{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,20]],"date-time":"2026-05-20T13:15:40Z","timestamp":1779282940953,"version":"3.51.4"},"reference-count":106,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2026,5,20]],"date-time":"2026-05-20T00:00:00Z","timestamp":1779235200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,5,20]],"date-time":"2026-05-20T00:00:00Z","timestamp":1779235200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["SN COMPUT. SCI."],"DOI":"10.1007\/s42979-026-04955-0","type":"journal-article","created":{"date-parts":[[2026,5,20]],"date-time":"2026-05-20T11:35:21Z","timestamp":1779276921000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A Systematic Review on Advancements in Malware Detection Using Artificial Intelligence Frameworks"],"prefix":"10.1007","volume":"7","author":[{"family":"Attiuttama","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sanjay Kumar","family":"Sharma","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Satya Prakash","family":"Yadav","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,5,20]]},"reference":[{"key":"4955_CR1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2023.111921","volume":"209","author":"P Maniriho","year":"2024","unstructured":"Maniriho P, Mahmood AN, Chowdhury MJM. A systematic literature review on Windows malware detection: techniques, research issues, and future directions. J Syst Softw. 2024;209:111921.","journal-title":"J Syst Softw"},{"key":"4955_CR2","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2023.107801","volume":"131","author":"K Shaukat","year":"2024","unstructured":"Shaukat K, Luo S, Varadharajan V. A novel machine learning approach for detecting first-time-appeared malware. Eng Appl Artif Intell. 2024;131:107801.","journal-title":"Eng Appl Artif Intell"},{"key":"4955_CR3","doi-asserted-by":"publisher","DOI":"10.1016\/j.teler.2024.100130","volume":"14","author":"SK Smmarwar","year":"2024","unstructured":"Smmarwar SK, Gupta GP, Kumar S. Android malware detection and identification frameworks by leveraging the machine and deep learning techniques: A comprehensive review. Telemat Inform Rep. 2024;14:100130.","journal-title":"Telemat Inform Rep"},{"key":"4955_CR4","doi-asserted-by":"publisher","first-page":"61113","DOI":"10.1109\/ACCESS.2024.3395118","volume":"12","author":"JC Costa","year":"2024","unstructured":"Costa JC, Roxo T, Proen\u00e7a H, Inacio PRM. How deep learning sees the world: a survey on adversarial attacks & defenses. IEEE Access. 2024;12:61113\u201336.","journal-title":"IEEE Access"},{"key":"4955_CR5","doi-asserted-by":"publisher","first-page":"141045","DOI":"10.1109\/ACCESS.2023.3256979","volume":"11","author":"NZ Gorment","year":"2023","unstructured":"Gorment NZ, Selamat A, Cheng LK, Krejcar O. Machine learning algorithm for malware detection: taxonomy, current challenges, and future directions. IEEE Access. 2023;11:141045\u201389.","journal-title":"IEEE Access"},{"key":"4955_CR6","doi-asserted-by":"publisher","DOI":"10.1016\/j.dajour.2023.100206","volume":"7","author":"AK Dey","year":"2023","unstructured":"Dey AK, Gupta GP, Sahu SP. A metaheuristic-based ensemble feature selection framework for cyber threat detection in IoT-enabled networks. Decis Anal J. 2023;7:100206.","journal-title":"Decis Anal J"},{"key":"4955_CR7","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2022.118630","volume":"211","author":"M Mimura","year":"2023","unstructured":"Mimura M. Impact of benign sample size on binary classification accuracy. Expert Syst Appl. 2023;211:118630.","journal-title":"Expert Syst Appl"},{"key":"4955_CR8","doi-asserted-by":"publisher","first-page":"114936","DOI":"10.1109\/ACCESS.2023.3325727","volume":"11","author":"DK Kholgh","year":"2023","unstructured":"Kholgh DK, Kostakos P. PAC-GPT: A novel approach to generating synthetic network traffic with GPT-3. IEEE Access. 2023;11:114936\u201351.","journal-title":"IEEE Access"},{"key":"4955_CR9","doi-asserted-by":"publisher","first-page":"128754","DOI":"10.1109\/ACCESS.2022.3227579","volume":"10","author":"MS Hossain","year":"2022","unstructured":"Hossain MS, Hasan N, Samad MA, Shakhawat HM, Karmoker J, Ahmed F, et al. Android ransomware detection from traffic analysis using metaheuristic feature selection. IEEE Access. 