurity, Saudi Arabia faces persistent cyber risks, particularly in critical sectors such as energy, finance, and defense, exacerbated by geopolitical tensions and state-sponsored cyberattacks. This study addresses the gap in Saudi Arabia’s foreign affairs strategy by examining the role of cyber diplomacy in enhancing cybersecurity governance and international cooperation. The purpose of this qualitative case study is to explore the relevance, challenges, and priority areas for implementing cyber diplomacy in Saudi Arabia. Guided by security theory, the research answers three key questions: (1) What is cyber diplomacy's relevance in promoting national interests? (2) What challenges hinder its establishment across partner states? (3) What are the priority areas for developing cyber diplomacy in Saudi Arabia? Interviews with 12 cybersecurity professionals from the Ministry of Foreign Affairs (MOFA) and private sectors were analyzed thematically. Findings reveal that cyber diplomacy is crucial for protecting critical infrastructure, fostering economic stability, and enhancing Saudi Arabia’s global influence. However, trust deficits, legal barriers, and geopolitical tensions pose significant challenges. Key recommendations include establishing a National Cyber Diplomacy Strategy, enhancing capacity-building programs, and fostering public-private partnerships. The study concludes that cyber diplomacy is essential for Saudi Arabia’s national security and recommends a multi-stakeholder approach to strengthen cyber resilience and international cooperation. Future research should expand to comparative studies with other Gulf Cooperation Council (GCC) nations to develop regional cyber norms.9 0Item Restricted Investigating the Factors that Affect the Adoption of Cybersecurity Data Visualization Applications Within Organizational Context: An Application of the T-O-E Framework(Saudi Digital Library, 2025) Aljasir, Afnan; Chinazunwa, UwaomaCybersecurity visualization (VizSec) tools have emerged as critical enablers for organizations to detect, interpret, and respond to increasingly complex cyber threats. Despite their potential, the adoption and effective use of these tools remain inconsistent across industries. This dissertation examines the determinants of VizSec adoption through the application of the Technology-Organization-Environment (TOE) framework; and the effect of its adoption on organizational performance thereafter. Mixed-method approach was used in this study to provide an in-depth understanding of quantitative and qualitative results. During the quantitative step, a survey of 230 cybersecurity professionals and decision-makers in various industries was used to gather data and analyzed using Partial Least Squares Structural Equation Modeling (PLS-SEM). The qualitative stage was based on 14 semi-structured interviews, conducted with the help of the six-phase thematic analysis of Braun and Clarke, in order to render the lived experiences and the practical knowledge of the participants. The results show that the most powerful drivers of adoption are technological determinants, especially ease of use, lesser complexity, and compatibility with the already existing infrastructure. Influencing factors include organizational aspects, comprising of top management support, financial and human resources, as well as the organizational ability to learn, without which the value of VizSec is constrained due to the lack of skilled professionals. Environmental factors were considered key determinants, whereas competitive pressure had a small influence. Notably, the research proved the mediating effects of Security Data Visualization (SDV) between factors of the TOE and organizational performance. Adoption of VizSec was found to have a high level of customer satisfaction, financial performance, innovation and agility within the organization. Theoretically, this research contributes by generalizing the use of the TOE framework in the space of cybersecurity visualization and introduces SDV as a mediating construct to redefine organizational and environmental variables in this sense. In practice, the study provides a roadmap on how organisations can get the best out of VizSec through strategic investments, enhancing compliance, developing skilled human capital, and establishing vendor relationships.12 0Item Restricted CYBERSECURITY PROFESSIONALS’ BEHAVIORAL PREDISPOSITIONS AFFECTING CYBERSECURITY COMMITMENT AND CONSISTENCY: SAUDI ARABIAN CONTEXT(Saudi Digital Library, 2025) Kabli, Rana; MICHELLE, LIUThe intensity of cybersecurity incidents has been on the rise and is attributed to factors related to end-users and security professionals. Human subjects such as employees make the greatest loop to cybersecurity incidents currently reported across the globe. This is due to a lack of awareness and other behavioral aspects that contribute to online risky behaviors. The study aimed to determine the influence of cybersecurity professionals’ behavioral predispositions on cybersecurity commitment and consistency in Saudi Arabia. The study focused on the professional behavioral attributes that have been associated with cybersecurity behavior: subjective norms, attitudes, self-efficacy to comply, perceived