Research Article
A Survey of Malware Risk Detection Techniques in Cloud
Ahmad Faiz Ghazali1, Muhamad Hariz Muhamad Adnan2,Okta Nurika3, Nurul Akhmal Mohd Zulkefli4
1
SEGi University, Kota Damansara, Malaysia
2Universiti Pendidikan Sultan Idris, Tanjung Malim, Malaysia 3DGIT Systems, 313 La Trobe Street Melbourne, Victoria, Australia
4Dhofar University, P.O.Box: 2509, postal code: 211, Salalah, Sultanate of Oman
faizghazali@segi.edu.my1, mhariz@fskik.upsi.edu.my2, onurika@dgitsystems.com3, nzulkefli@du.edu.om4 Article History: Received: 10 November 2020; Revised: 12 January 2021; Accepted: 27 January 2021; Published online: 05 April 2021
Abstract: This article aims to contribute in securing information technology (IT) systems and processes for information
security by utilizing malware risk detection for decision-making processes to mitigate cyber-attacks. It has potential to be a real threat to the businesses and industrial applications. The risk management is an essential component where it can present a new information security model for supporting decision making. The current ideologies such as the anti-virus, malware and firewalls detection and protection are proving to be ineffective as they were not specifically designed for multi-tenant cloud environments. Therefore, this article presents a survey of malware risk detection techniques in cloud. The survey was conducted on publications from Scopus from the last 5 years. The findings indicate the current malware detection techniques are not enough to effectively detect and protect the cloud environments.
Keywords: Malware Risk Detection, Cloud Services, Information System Security, Decision-Makers
1. Introduction
Malware is a software that aimed to access computer systems and network resources without the system owner's permission to violate the availability and integrity of data and threaten user privacy [1]. Malware includes Viruses, Worm, Trojans-horse, Rootkit, Backdoor, Botnet, Spyware, and Ransomware, with the Ransomware has led the pack as one of the most threatening malware [1]. It may encrypts files across a network connected backup servers [1]. The malware may attack the cloud environments as well. Several ideologies such as the anti-virus, malware and firewalls detection and protection are proving to be ineffective as they were not specifically designed for multi-tenant cloud environments [2].
Cloud computing is a network access model to a shared computing resources with dynamic capabilities [3]. It is also known as “on-demand resources”, where its resource must be able to be monitored, controlled and reported [4]. The cloud services has many benefits to customer and its providers [5, 6]. However, the cloud is not free from malware attacks. The dependence on the virtualized computer can introduce malware risks. This is because the nature of the cloud has not been thoroughly explored from the perspective of security issues [7]. The appropriate anomaly detection especially malware risk detection is the main focus in the survey presented in this paper.
All data centers in the cloud can face the consequences of cyber-attack; not only a few VMs under risk [8]. In the implementation of the VM environment, vulnerability may occur where there is also malware risk detection. This is due to the complexity of the VM environment itself. Therefore, a better security policy towards the VM environment needs to be established [9]. A mechanism for malware risk detection can be an important complementary need in the setting of the network environment. Data in the cloud can then be protected and any malware risk can be accurately detected.
Machine learning is a subfamily of artificial intelligence that allows for the machine to be smart [10]. It is one of the detection methods for identifying the risk of malware [11]. Unsupervised learning techniques can also be used to observe the behaviors of users in the network [12]. Software applications on the cloud are penetrable to exploitation by malware intrusion. This is made possible by malware’s ability to bypass stack protection and firewall by piggy-backing on HyperText Transfer Protocol (HTTP) logging, and modifying kernel and library [13]. Therefore, the network flow must be monitored and analyzed to identify malware intrusion. A practical tool to accomplish this must be developed and be easily used by the managerial board, in order to guarantee customer’s data privacy on the cloud.
The above-mentioned data privacy breach risk is what is holding back enterprise clients to migrate their services to the cloud. Hence, cloud providers must have a secure network and system infrastructure to cater to resilient
A Survey of Malware Risk Detection Techniques in Cloud
security requirements demanded by the clients [12]. This stringent practice has been discussed by [7]. Another paper recommends a retrospective decision technique to detect malware intrusion, due to its capability to authenticate users and hosts that are accessing the same file in parallel [14]. It uses historical data to accomplish this objective. Since the enterprise cloud is having a stronger association with the Internet of Things (IoT), hence this vast platform is a major subject of this recommended malware intrusion detection technique.