2022;10:128754\u201363.","journal-title":"IEEE Access"},{"issue":"1","key":"4955_CR10","doi-asserted-by":"publisher","DOI":"10.1038\/s41598-022-18936-9","volume":"12","author":"M Asam","year":"2022","unstructured":"Asam M, Khan SH, Akbar A, Bibi S, Jamal T, Khan A, et al. IoT malware detection architecture using a novel channel boosted and squeezed CNN. Sci Rep. 2022;12(1):15498.","journal-title":"Sci Rep"},{"issue":"4","key":"4955_CR11","doi-asserted-by":"publisher","first-page":"800","DOI":"10.3390\/jcp2040041","volume":"2","author":"UEH Tayyab","year":"2022","unstructured":"Tayyab UEH, Khan FB, Durad MH, Khan A, Lee YS. A survey of the recent trends in deep learning-based malware detection. J Cybersecur Privacy. 2022;2(4):800\u201329.","journal-title":"J Cybersecur Privacy"},{"key":"4955_CR12","doi-asserted-by":"publisher","first-page":"42762","DOI":"10.1109\/ACCESS.2022.3168794","volume":"10","author":"AA Al-Hashmi","year":"2022","unstructured":"Al-Hashmi AA, Ghaleb FA, Al-Marghilani A, Yahya AE, Ebad SA, Saqib M, et al. Deep-ensemble and multifaceted behavioral malware variant detection model. IEEE Access. 2022;10:42762\u201377.","journal-title":"IEEE Access"},{"key":"4955_CR13","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.103842","volume":"141","author":"A Galli","year":"2024","unstructured":"Galli A, La Gatta V, Moscato V, Postiglione M, Sperl\u00ec G. Explainability in AI-based behavioral malware detection systems. Comput Secur. 2024;141:103842.","journal-title":"Comput Secur"},{"issue":"3","key":"4955_CR14","first-page":"032078","volume":"1650","author":"G Wang","year":"2020","unstructured":"Wang G, Lu T, Yin H. Detection technology of malicious code family based on BiLSTM-CNN. J Phys: Conf Ser. 2020;1650(3):032078.","journal-title":"J Phys: Conf Ser"},{"key":"4955_CR15","doi-asserted-by":"publisher","first-page":"20717","DOI":"10.1109\/ACCESS.2021.3054129","volume":"9","author":"AB Nassif","year":"2021","unstructured":"Nassif AB, Talib MA, Nasir Q, Albadani H, Dakalbab FM. Machine learning for cloud security: a systematic review. IEEE Access. 2021;9:20717\u201335.","journal-title":"IEEE Access"},{"key":"4955_CR16","doi-asserted-by":"publisher","first-page":"97180","DOI":"10.1109\/ACCESS.2021.3093366","volume":"9","author":"AA Darem","year":"2021","unstructured":"Darem AA, Ghaleb FA, Al-Hashmi AA, Abawajy JH, Alanazi SM, Al-Rezami AY. An adaptive behavioral-based incremental batch learning malware variants detection model using concept drift detection and sequential deep learning. IEEE Access. 2021;9:97180\u201396.","journal-title":"IEEE Access"},{"key":"4955_CR17","doi-asserted-by":"publisher","first-page":"91512","DOI":"10.1109\/ACCESS.2021.3090464","volume":"9","author":"H Wang","year":"2021","unstructured":"Wang H, Long H, Wang A, Liu T, Fu H. Deep learning and regularization algorithms for malicious code classification. IEEE Access. 2021;9:91512\u201323.","journal-title":"IEEE Access"},{"key":"4955_CR18","volume":"38","author":"V Sihag","year":"2021","unstructured":"Sihag V, Vardhan M, Singh P. BLADE: robust malware detection against obfuscation in Android. Forensic Sci Int Digit Investig. 2021;38:301176.","journal-title":"Forensic Sci Int Digit Investig"},{"key":"4955_CR19","doi-asserted-by":"publisher","first-page":"48753","DOI":"10.1109\/ACCESS.2021.3060778","volume":"9","author":"WNH Ibrahim","year":"2021","unstructured":"Ibrahim WNH, Anuar S, Selamat A, Krejcar O, Crespo RG, Herrera-Viedma E, et al. Multilayer framework for botnet detection using machine learning algorithms. IEEE Access. 2021;9:48753\u201368.","journal-title":"IEEE Access"},{"key":"4955_CR20","doi-asserted-by":"publisher","first-page":"6249","DOI":"10.1109\/ACCESS.2019.2963724","volume":"8","author":"\u00d6A Aslan","year":"2020","unstructured":"Aslan \u00d6A, Samet R. A comprehensive review on malware detection approaches. IEEE Access. 2020;8:6249\u201371.","journal-title":"IEEE Access"},{"key":"4955_CR21","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103582","volume":"137","author":"A Brown","year":"2024","unstructured":"Brown A, Gupta M, Abdelsalam M. Automated machine learning for deep learning-based malware detection. Comput Secur. 2024;137:103582.","journal-title":"Comput Secur"},{"issue":"1","key":"4955_CR22","doi-asserted-by":"publisher","first-page":"118","DOI":"10.1049\/ise2.12082","volume":"17","author":"Y Wu","year":"2023","unstructured":"Wu Y, Shi J, Wang P, Zeng D, Sun C. DeepCatra: learning flow-and graph-based behaviours for Android malware detection. IET Inf Secur. 