behavioral control, and perceived benefit of compliance. A survey instrument was developed from previous literature, and the instrument was converted into an online survey that was utilized in data collection. The analysis of the collected data, established that whereas the respondents understand the importance of commitment and consistency, a significant number of the cybersecurity professionals felt that commitment and consistency had a minor effect on security of information systems. The analysis established that cybersecurity attitudes and subjective norms was the greatest predictor of commitment and consistency in compliance with cybersecurity policies. The significant influence of cybersecurity attitude indicates that cybersecurity professionals' personal beliefs substantially influence their compliance behaviors. Crucially, the significant influence of subjective norms points indicates that organizational culture and leadership is crucial in promoting commitment and consistency in compliance with cybersecurity policies.37 0Item Restricted Scalable Distributed Ledger Paradigms for Secure IoT-Driven Data Management in Smart Cities(Saudi Digital Library, 2025) Alruwaill, Musharraf; Mohanty, Saraju P; Kougianos, EliasBlockchain has become a cornerstone of trustworthy, decentralised information governance. Consensus protocols and cryptographic linkages guarantee data integrity, immutability, and verifiable provenance, eliminating reliance on a single trusted authority and mitigating data fragmentation. Within smart‑healthcare ecosystems, these capabilities enable the shift from siloed, centralised repositories to distributed, patient‑centric infrastructures. Because clinical data are highly sensitive and strictly regulated, robust assurances of integrity, confidentiality, and fine‑grained authorisation are essential. Integrating blockchain and smart contracts with technologies such as distributed off‑chain storage and the Internet of Medical Things (IoMT) creates a resilient, scalable, and interoperable foundation for next‑generation healthcare data management. This research introduces hChain, a four‑generation family of distributed‑ledger frameworks that progressively strengthen security, intelligence, and scalability in smart‑healthcare environments. hChain 1.0 lays the groundwork with a blockchain architecture that safeguards patient data, supports real‑time clinical telemetry, and enables seamless inter‑institutional exchange. Building on this foundation, hChain 2.0 integrates InterPlanetary File System (IPFS) storage and smart‑contract enforcement to deliver tamper‑proof, fine‑grained access control. hChain 3.0 embeds on‑chain deep‑learning analytics, providing proactive, automated decision support across the care continuum while preserving data integrity. Finally, hChain 4.0 introduces a highly scalable, permissioned ledger augmented by an Attribute‑Based Access Control (ABAC) layer, ensuring dynamic, context‑aware authorisation in complex organisational settings. The results demonstrate practical solutions for transforming data infrastructures from centralised to decentralised architectures, providing techniques that facilitate seamless integration with existing systems while enhancing blockchain scalability and privacy.54 0Item Restricted Design, analysis, and evaluation of highly secure smart city infrastructures and services(University of Arizona, 2025) Almazyad, Ibrahim; Hariri, SalimCritical infrastructure resources and services, such as energy networks, water treatment facilities, and 5G telecommunications, form the backbone of national security and public welfare. However, many of these infrastructures rely on outdated technologies, rendering them increasingly vulnerable to evolving cyber threats. As these infrastructures become increasingly digitized and integrated under Industry 4.0 - integrating cloud computing, Artificial Intelligence (AI), and the Industrial Internet of Things (IIoT) - they simultaneously introduce a broader attack surface susceptible to threats such as sensor spoofing, Denial-of-Service (DoS), and man-in-the-middle attacks. Existing critical infrastructure testbeds are isolated and limited in their ability to replicate cross-domain dependencies and security vulnerabilities inherent in modern smart cities. To address this gap, this dissertation developed a Federated Cybersecurity Testbed as a Service (FCTaaS) environment, an innovative approach that integrates geographically dispersed critical infrastructure testbeds to enable the development and experimentation of effective algorithms to secure the normal operations of critical infrastructures against a wide range of cyberattacks. The research specifically focused on two critical infrastructures: The Water Treatment Facility Testbed (WTFT) and the 5G Telecommunication Testbed (5GTT). It begins with a comprehensive threat modeling across Industrial Control Systems (ICS) and 5G architecture to identify vulnerabilities, followed by designing and implementing security detection and mitigation algorithms. Specifically, we have developed an edge-deployed anomaly detection algorithm that is based on an autoencoder that achieved 98.3% accuracy in detecting cyberattacks against water