The paper is organized as follows: section 2 presents the survey of malware risk detection techniques in cloud. Section 3 discusses the findings while in section 4, the study is concluded.
2. Survey of Malware Risk Detection Techniques in Cloud
The malware risk detection techniques are classified into a framework or platform-based techniques, algorithm-based techniques, apps or system-based techniques and other techniques category.
Framework or Platform-based Techniques
At present, there is an agent-based malware intrusion detection (AMD) technique, which is being proposed to secure cloud services virtualization [15]. This method uses an agent called viz that is guided by a virtual machine (VM) and an anomaly detection component runs on the VM’s hypervisor. Viz would pro-actively look for malware signature in all process deployments in the VM. In case the malware is of a zero attack, it builds the malware profile using optimal features, which are deducted by implementing an extended binary bat algorithm with two fitness functions. This built profile is then sent to the VM’s hypervisor, where the anomaly detection would utilize it coupled with a random forest classifier in its operation. This framework has been validated at NIT Goa’s cloud platform.
A more comprehensive cloud security suite is proposed by [16] for multi-cloud applications, which revolves around Service Level Agreement (SLA). This framework consists of multiple points of data observation, in order to identify and detect new malware variants. Till present, it has been implemented in the smart city of Tampere, Finland. Realizing its importance, Malaysia is also currently working towards the secure implementations in smart city [30]. Cyber security can also enhance productivity if the risk management is practiced across organizations, provided with the proper framework or platform-based techniques. In another relation to cloud security in SLA, [2] have developed a framework to detect malicious user activity and report it to authorities without exposing other users’ data privacy.
Algorithm-based Techniques
Machine learning algorithms have been integrated in order to detect malware intrusion towards a cloud’s VM e.g. a work by [16], who have developed VM Analyzer that evaluates system calls by utilizing Deep Learning and Convolution Neural Network (CNN).
Another machine learning based malware detection work by [17] implements Fuzzy and Fast Fuzzy Pattern Tree methods - with the latter is proven to be faster with the same level of acceptable accuracy.
A lighter algorithm is recommended by [18], which implements a 3-phase algorithm to identify malwares. Their framework is claimed to be light enough to run on commodity hardware.
The malware detection algorithm developed by [19] involves analyzing the source, destination, and path of the network packets, in order to deploy the suitable Virtual Machine Introspection (VMI) components. The detected malwares by VMI are then categorized according to their severity levels in impacting the business.
A malware detection algorithm that specifically monitors Domain Name Service (DNS) network traffic is built by [10]. The DNS traffic is used as a data set to train their classifier algorithm called Domain-Generation-Algorithms (DGA), in order to differentiate between malware and appropriate network packets.
A fundamental machine learning algorithm called Bayesian network is concluded to be sufficient in order to detect malware [20]. Such common machine learning algorithms are widely deployed on a data analytics platform called Hadoop, for examples are the deployments by [13] and [20]. There are various other machine learning
techniques that can be employed for malware risk detection including ant colony, particle swarm optimization [25], and decision tree [26].
Malware risk detection required more time if more features were used. On the contrary, it does not mean that more features could lead to higher detection accuracy. This is true particularly during the events that involved huge number of malware attacks. [25] used feature selection techniques including searching by utilizing ant colony, particle swarm optimization, and other generic search techniques. In order to obtain the final feature set for malware risk detection, the weights of those types of feature subsets are adjusted and the algorithms modeling are performed accordingly.
Apps or System-based Techniques
As presented by [17], the conniving application sidesteps security measures imposed by sandboxed operating systems such as Android, where the App complicity may present a hazard in the cloud environment. Thus, the Application Collusion Engine (ACE) was developed to produce mixtures of intriguing and non-conspiring Android applications that help researchers reasonably examine various methods of collision identification and assurance.
[1] proposed a reliable and stable standby system for locale-based toward malware assaults. The recommended standby system is part of three areas: Un-safe, Middle, and Safe locales relying upon the danger of malware contagions. The unsafe area refers to the public network of files that are installed at a local machine and vulnerable for malware outbreaks. Meanwhile, a protected area is separated over the Internet from the computer’s remote and local systems. When the middle region is assured not to be compromised with malware, it is shifted to the secure zone. The accuracy of the proposed system was tested using modeling for fault tolerance.