2023;17(1):118\u201330.","journal-title":"IET Inf Secur"},{"key":"4955_CR23","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2019.102526","volume":"153","author":"D Gibert","year":"2020","unstructured":"Gibert D, Mateu C, Planes J. The rise of machine learning for detection and classification of malware: research developments, trends and challenges. J Netw Comput Appl. 2020;153:102526.","journal-title":"J Netw Comput Appl"},{"key":"4955_CR24","doi-asserted-by":"crossref","unstructured":"Hasimia L, Zavantis D, Shakshuki E, Yasar A. Cloud computing security and deep learning: an ANN approach ScienceDirect cloud computing security and deep learning: an ANN approach. Elsevier. 2024.","DOI":"10.1016\/j.procs.2023.12.155"},{"key":"4955_CR25","doi-asserted-by":"publisher","first-page":"83252","DOI":"10.1109\/ACCESS.2021.3087316","volume":"9","author":"\u00d6 Aslan","year":"2021","unstructured":"Aslan \u00d6, Ozkan-Okay M, Gupta D. Intelligent behavior-based malware detection system on cloud computing environment. IEEE Access. 2021;9:83252\u201371.","journal-title":"IEEE Access"},{"key":"4955_CR26","volume":"83","author":"P Alaeifar","year":"2024","unstructured":"Alaeifar P, Pal S, Jadidi Z, Hussain M, Foo E. Current approaches and future directions for cyber threat intelligence sharing: a survey. J Inf Secur Appl. 2024;83:103786.","journal-title":"J Inf Secur Appl"},{"issue":"1-2","key":"4955_CR27","first-page":"19","volume":"18","author":"S Bharati","year":"2022","unstructured":"Bharati S, Mondal MRH, Podder P, Prasath VS. Federated learning: applications, challenges and future directions. Int J Hybrid Intell Syst. 2022;18(1\u20132):19\u201335.","journal-title":"Int J Hybrid Intell Syst"},{"key":"4955_CR28","doi-asserted-by":"publisher","first-page":"46717","DOI":"10.1109\/ACCESS.2019.2906934","volume":"7","author":"R Vinayakumar","year":"2019","unstructured":"Vinayakumar R, Alazab M, Soman KP, Poornachandran P, Venkatraman S. Robust intelligent malware detection using deep learning. IEEE Access. 2019;7:46717\u201338.","journal-title":"IEEE Access"},{"issue":"2","key":"4955_CR29","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3439950","volume":"54","author":"G Pang","year":"2021","unstructured":"Pang G, Shen C, Cao L, Hengel AVD. Deep learning for anomaly detection: a review. ACM Comput Surv (CSUR). 2021;54(2):1\u201338.","journal-title":"ACM Comput Surv (CSUR)"},{"key":"4955_CR30","doi-asserted-by":"publisher","DOI":"10.32604\/cmc.2021.017502","author":"GY Shin","year":"2021","unstructured":"Shin GY, Kim DW, Kim SS, Han MM. Unknown attack detection: combining relabeling and hybrid intrusion detection. Comput Mater Contin. 2021. https:\/\/doi.org\/10.32604\/cmc.2021.017502.","journal-title":"Comput Mater Contin"},{"key":"4955_CR31","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103654","volume":"138","author":"A Guerra-Manzanares","year":"2024","unstructured":"Guerra-Manzanares A. Machine learning for Android malware detection: mission accomplished? A comprehensive review of open challenges and future perspectives. Comput Secur. 2024;138:103654.","journal-title":"Comput Secur"},{"key":"4955_CR32","doi-asserted-by":"publisher","DOI":"10.1016\/j.jbi.2022.104009","volume":"127","author":"AI Paganelli","year":"2022","unstructured":"Paganelli AI, Mondejar AG, da Silva AC, Silva-Calpa G, Teixeira MF, Carvalho F, et al. Real-time data analysis in health monitoring systems: a comprehensive systematic literature review. J Biomed Inform. 2022;127:104009.","journal-title":"J Biomed Inform"},{"key":"4955_CR33","doi-asserted-by":"crossref","unstructured":"Kumar SA, Vealey T, Srivastava H. Security in internet of things: challenges, solutions and future directions. In: 2016 49th Hawaii International Conference on System Sciences (HICSS). 2016;5772\u20135781. IEEE.","DOI":"10.1109\/HICSS.2016.714"},{"key":"4955_CR34","doi-asserted-by":"crossref","unstructured":"Pichikala SM, Rachana G, Sanjanapatel H, Shanu S Vineeth N. Malware detection using blockchain technology. In: 2021 2nd International Conference for Emerging Technology (INCET). 