treatment infrastructure. We have also demonstrated the effectiveness of our security defense algorithms in detecting cyberattacks against 5G networks with an accuracy of 98.9% against various cellular network attacks. This dissertation developed a unified and scalable cybersecurity research environment that significantly facilitates the development of realistic critical infrastructure experimentations and AI-driven security algorithms to secure and protect their normal operations against any type of cyberattacks known or unknown, regardless of their origins, insider or outsider.31 0Item Restricted Cybersecurity-Aware Distributed Optimization for Optimal Power Flow(Georgia Institute of Technology, 2024-07-17) Alkhraijah, Mohannad; Molzahn, DanielDistributed optimization algorithms have many attractive features for coordinating systems with multiple agents, as they allow multiple agents to collaborate in solving large-scale optimization problems while maintaining their autonomy. However, distributed algorithms may be vulnerable to cyberattacks due to their dependency on communication. This dissertation proposes a general cybersecurity-aware distributed optimization implementation framework for solving optimal power flow problems. The proposed framework increases the resiliency of distributed optimization against cyberattacks and data manipulation. The main contributions of the dissertation are (1) development of an open-source framework to expedite the process of testing and experimenting with distributed optimization algorithms, (2) benchmarking multiple distributed algorithms with various optimal power flow models in the presence of nonideal communication via an extensive empirical analysis, (3) investigation of cyberattack threats on distributed optimization and proposition of cyberattack detection models, (4) development of a mitigation strategy for cyberattacks and communication failures via formulating and solving a robust optimization problem, and (5) development of a fault-tolerant distributed termination method that prevents faulty termination caused by cyberattacks or communication errors.31 0Item Restricted INTO THE DIGITAL ABYSS: EXPLORING THE DEPTHS OF DATA COLLECTED BY IOT DEVICES(Johns Hopkins University, 2024-02-22) Almogbil, Atheer; Rubin, AvielThe proliferation of interconnected smart devices, once ordinary household appliances, has led to an exponential increase in sensitive data collection and transmission. The security and privacy of IoT devices, however, have lagged behind their rapid deployment, creating vulnerabilities that can be exploited by malicious actors. While security attacks on IoT devices have garnered attention, privacy implications often go unnoticed, exposing users to potential risks without their awareness. Our research contributes to a deeper understanding of user privacy concerns and implications caused by data collection within the vast landscape of the Internet of Things (IoT). We uncover the true extent of data accessible to adversarial individuals and propose a solution to ensure data privacy in precarious situations. We provide valuable insights, paving the way for a more informed and comprehensive approach to studying, addressing, and raising awareness about privacy issues within the evolving landscape of smart home environments.31 0Item Restricted A Graph-Based Formal Access Control Model to Support Positive & Negative Permissions, Exceptions, Redundancy & Conflict Detection, Permission to Delegate, Delegation, Separation of Duties (SoD), and SoD Exceptions & Violation Detection(University of Idaho, 2024-12-30) Alkhorem, Azan Hamad; De Leon, Daniel ConteAccess control policies models provide a better approach to control users actives regarding allowing or denying such action to user or group within the resources. This mechanism allowed us to verify the grant or the denial of access. Within the access control hierarchy structure, there are more features that must be supported with different permissions on non-hierarchy and hierarchy structure. In this study we developed a methodology that supports the enhancement of positive policy represented by (YES) and adds negative policy represented by (NO). Moreover, we include supporting both types of permission to delegate and both types of delegation. Although, we implement supporting an exception policies approach for both types of stander policies positive and negative. Furthermore, we developed a method to adopt two different types of Separation of Duties (SoD). This includes redundancy, conflict detection, valid polices request of SoD, violation, and non-violation polices request between each type itself and between the first type against the second concept of SoD rules as well as vice versa. In addition, we validate another technique that these two different types of SoD do not violate both types of stander policies concept. Finally, we examine both types of stander policies concept never violate both types of SoD rules in the hierarchy manner. These challenges have been successfully verified on the hierarchy policy model (HPol). These features give the HPol model more advantages supporting complex polices on non-hierarchy and hierarchy structure.26 0
- «
- 1 (current)
- 2
- 3
- »