The CloudEyes, proposed by [22] is an anti-malware system based on the cloud concept. It is introduced due to the conventional host-based security solution that is irrelevant to malware attack development. The system was claimed to provide resource-constrained devices with reliable and trustworthy security services. The CloudEyes is a new trademark that uses an adjustable framework and applies a trivial client scanning agent that serves disciplinary and precise signature fragment directions in a cloud server for the unknown cross-filtering. Furthermore, the index of signature fragments is used in CloudEyes to significantly decrease the series of precise similarity and simultaneously obtain valuable data protection and data privacy detection. Through distributing sketch coordinates and automated hashing, the CloudEyes ensures the privacy of the data and economical communications alike. The output was measured using suspicious traffic on the campus as well as the usual data.
[18] proposed a machine root state detection method relying on the log. The approach used the current log information to identify signs and validate the root condition of the device. Besides, the approach is used to firm special operations ' triggering attributes for updating and enhancing the record. The explanation for this was that current root detection methods for Android were discovered to disregard the traces of related actions in the log. Also, some great mobile apps have implemented mechanisms for identification to reduce possible security threats, however, there is still a lack of universality in current root safety and detection. The proposed root state detection method dependent on the system log may retain a few of the log details to authenticate if the system has been rooted or not.
Meanwhile, [19] created approaches known as the Droid-Smart Fuzzer anti-spy-ware applications to minimize the risk of attacks. Droid-Smart Fuzzer is intended with the ability to detect risk from any related malicious application as well as to stop privileges.
Information system security is always being a target for malicious risk. One of the risk online systems is online education which has increased the data traffic [20]. Detecting malware risk through cloud services is among the promising approaches to mobile security.
Due to various techniques found in the deployment process in mobile apps, the risk identification of mobile malware has increased. This can result in installing repackaged licensed apps with malware, drive-by-downloading, or expound malicious versions through jailbroken apps [21].
[7] stated to identify some features of the system and the network by studying the Kelihos malware. [2] identify the potential system and methods used during a cyber-attack to avoid the problem analysis phase process.
A Survey of Malware Risk Detection Techniques in Cloud
Blitzdump is proven to effectively enhance the efficiency of query responses by up to 6000%. It outperformed the current methods in the performance perspective of the query function.
Other Techniques
With regards to rootkits – a malicious program that is able to gain itself root privilege, so that it escapes anomaly detection, so far, there are only a few established attempts that have been conducted to focus on its detection and containment.
A rootkit detection system in a VM utilizing data analysis on its hypervisor’s system calls collection has been validated by [23]. It is a method originally built by Oak Ridge National Laboratory's Beholder project. The data analysis applies the project’s own non-linear, phase-space algorithm that generates time-serial cyber dynamics which subsequently used in among comparisons of nominal and test behaviour profiles, in order to determine system anomalies.
In the IoT domain, it is claimed by [24] that platform security mechanism that prevents malicious vulnerability scanning has not been fully implemented. This is deemed challenging considering the vastly distributed nature of IoT devices/sensors. Especially in the healthcare sector, where IoT sensors may be physically attached to patients’ bodies, life-threatening consequences could occur when these sensors are compromised. Therefore, [24] has come up with a security assessment model specifically to protect the healthcare sector.
A more sophisticated layered malware detection method is designed by [25]. It is comprised of Memory Forensics Analysis (MFA) and Virtual Machine Introspection (VMI) components, in order to detect malware in a guest virtual machine. It extracts multiple dynamic type features, instead of a single dynamic type feature, which improves the effectiveness of malware detection. The implementation of the AdaBoost ensemble learning algorithm and voting component increase the improvement of accuracy for classification and detection.
A different approach to secure the cloud’s VM is formulated by [8], which prefers early prevention mitigation. They have developed a mathematical model called Integer Linear Programming (ILP) that calculates the risk of network intrusion. If a VM is located on a risky network segment, then it will be relocated subject to available storage. The above-mentioned method may complement firewall-based malware detection, which possesses a poor record of being bypassed regularly [13] due to its implementation design, which until this day does not cater to multi-tenant cloud services [2].
3. Discussions
Since the last decade, most of the related references to this research as cited in this review can be categorized under platform or framework (nine publications), and apps or system-based (nine publications), followed by algorithm-based (five publications). It was found that there was no major shift of categories in the previous ten years (2010 to 2019). Other references as cited in this paper are utilizing various of the other categories rather than framework or platform, apps or system-based, and algorithm-based.