2021;1\u20134. IEEE.","DOI":"10.1109\/INCET51464.2021.9456161"},{"issue":"1","key":"4955_CR35","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1080\/0960085X.2022.2088414","volume":"32","author":"J Kotsias","year":"2023","unstructured":"Kotsias J, Ahmad A, Scheepers R. Adopting and integrating cyber-threat intelligence in a commercial organisation. Eur J Inf Syst. 2023;32(1):35\u201351.","journal-title":"Eur J Inf Syst"},{"key":"4955_CR36","doi-asserted-by":"crossref","unstructured":"Liu JW. Multiple graph neural networs and transformers for vehicle trajectory prediction. In: 2024 China Automation Congress (CAC). pp. 1733\u20131738. 2024. IEEE.","DOI":"10.1109\/CAC63892.2024.10864824"},{"key":"4955_CR37","unstructured":"Critical Sectors at Risk: India Reports 593 Attacks in the First Half of 2024 593 Cyberattacks In India Reported In 2024 So Far (thecyberexpress.com). Accessed 15 Aug 2024"},{"key":"4955_CR38","unstructured":"CrowdStrike. CrowdStrike 2024 global threat report. Crowdstrike.com. 2024. https:\/\/www.crowdstrike.com\/en-us\/resources\/reports\/crowdstrike-2024-global-threat-report\/. Accessed 15 July 2024"},{"key":"4955_CR39","doi-asserted-by":"crossref","unstructured":"Ma Y, Zhu Z Li M Wei C. Fan Y. An LSTM-XGB feature fusion model based on dynamic degradation trends for remaining useful life prediction of aero-engines. In: 2025 International Conference on Mechatronic Engineering and Artificial Intelligence (MEAI). 2025;25\u201328. IEEE.","DOI":"10.1109\/MEAI68126.2025.11406503"},{"key":"4955_CR40","unstructured":"India's defence, other govt departments fell prey to cyber-attacks in 2024, Telegram a hotbed: Report- The. Accessed 28 Aug 2024."},{"key":"4955_CR41","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2022.108744","volume":"121","author":"MS Abbasi","year":"2022","unstructured":"Abbasi MS, Al-Sahaf H, Mansoori M, Welch I. Behavior-based ransomware classification: a particle swarm optimization wrapper-based approach for feature selection. Appl Soft Comput. 2022;121:108744.","journal-title":"Appl Soft Comput"},{"key":"4955_CR42","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2022.109756","volume":"131","author":"MN Al-Andoli","year":"2022","unstructured":"Al-Andoli MN, Tan SC, Sim KS, Lim CP, Goh PY. Parallel deep learning with a hybrid BP-PSO framework for feature extraction and malware classification. Appl Soft Comput. 2022;131:109756.","journal-title":"Appl Soft Comput"},{"key":"4955_CR43","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102860","volume":"121","author":"AO Almashhadani","year":"2022","unstructured":"Almashhadani AO, Carlin D, Kaiiali M, Sezer S. MFMCNS: a multi-feature and multi-classifier network-based system for ransomworm detection. Comput Secur. 2022;121:102860.","journal-title":"Comput Secur"},{"key":"4955_CR44","doi-asserted-by":"publisher","first-page":"87936","DOI":"10.1109\/ACCESS.2021.3089586","volume":"9","author":"\u00d6 Aslan","year":"2021","unstructured":"Aslan \u00d6, Yilmaz AA. A new malware classification framework based on deep learning algorithms. IEEE Access. 2021;9:87936\u201351.","journal-title":"IEEE Access"},{"key":"4955_CR45","doi-asserted-by":"publisher","first-page":"193","DOI":"10.1016\/j.future.2021.12.013","volume":"130","author":"C Jing","year":"2022","unstructured":"Jing C, Wu Y, Cui C. Ensemble dynamic behavior detection method for adversarial malware. Future Gener Comput Syst. 2022;130:193\u2013206.","journal-title":"Future Gener Comput Syst"},{"key":"4955_CR46","doi-asserted-by":"publisher","first-page":"871","DOI":"10.1016\/j.cose.2018.04.005","volume":"77","author":"S Ni","year":"2018","unstructured":"Ni S, Qian Q, Zhang R. Malware identification using visualization images and deep learning. Comput Secur. 2018;77:871\u201385.","journal-title":"Comput Secur"},{"key":"4955_CR47","unstructured":"Oliveira A. Malware analysis datasets: Raw PE as Image. IEEE Dataport. 2019."},{"issue":"5","key":"4955_CR48","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3329786","volume":"52","author":"O Or-Meir","year":"2019","unstructured":"Or-Meir O, Nissim N, Elovici Y, Rokach L. Dynamic malware analysis in the modern era\u2014a state of the art survey. ACM Comput Surv (CSUR). 2019;52(5):1\u201348.","journal-title":"ACM Comput Surv (CSUR)"},{"key":"4955_CR49","doi-asserted-by":"crossref","unstructured":"Maniriho P, Mahmood A. Chowdhury MJM. Evaluation and survey of state-of-the-art malware detection and classification techniques: Analysis and recommendation. Available at SSRN 4197678. 