Botnets could autonomously infect, propagate, communicate and coordinate with other members in the botnet, enabling cybercriminals to exploit the cumulative computing and bandwidth of its bots to facilitate cybercrime. Traditional detection methods are becoming increasingly unsuitable against various network-based detection evasion methods. These techniques ultimately render signature-based fingerprinting detection infeasible and thus this research explores the application of network flow-based behavioural modelling to facilitate the binary classification of bot network activity, whereby the detection is independent of underlying communications architectures, ports, protocols and payload-based detection evasion mechanisms. A comparative evaluation of various machine learning classification methods is conducted, to precisely determine the average accuracy of each classifier on bot datasets like CTU-13, ISOT 2010 and ISCX 2014. Additionally, hyperparameter tuning using Genetic Algorithm (GA), aiming to efficiently converge to the fittest hyperparameter set for each dataset was done. The bioinspired optimisation of Random Forest (RF) with GA achieved an average accuracy of 99.85% when it was tested against the three datasets. The model was then developed into a software product. The YouTube link of the project and demo of the software developed: https://youtu.be/gNQjC91VtOI

The frequent occurrence of cyber-attacks has made webshell attacks and defense gradually become a research hotspot in the field of network security. However, the lack of publicly available benchmark datasets and the over-reliance on manually defined rules for webshell escape sample generation have slowed down the progress of research related to webshell escape sample generation strategies and artificial intelligence-based webshell detection algorithms. To address the drawbacks of weak webshell sample escape capabilities, the lack of webshell datasets with complex malicious features, and to promote the development of webshell detection technology, we propose the Hybrid Prompt algorithm for webshell escape sample generation with the help of large language models. As a prompt algorithm specifically developed for webshell sample generation, the Hybrid Prompt algorithm not only combines various prompt ideas including Chain of Thought, Tree of Thought, but also incorporates various components such as webshell hierarchical module and few-shot example to facilitate the LLM in learning and reasoning webshell escape strategies. Experimental results show that the Hybrid Prompt algorithm can work with multiple LLMs with excellent code reasoning ability to generate high-quality webshell samples with high Escape Rate (88.61% with GPT-4 model on VIRUSTOTAL detection engine) and Survival Rate (54.98% with GPT-4 model).

Attack vectors are continuously evolving in order to evade Intrusion Detection systems. Internet of Things (IoT) environments, while beneficial for the IT ecosystem, suffer from inherent hardware limitations, which restrict their ability to implement comprehensive security measures and increase their exposure to vulnerability attacks. This paper proposes a novel Network Intrusion Prevention System that utilises a SelfOrganizing Incremental Neural Network along with a Support Vector Machine. Due to its structure, the proposed system provides a security solution that does not rely on signatures or rules and is capable to mitigate known and unknown attacks in real-time with high accuracy. Based on our experimental results with the NSL KDD dataset, the proposed framework can achieve on-line updated incremental learning, making it suitable for efficient and scalable industrial applications.

Recently one of my clients received a well-performed phishing attack with an "invoice", that like a lot of attachments was malware. Everything seemed to be legit except that the invoice ended in one of my honeypot inboxes. I usually deploy some email addresses, not in use active use by the company, that I monitor in order to catch attacks. The malware seems to be a trojan focused on stealing information. Furthermore being a fresh sample at the beginning is was only detected by six detection engines in VirusTotal, right now it detected by 18 over the 60 available on VirusTotal.

LOLA, the fake news detection platform designed by Dr. David Lopez was recently used to uncover the online bullies of Greta Thunberg Fake news has become a menace that has resulted in bullying of unsuspecting victims. People fall prey to these fake tabloids and the age of social media makes it easier for them to generate hate in a matter of minutes. There are scores of these hoax newsrooms which spread wrong news disguised as authentic information via mediums like Instagram, Twitter, and Facebook. These platforms amplify the news effect manifold and drive traffic to the fake news site. The main agenda behind such sites are generally monetary or political.

Cyber security vendors and researchers have reported for years how PowerShell is being used by cyber threat actors to install backdoors, execute malicious code, and otherwise achieve their objectives within enterprises. Security is a cat-and-mouse game between adversaries, researchers, and blue teams. The flexibility and capability of PowerShell has made conventional detection both challenging and critical. This blog post will illustrate how FireEye is leveraging artificial intelligence and machine learning to raise the bar for adversaries that use PowerShell. PowerShell is one of the most popular tools used to carry out attacks.

Humanity has been fascinated with artificial intelligence (AI) for the better part of a century -- from Aldus Huxley's "Brave New World" and Gene Roddenberry's "Star Trek" to the "Matrix" trilogy and the most recent season of "The X-Files." AI-based algorithms, specifically machine learning algorithms, enable news-curating apps such as Flipboard to deliver content to users that match their individual tastes. Reuters uses AI to review social media posts, news stories and readers' habits to generate opinion editorials. The city of Atlanta is installing smart traffic lights based on AI algorithms to help alleviate traffic congestion. AI is also being used to control street lights, automate certain elements of office buildings, automate customer service chat features and perform concierge services at hotels and offices around the world.

If you've been to a security conference in the last year you've probably seen more than 20 different vendors all talking about endpoint security. Some might be talking about next generation anti-virus, endpoint detection and response, and even the much lauded machine learning. How do you cut through the clutter and noise to find what you are looking for? Next generation endpoint security (NGES) is the convergence of multiple technologies. When I talk to customers about what's missing in their AV, they say it doesn't do a good job of showing anything after the fact, so they picked up an endpoint detection and response (EDR) tool.