There are various techniques being implemented in order to ensure the decision-making processes of malware risk detection can be done immediately without affecting the data or information. It is essential to protect the cloud against web exploit, data exfiltration, and malware risks. Malware risk issues are explicitly becoming the main focuses in several researches without mentioning whether they are referring in cloud [1, 15, 25-28]. On the other hand, malware risk focused on security in cloud is specifically addressed by several researches [16, 24, 29].
There are various techniques being implemented in order to ensure the decision-making processes of malware risk detection can be done immediately without affecting the data or information. It is essential to protect the cloud against web exploit, data exfiltration, and malware risks. This is because proper handling of risks is needed in order to fill in the security gap for implementing IoT in future smart city [30]. Malware risk detection must be done effectively and efficiently through a secure cloud environment as well as the applications in it.
One of the simplest yet clear diagram for understanding step-by-step risk analysis during malware attacks is demonstrated by [13] in Figure 1.
Figure 1. Taint 3-phase analysis [10]
Various analysis on malware have been done which includes using taint analysis [13], semantic analysis [26], fuzzy pattern tree [27] and zero-day resistant [28]. Specifically, [13] utilize defense evaluation metrics in order to perform risk analysis on malware.
On the other hand, machine learning techniques are increasingly applied to perform analysis not only in big data from the readily formatted offline sources but also in online sources through the world wide web and cloud. The researchers from the field of machine learning can refer to the research by [25] in order to easily understand the malware detection as illustrated in Figure 2.
Figure 2. Feature extraction process in Hypervisor [29]
The cloud-based malware has moved from personal computers (PCs) to mobile. This is true due to the exponential increase of mobile usages [21], hence a mobile malware detection framework will be useful for the future research (Figure 3).
A Survey of Malware Risk Detection Techniques in Cloud
Figure 3. Mobile malware detection framework [25]
In summary, the selected malware risk detection techniques from the last five (5) years of related research publications are depicted with more details in Table 1.
Table 1. Malware risk detection techniques in the selected publications from the last five (5) years of related researches
Category Technique(s) Outcome (Results)
Algorithm-based [26] VM Analyzer that uses deep learning to identify attacks at VM-layer in cloud environment.
Argued as better using machine learning techniques than older malware detection method in cloud
Framework or Platform based [15] Proposes a framework known as an integrated in-VM-assisted agent-based malware detection (AMD)
Argued to produce encouraging results
Algorithm-based [16] The fuzzy and fast fuzzy pattern tree algorithm used. It also transforms the programs’ OpCodes into a vector space. It uses feature extraction and fuzzy classification.
The fast fuzzy pattern tree in particular was argued to have high accuracy. The technique is robust
Apps or System-based [1] Region-based backup system to prepare for malware strike.
Argued to have the system reliability increased Algorithm-based [28] Using a 3 - phase exhaustive
technique that certifies the detection of malware.
Argued to be a lightweight solution
Others [23] Collection and analysis of the system call assembled on the hypervisor level.
Argued to be an effective technique in marking timing traces of infections
Apps or System-based [17] Use Application Collusion Engine (ACE) to autonomously build combinations of colluding and non-colluding Android apps
Argued to enable creation of 5,000 different colluding and non-colluding app sets. Assist researchers for collusion detection and protection methods evaluation Others [24] Introduce risk and security threats
to the IoT, security techniques and solutions, and evaluation
approach for IoT in healthcare
Recognition of the risk, techniques and evaluation approach
Framework or Platform [16] An observation platform for service level agreement (SLA)
Argued to allow users utilize the service responsively
based multi-cloud application security
Apps or System-based [25] Engage virtual machine
introspection (VMI) and memory forensics analysis (MFA) techniques
Argued to achieve detection accuracy of 0.9975 and effectively increased virtual machines security using machine learning techniques Framework or Platform [29] Label attacks in the IaaS cloud for
investigation with VMI-based mechanisms
Virtual Machine Introspection (VMI) has been proven to be an effective tool for malware detection and analysis in virtualized environments. Apps or System-based [31] Introduced the CloudEyes system
for security (anti-malware) in cloud
Argued to provide data privacy and low-cost communications while practically outperform other systems
Apps or System-based [18] Utilize log information to get clues and verify system root information
Log information can be used to identify rooted system Framework or Platform [11] Utilize regional ISP to monitor
and analyze DNS traffic by accessing the DNA data stream
Argued that the technique is feasible with proven utilization for internal risk management in organization
Algorithm [8] Use rapid risky VM migrating to quarantine and inspection centers to lower damage from attacks. Use Integer Linear Programming (ILP)
Argued to cost effectively migrates almost all targeted VMs
Apps or System-based [19] Introduced spyware application to highlight security weakness. Based on fuzz testing technique
Resulted to application of anti-spyware and
DroidSmart-Fuzzer to catch spyware
Algorithm [32] Artificial intelligence subfield, machine learning techniques, can be utilized for malware detection
Machine learning techniques are proven to be one of the efficient approach to increase malware detection rate
The real industry practices revealed that the efficiency of deep packet inspections (DPI) can occur as a result of increasing data volume due to an increase in communications. Cloud services architecture that already equipped with increasing data communications will automatically increase the security risks [22].