2022.","DOI":"10.2139\/ssrn.4197678"},{"key":"4955_CR50","doi-asserted-by":"crossref","unstructured":"Cakir B, Dogdu E. Malware classification using deep learning methods. In:\u00a0Proceedings of the 2018 ACM Southeast Conference, 2018;1\u20135.","DOI":"10.1145\/3190645.3190692"},{"key":"4955_CR51","doi-asserted-by":"publisher","first-page":"399","DOI":"10.1016\/j.cose.2017.11.016","volume":"73","author":"P Burnap","year":"2018","unstructured":"Burnap P, French R, Turner F, Jones K. Malware classification using self organising feature maps and machine activity data. Comput Secur. 2018;73:399\u2013410.","journal-title":"Comput Secur"},{"key":"4955_CR52","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.108595","volume":"201","author":"S Kumar","year":"2021","unstructured":"Kumar S, Janet B. Distinguishing malicious programs based on visualization and hybrid learning algorithms. Comput Netw. 2021;201:108595.","journal-title":"Comput Netw"},{"key":"4955_CR53","unstructured":"Cisco, Cisco Annual Internet Report, 2023 Cisco Annual Internet Report - Cisco Annual Internet Report (2018\u20132023) White Paper \u2013 Cisco. Accessed 28 July 2024."},{"key":"4955_CR54","doi-asserted-by":"crossref","unstructured":"Kumar L, Kumar A. Securing digital twins in autonomous vehicles: Cyber threats, mitigation strategies, and innovative security solutions. In:\u00a02025 Second International Conference on Cognitive Robotics and Intelligent Systems (ICC-ROBINS)\u00a0(pp. 146\u2013151). 2025. IEEE.","DOI":"10.1109\/ICC-ROBINS64345.2025.11086226"},{"key":"4955_CR55","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2020.107138","volume":"171","author":"D Vasan","year":"2020","unstructured":"Vasan D, Alazab M, Wassan S, Naeem H, Safaei B, Zheng Q. IMCFN: image-based malware classification using fine-tuned convolutional neural network architecture. Comput Netw. 2020;171:107138.","journal-title":"Comput Netw"},{"key":"4955_CR56","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1016\/j.procir.2023.09.225","volume":"121","author":"AJG de Azambuja","year":"2024","unstructured":"de Azambuja AJG, Giese T, Sch\u00fctzer K, Anderl R, Schleich B, Almeida VR. Digital twins in Industry 4.0\u2013opportunities and challenges related to cyber security. Procedia CIRP. 2024;121:25\u201330.","journal-title":"Procedia CIRP"},{"key":"4955_CR57","unstructured":"Delhi Ransomware attack: Delhi: Ransomware Cyber attack on AIIMS server | Delhi News - Times of India (indiatimes.com). Accessed 22 July 2024"},{"key":"4955_CR58","doi-asserted-by":"publisher","first-page":"95047","DOI":"10.1109\/ACCESS.2024.3425593","volume":"12","author":"S Duraibi","year":"2024","unstructured":"Duraibi S. Enhanced image-based malware classification using snake optimization algorithm with deep convolutional neural network. IEEE Access. 2024;12:95047\u201357.","journal-title":"IEEE Access"},{"key":"4955_CR59","unstructured":"Anderson HS, Roth P. Ember: an open dataset for training static pe malware machine learning models.\u00a02018. arXiv preprint arXiv:1804.04637."},{"key":"4955_CR60","unstructured":"Bayer U, Comparetti PM, Hlauschek C, Kruegel C, Kirda E. Scalable, behavior-based malware clustering. In:\u00a0NDSS. 2009. (Vol. 9, pp. 8\u201311)."},{"key":"4955_CR61","doi-asserted-by":"crossref","unstructured":"Carrier T. Detecting obfuscated malware using memory feature engineering. 2021.","DOI":"10.5220\/0010908200003120"},{"key":"4955_CR62","unstructured":"https:\/\/manualmachine.com\/blackberry\/cylanceprotect\/17910987-user-manual\/. Accessed 25 July 2024"},{"key":"4955_CR63","doi-asserted-by":"crossref","unstructured":"Saxe J, Berlin K. Deep neural network-based malware detection using two dimensional binary program features. In:\u00a02015 10th international conference on malicious and unwanted software (MALWARE)\u00a0(pp. 11\u201320). 2015. IEEE.","DOI":"10.1109\/MALWARE.2015.7413680"},{"key":"4955_CR64","unstructured":"ClamAV. (n.d.). ClamAV documentation. Cisco. https:\/\/docs.clamav.net\/. Accessed 26 July 2024"},{"issue":"1","key":"4955_CR65","first-page":"229","volume":"99","author":"M Roesch","year":"1999","unstructured":"Roesch M. Snort: lightweight intrusion detection for networks. Lisa J Libr Inf Sci Abstr. 1999;99(1):229\u201338.","journal-title":"Lisa J Libr Inf Sci Abstr"},{"issue":"23\u201324","key":"4955_CR66","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V Paxson","year":"1999","unstructured":"Paxson V. Bro: a system for detecting network intruders in real-time. Comput Netw. 1999;31(23\u201324):2435\u201363.","journal-title":"Comput Netw"},{"key":"4955_CR67","doi-asserted-by":"crossref","unstructured":"Kirat D, Vigna G. Malgene: automatic extraction of malware analysis evasion signature. In:\u00a0Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security.\u00a02015;769\u2013780.","DOI":"10.1145\/2810103.2813642"},{"key":"4955_CR68","unstructured":"Zeek. (n.d.). The Zeek Network monitoring tool. https:\/\/zeek.org\/. Accessed 25 July 2024"},{"key":"4955_CR69","unstructured":"Darktrace. (n.d.). The Cyber AI Loop: Self-learning AI for threat prevention, detection, response, and healing [White paper]. Accessed 25 July 2024. https:\/\/darktrace.com\/"},{"key":"4955_CR70","unstructured":"CrowdStrike. MITRE ATT&CK Evaluations: Falcon effectiveness. 2023. https:\/\/attackevals.mitre.org\/. Accessed 25 July 2024"},{"key":"4955_CR71","unstructured":"Sophos. (n.d.). Intercept X: Advanced endpoint protection [White paper]. Sophos Ltd. https:\/\/www.sophos.com\/. Accessed 25 July 2024"},{"key":"4955_CR72","unstructured":"AV-Comparatives. (n.d.). Independent Tests of Anti-Virus Software. https:\/\/www.av-comparatives.org\/. Accessed 25 July 2024"},{"key":"4955_CR73","unstructured":"Institute,A.-T. - T. I. I.-S. (n.d.). AV-ATLAS - Malware & PUA. AV-ATLAS - Malware & PUA. https:\/\/portal.av-atlas.org\/malware. Accessed 25 July 2024"},{"key":"4955_CR74","unstructured":"Challenges to Identifying Evasive Threats - Palo Alto Networks. Accessed 25 Aug 2024."},{"key":"4955_CR75","doi-asserted-by":"crossref","unstructured":"Biggio B, Roli F. Wild patterns: ten years after the rise of adversarial machine learning. In:\u00a0Proceedings of the 2018 ACM SIGSAC conference on computer and communications security.\u00a02018;2154\u20132156.","DOI":"10.1145\/3243734.3264418"},{"key":"4955_CR76","doi-asserted-by":"publisher","first-page":"804","DOI":"10.1016\/j.procs.2015.02.149","volume":"46","author":"PV Shijo","year":"2015","unstructured":"Shijo PV, Salim AJPCS. Integrated static and dynamic analysis for malware detection. Procedia Comput Sci. 2015;46:804\u201311.","journal-title":"Procedia Comput Sci"},{"key":"4955_CR77","doi-asserted-by":"publisher","unstructured":"Qian C. et al. (2024). A new layer structure of cyber-physical systems under the era of digital twin. ACM Transactions on Internet Technology, 24, Article XX. https:\/\/doi.org\/10.1145\/3674974","DOI":"10.1145\/3674974"},{"issue":"1","key":"4955_CR78","first-page":"103","volume":"4","author":"D Uppal","year":"2014","unstructured":"Uppal D, Mehra V, Verma V. Basic survey on malware analysis, tools and techniques. Int J Comput Sci Appl (IJCSA). 2014;4(1):103.","journal-title":"Int J Comput Sci Appl (IJCSA)"},{"issue":"2","key":"4955_CR79","first-page":"56","volume":"5","author":"E Gandotra","year":"2014","unstructured":"Gandotra E, Bansal D, Sofat S. Malware analysis and classification: a survey. J Inf Secur. 2014;5(2):56\u201364.","journal-title":"J Inf Secur"},{"issue":"4","key":"4955_CR80","first-page":"10","volume":"2","author":"M Damshenas","year":"2013","unstructured":"Damshenas M, Dehghantanha A, Mahmoud R. A survey on malware propagation, analysis and detection. Int J Cyber-Secur Digit Forensics. 2013;2(4):10\u201329.","journal-title":"Int J Cyber-Secur Digit Forensics"},{"issue":"3","key":"4955_CR81","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3073559","volume":"50","author":"Y Ye","year":"2017","unstructured":"Ye Y, Li T, Adjeroh D, Iyengar SS. A survey on malware detection using data-mining techniques. ACM Comput Surv. 2017;50(3):1\u201340.","journal-title":"ACM Comput Surv"},{"key":"4955_CR82","doi-asserted-by":"crossref","unstructured":"Tang A, Sethumadhavan S, Stolfo SJ. Unsupervised anomaly-based malware detection using hardware features. In: International Workshop on Recent Advances in Intrusion Detection. 2014. (pp. 109\u2013129). Springer, Cham.","DOI":"10.1007\/978-3-319-11379-1_6"},{"key":"4955_CR83","unstructured":"Graziano M, Canali D, Bilge L, Lanzi A, Balzarotti D. Needles in a haystack: Mining information from public dynamic analysis sandboxes for malware intelligence. In: Proceedings of the 24th USENIX Security Symposium (USENIXSecur\u201915). 2015;1057\u20131072."