There is still lacking in proven research methods for malware detection. It was found that machine learning [25, 25, 32], a subfield of artificial intelligence, provides promising approaches as it has capability to learn based on historical data. The increase of available data nowadays may provide an opportunity for a more efficient malware risk detection through the implementation of big data mining.
4. Conclusion
Recent works of malware risk detection techniques in cloud were focusing on the platform and framework-based techniques, apps and system-based techniques and algorithm-based techniques. It was identified that the current malware detection techniques are not enough to effectively detect and protect the cloud environment.
5. Acknowledgement
We would like to acknowledge Universiti Pendidikan Sultan Idris (UPSI), Malaysia, for supporting this research and enable collaborations between universities.
A Survey of Malware Risk Detection Techniques in Cloud
References
1. Shon, M., et al. A robust and secure backup system for protecting malware. in Proceedings of the ACM Symposium on Applied Computing. 2019.
2. Flood, J. and A. Keane. A proposed framework for the active detection of security vulnerabilities in multi-tenancy cloud systems. in Proceedings - 3rd International Conference on Emerging Intelligent Data and Web Technologies, EIDWT 2012. 2012.
3. Adnan, M.H.M. and M.F. Hassan, Dynamic Pricing for Cloud Service Negotiation. Advanced Science Letters, 2016. 22(10): p. 2710-2714.
4. Adnan, M.H., M.F. Hassan, and I.A. Aziz, Business Level Objectives of Customer for Autonomous Cloud Service Negotiation. Advanced Science Letters, 2018. 24(10): p. 7524-7528. 5. Adnan, M.H., et al. A Survey and Future Vision of Double Auctions-Based Autonomous Cloud
Service Negotiations. 2019. Cham: Springer International Publishing.
6. Adnan, M.H., M.F. Hassan, and I.A. Aziz. Protocols for Agent-based Autonomous Negotiations: A Review. in International Conference on Computer & Information Sciences. 2016. KLCC, Kuala Lumpur, Malaysia.
7. Marnerides, A.K., et al. Malware analysis in cloud computing: Network and system characteristics. in 2013 IEEE Globecom Workshops, GC Wkshps 2013. 2013.
8. Karakoc, E. and F. Dikbiyik. Rapid migration of VMs on a datacenter under cyber attack over optical infrastructure. in 13th HONET-ICT International Symposium on Smart MicroGrids for Sustainable Energy Sources Enabled by Photonics and IoT Sensors, HONET-ICT 2016. 2016. 9. Noorafiza, M., et al. Vulnerability analysis using network timestamps in full virtualization virtual
machine. in ICISSP 2015 - 1st International Conference on Information Systems Security and Privacy, Proceedings. 2015.
10. Arasi, M.A. and S. Babu, Survey of Machine Learning Techniques in Medical Imaging. International Journal of Advanced Trends in Computer Science and Engineering, 2019. 8(5). 11. Heuer, T., et al. Recognizing Time-Efficiently Local Botnet Infections - A Case Study. in 2016
11th International Conference on Availability, Reliability and Security (ARES). 2016.
12. MacDermott, A., et al. Protecting critical infrastructure services in the cloud environment. in European Conference on Information Warfare and Security, ECCWS. 2013.
13. Mr. Rahul Sharma. (2018). Monitoring of Drainage System in Urban Using Device Free Localization Neural Networks and Cloud computing. International Journal of New Practices in Management and Engineering, 7(04), 08 - 14.