},{"key":"4955_CR84","doi-asserted-by":"crossref","unstructured":"Ablon L, Bogart A. Zero days, thousands of nights: The life and times of zero-day vulnerabilities and their exploits. Rand Corporation. 2017.","DOI":"10.7249\/RR1751"},{"key":"4955_CR85","doi-asserted-by":"publisher","unstructured":"TochE, et al. The privacy implications of cyber security systems: A technological survey. ACM Computing Surveys. 2018;51:(1\u201336). https:\/\/doi.org\/10.1145\/3172869","DOI":"10.1145\/3172869"},{"key":"4955_CR86","doi-asserted-by":"publisher","unstructured":"Ashawa MA, Morris S. Analysis of Android malware detection techniques: A systematic review. Int J Cyber-Security and Digital Forensics, 2019;8(3):177\u2013187. https:\/\/doi.org\/10.17781\/P002605","DOI":"10.17781\/P002605"},{"key":"4955_CR87","doi-asserted-by":"publisher","DOI":"10.1016\/j.teler.2024.100130","author":"SK Smmarwar","year":"2024","unstructured":"Smmarwar SK, Gupta GP, Kumar S. Android malware detection and identification frameworks by leveraging the machine and deep learning techniques: a comprehensive review. Telemat Inform Rep. 2024. https:\/\/doi.org\/10.1016\/j.teler.2024.100130.","journal-title":"Telemat Inform Rep"},{"key":"4955_CR88","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2024.109233","volume":"117","author":"F Nawshin","year":"2024","unstructured":"Nawshin F, Gad R, Unal D, Al-Ali AK, Suganthan PN. Malware detection for mobile computing using secure and privacy-preserving machine learning approaches: a comprehensive survey. Comput Electr Eng. 2024;117:109233.","journal-title":"Comput Electr Eng"},{"issue":"4","key":"4955_CR89","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1016\/j.icte.2020.03.003","volume":"6","author":"N Sameera","year":"2020","unstructured":"Sameera N, Shashi M. Deep transductive transfer learning framework for zero-day attack detection. ICT Express. 2020;6(4):361\u20137.","journal-title":"ICT Express"},{"key":"4955_CR90","doi-asserted-by":"crossref","unstructured":"Oyama Y, Miyashita T, Kokubo H. Identifying useful features for malware detection in the ember dataset. In:\u00a02019 seventh international symposium on computing and networking workshops (CANDARW)\u00a0(pp. 360\u2013366). 2019. IEEE.","DOI":"10.1109\/CANDARW.2019.00069"},{"key":"4955_CR91","unstructured":"Raff E, Barker J, Sylvester J, Brandon R, Catanzaro B, Nicholas C. Malware detection by eating a whole executable. In: Proceedings of the AAAI Conference on Artificial Intelligence. 2018; 33:268\u2013276."},{"key":"4955_CR92","first-page":"96","volume":"83","author":"R Vinayakumar","year":"2019","unstructured":"Vinayakumar R, Soman KP, Poornachandran P. Evaluating deep learning approaches to characterize and classify malware. Future Gener Comput Syst. 2019;83:96\u2013112.","journal-title":"Future Gener Comput Syst"},{"key":"4955_CR93","doi-asserted-by":"crossref","unstructured":"Firdausi I, Erwin A, Nugroho AS. Analysis of machine learning techniques used in behavior-based malware detection. In:\u00a02010 second international conference on advances in computing, control, and telecommunication technologies\u00a0(pp. 201\u2013203). 2010. IEEE.","DOI":"10.1109\/ACT.2010.33"},{"issue":"5","key":"4955_CR94","volume":"157","author":"H Mourad","year":"2024","unstructured":"Mourad H, Mohammed M, Ferhi W, Djillali M, Al Baraa B, Hicham HM. Obfuscated malware detection using deep neural network with ANOVA feature selection on CIC-MalMem-2022 dataset. J Sci Tech Inf Technol Mech Optics. 2024;157(5):849.","journal-title":"J Sci Tech Inf Technol Mech Optics"},{"issue":"12","key":"4955_CR95","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3677374","volume":"56","author":"M Saqib","year":"2024","unstructured":"Saqib M, Mahdavifar S, Fung BC, Charland P. A comprehensive analysis of explainable AI for malware hunting. ACM Comput Surv. 2024;56(12):1\u201340.","journal-title":"ACM Comput Surv"},{"issue":"2","key":"4955_CR96","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3605775","volume":"56","author":"F Deldar","year":"2023","unstructured":"Deldar F, Abadi M. Deep learning for zero-day malware detection and classification: a survey. ACM Comput Surv. 2023;56(2):1\u201337.","journal-title":"ACM Comput Surv"},{"key":"4955_CR97","doi-asserted-by":"crossref","unstructured":"Kumar A, Mohmmad S. Evaluating new malware trends using cyber threat intelligence data. In:\u00a02025 3rd International Conference on Advancement in Computation & Computer Technologies (InCACCT)\u00a0(pp. 93\u201397). 2025. IEEE.","DOI":"10.1109\/InCACCT65424.2025.11011418"},{"key":"4955_CR98","doi-asserted-by":"publisher","DOI":"10.1016\/j.eij.2025.100618","volume":"29","author":"S Sharma","year":"2025","unstructured":"Sharma S, Chhikara R, Khanna K. A novel feature selection technique: detection and classification of Android malware. Egypt Inform J. 2025;29:100618.","journal-title":"Egypt Inform J"},{"key":"4955_CR99","doi-asserted-by":"publisher","unstructured":"Cevallos-MorenoJF, Rizzardi A, Sicari S, Coen-Porisini A. HERO: from high-dimensional network traffic to zERO-Day attack detection. Computer Networks. 2025;111264. (1\u201314) https:\/\/doi.org\/10.1016\/j.comnet.2025.111264","DOI":"10.1016\/j.comnet.2025.111264"},{"issue":"1","key":"4955_CR100","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1016\/j.cirp.2018.04.055","volume":"67","author":"F Tao","year":"2018","unstructured":"Tao F, Zhang M, Liu Y, Nee AY. Digital twin driven prognostics and health management for complex equipment. CIRP Ann Manuf Technol. 2018;67(1):169\u201372.","journal-title":"CIRP Ann Manuf Technol"},{"issue":"2","key":"4955_CR101","doi-asserted-by":"publisher","first-page":"1695","DOI":"10.1109\/TASE.2023.3243147","volume":"21","author":"EC Balta","year":"2023","unstructured":"Balta EC, Pease M, Moyne J, Barton K, Tilbury DM. Digital twin-based cyber-attack detection framework for cyber-physical manufacturing systems. IEEE Trans Autom Sci Eng. 2023;21(2):1695\u2013712.","journal-title":"IEEE Trans Autom Sci Eng"},{"key":"4955_CR102","first-page":"627","volume":"193","author":"E Negri","year":"2017","unstructured":"Negri E, Fumagalli L, Macchi M. A simulation framework for suppliers\u2019 selection in the Industry 4.0 era. Int J Prod Econ. 2017;193:627\u201337.","journal-title":"Int J Prod Econ"},{"key":"4955_CR103","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1016\/j.procir.2023.09.225","volume":"121","author":"AJG de Azambuja","year":"2024","unstructured":"de Azambuja AJG, Orth PF, Avi ML, dos Santos CH. Digital twins in Industry 4.0\u2013opportunities and challenges related to cyber security. Procedia CIRP. 2024;121:25\u201330.","journal-title":"Procedia CIRP"},{"issue":"17","key":"4955_CR104","doi-asserted-by":"publisher","first-page":"14965","DOI":"10.1109\/JIOT.2023.3263909","volume":"10","author":"Y Wang","year":"2023","unstructured":"Wang Y, Su Z, Guo S, Dai M, Luan TH, Liu Y. A survey on digital twins: architecture, enabling technologies, security and privacy, and future prospects. IEEE Internet Things J. 2023;10(17):14965\u201387.","journal-title":"IEEE Internet Things J"},{"key":"4955_CR105","unstructured":"Abshari D, Sridhar M. A survey of anomaly detection in cyber-physical systems. 2025. arXiv preprint arXiv:2502.13256."},{"key":"4955_CR106","doi-asserted-by":"publisher","DOI":"10.5120\/ijca2025925641","author":"MA Kausar","year":"2025","unstructured":"Kausar MA. Digital twin-enabled anomaly detection for industrial IoT using explainable AI. Int J Comput Appl. 2025. https:\/\/doi.org\/10.5120\/ijca2025925641.","journal-title":"Int J Comput Appl"}],"container-title":["SN Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-026-04955-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s42979-026-04955-0","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-026-04955-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,20]],"date-time":"2026-05-20T13:04:08Z","timestamp":1779282248000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s42979-026-04955-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,5,20]]},"references-count":106,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2026,6]]}},"alternative-id":["4955"],"URL":"https:\/\/doi.org\/10.1007\/s42979-026-04955-0","relation":{},"ISSN":["2661-8907"],"issn-type":[{"value":"2661-8907","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,5,20]]},"assertion":[{"value":"10 December 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"30 March 2026","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 May 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"Not applicable.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Research Involving Human and\/or Animals Participants"}}],"article-number":"461"}}