14. Wang, P., et al. Using taint analysis for threat risk of cloud applications. in Proceedings - 11th IEEE International Conference on E-Business Engineering, ICEBE 2014 - Including 10th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2014 and 1st Workshop on E-Commerce Engineering, ECE 2014. 2014.
15. Liu, S.T. and Y.M. Chen. Retrospective detection of malware attacks by cloud computing. in Proceedings - 2010 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2010. 2010.
16. Patil, R., H. Dudeja, and C. Modi, Designing in-VM-assisted lightweight agent-based malware detection framework for securing virtual machines in cloud computing. International Journal of Information Security, 2019.
17. Carvallo, P., A.R. Cavalli, and W. Mallouli, A platform for security monitoring of multi-cloud applications, in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2018. p. 59-71.
18. Blasco, J. and T.M. Chen, Automated generation of colluding apps for experimental research. Journal of Computer Virology and Hacking Techniques, 2018. 14(2): p. 127-138.
19. Jin, J. and W. Zhang, System log-based android root state detection, in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2017. p. 793-798.
20. Saad, M.H., A. Serageldin, and G.I. Salama. Android spyware disease and medication. in 2015 2nd International Conference on Information Security and Cyber Forensics, InfoSec 2015. 2016.
21. Yang, J., et al. Research on the Performance of Mining Packets of Educational Network for Malware Detection between PM and VM. in Proceedings - 2015 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2015. 2015. 22. Penning, N., et al. Mobile malware security challeges and cloud-based detection. in 2014
23. Smallwood, D. and A. Vance. Intrusion analysis with deep packet inspection: Increasing efficiency of packet based investigations. in Proceedings - 2011 International Conference on Cloud and Service Computing, CSC 2011. 2011.
24. Dawson, J.A., et al. Phase space detection of virtual machine cyber events through hypervisor-level system call analysis. in Proceedings - 2018 1st International Conference on Data Intelligence and Security, ICDIS 2018. 2018.
25. Abouzakhar, N.S., A. Jones, and O. Angelopoulou. Internet of Things Security: A Review of Risks and Threats to Healthcare Sector. in Proceedings - 2017 IEEE International Conference on Internet of Things, IEEE Green Computing and Communications, IEEE Cyber, Physical and Social Computing, IEEE Smart Data, iThings-GreenCom-CPSCom-SmartData 2017. 2018. 26. Zhang, J., et al. Malware Detection Based on Dynamic Multi-Feature Using Ensemble Learning
at Hypervisor. in 2018 IEEE Global Communications Conference, GLOBECOM 2018 - Proceedings. 2018.
27. Mishra, P., et al. VMAnalyzer: Malware Semantic Analysis using Integrated CNN and Bi-Directional LSTM for Detecting VM-level Attacks in Cloud. in 2019 12th International Conference on Contemporary Computing, IC3 2019. 2019.
28. Dovom, E.M., et al., Fuzzy pattern tree for edge malware detection and categorization in IoT. Journal of Systems Architecture, 2019. 97: p. 1-7.
29. Kumar, S. and C. Bhim Bhan Singh. A Zero-Day Resistant Malware Detection Method for Securing Cloud Using SVM and Sandboxing Techniques. in Proceedings of the International Conference on Inventive Communication and Computational Technologies, ICICCT 2018. 2018.
30. Rakotondravony, N., et al., Classifying malware attacks in IaaS cloud environments. Journal of Cloud Computing, 2017. 6(1).
31. Ghazali, A.F., Z.A. Amran, and S. Alias. Decision Support Systems in a Smart City: A Review. in International Conference on Industry 4.0: A Global Revolution in Business, Technology & Productivity. 2019. SEGi University, Kuala Lumpur.
32. Sun, H., et al., CloudEyes: Cloud-based malware detection with reversible sketch for resource-constrained internet of things (IoT) devices. Software - Practice and Experience, 2017. 47(3): p. 421-441.
33. Amer, A., and Aziz, N. A. Malware Detection through Machine Learning Techniques. in International Journal of Advanced Trends in Computer Science and Engineering, 2019. 8(5): p.
2408-2413. Available Online at
http://www.warse.org/IJATCSE/static/pdf/file/ijatcse82852019.pdf. ISSN 2278-3091. https://doi.org/10.30534/ijatcse/2019/82852019.
