Awesome Forensics

Key papers

• Learning The Associations Of MITRE ATT&CK Adversarial Techniques (2020)
  Rawan Al-Shaer, Jonathan M. Spring, Eliana Christou
  14.69
• Detecting Malicious Powershell Commands Using Deep Neural Networks (2018)
  Danny Hendler, Shay Kels, Amir Rubin
  14.11
• A Few-shot Meta-learning Based Siamese Neural Network Using Entropy Features For Ransomware Classification (2021)
  Jinting Zhu, Julian Jang-Jaccard, Amardeep Singh, et al.
  14.02
• Deephunter: A Graph Neural Network Based Approach For Robust Cyber Threat Hunting (2021)
  Renzheng Wei, Lijun Cai, Aimin Yu, et al.
  12.99
• Ast-based Deep Learning For Detecting Malicious Powershell (2018)
  Gili Rusak, Abdullah Al-Dujaili, Una-May O'Reilly
  10.97
• A Comprehensive Study On Learning-based PE Malware Family Classification Methods (2021)
  Yixuan Ma, Shuang Liu, Jiajun Jiang, et al.
  10.07
• Ransomai: Ai-powered Ransomware For Stealthy Encryption (2023)
  Jan von Der Assen, Alberto Huertas Celdrán, Janik Luechinger, et al.
  8.82
• Advanced Persistent Threats (APT) Attribution Using Deep Reinforcement Learning (2024)
  Animesh Singh Basnet, Mohamed Chahine Ghanem, Dipo Dunsin, et al.
  8.09
• RAIDER: Reinforcement-aided Spear Phishing Detector (2021)
  Keelan Evans, Alsharif Abuadbba, Tingmin Wu, et al.
  8.09
• Beyond Labeling: Using Clustering To Build Network Behavioral Profiles Of Malware Families (2019)
  Azqa Nadeem, Christian Hammerschmidt, Carlos H. Gañán, et al.
  7.50
• Classification And Online Clustering Of Zero-day Malware (2023)
  Olha Jurečková, Martin Jureček, Mark Stamp, et al.
  7.16
• On Deceiving Malware Classification With Section Injection (2022)
  Adeilson Antonio da Silva, Mauricio Pamplona Segundo
  6.34
• APOLLO: A Gpt-based Tool To Detect Phishing Emails And Generate Explanations That Warn Users (2024)
  Giuseppe Desolda, Francesco Greco, Luca Viganò
  6.34
• Community Targeted Phishing: A Middle Ground Between Massive And Spear Phishing Through Natural Language Generation (2017)
  Alberto Giaretta, Nicola Dragoni
  5.84
• Eagleeye: Attention To Unveil Malicious Event Sequences From Provenance Graphs (2024)
  Philipp Gysel, Candid Wüest, Kenneth Nwafor, et al.
  5.84
• Malcl: Leveraging Gan-based Generative Replay To Combat Catastrophic Forgetting In Malware Classification (2025)
  Jimin Park, Ahyun Ji, Minji Park, et al.
  5.46
• SPADE: Enhancing Adaptive Cyber Deception Strategies With Generative AI And Structured Prompt Engineering (2025)
  Shihab Ahmed, A B M Mohaimenur Rahman, Md Morshed Alam, et al.
  5.04
• A Proactive Decoy Selection Scheme For Cyber Deception Using MITRE ATT&CK (2024)
  Marco Zambianco, Claudio Facchinetti, Domenico Siracusa
  4.52
• The Perceived Fragility of Explanations in Audio Models: Manipulation of Attribution with Unchanged Predictions (2026)
  Piotr Kit{\l}owski et al.
  4.39
• When Errors Become Narratives: A Longitudinal Taxonomy of Silent Failures in a Production LLM Agent Runtime (2026)
  Wei Wu
  4.39
• Botnet Detection on CTU-13 Using Lightweight Machine Learning Models (2026)
  Subhash Gurappa et al.
  4.33
• AI-Driven Cybercrime Forensics for Predictive Threat Detection and Investigative Intelligence (2026)
  Atif Khan
  4.26
• XAI-Driven Malware Detection from Memory Artifacts: An Alert-Driven AI Framework with TabNet and Ensemble Classification (2026)
  Aristeidis Mystakidis et al.
  4.26
• Phishinghook: Catching Phishing Ethereum Smart Contracts Leveraging EVM Opcodes (2025)
  Pasquale de Rosa, Simon Queyrut, Yérom-David Bromberg, et al.
  2.93
• SPECTRE: A Hybrid System For An Adaptative And Optimised Cyber Threats Detection, Response And Investigation In Volatile Memory (2025)
  Arslan Tariq Syed, Mohamed Chahine Ghanem, Elhadj Benkhelifa, et al.
  2.93
• Rule-att&ck Mapper (RAM): Mapping SIEM Rules To Ttps Using Llms (2025)
  Prasanna N. Wudali, Moshe Kravchik, Ehud Malul, et al.
  2.93
• Tracking Cyber Adversaries With Adaptive Indicators Of Compromise (2017)
  Justin E. Doak, Joe B. Ingram, Sam A. Mulder, et al.
  2.26
• Detecting Centralized Architecture-based Botnets Using Travelling Salesperson Non-deterministic Polynomial-hard Problem, TSP-NP Technique (2020)
  Victor R. Kebande, Nickson M. Karie, Richard Adeyemi Ikuesan, et al.
  2.26
• RedAct: Redacting Agent Capability Traces for Procedural Skill Protection (2026)
  Shuwen Xu et al.
  2.00
• Automating Cloud Security And Forensics Through A Secure-by-design Generative AI Framework (2026)
  Dalal Alharthi, Ivan Roberto Kawaminami Garcia
  2.00
• Tl-rl-fusionnet: An Adaptive And Efficient Reinforcement Learning-driven Transfer Learning Framework For Detecting Evolving Ransomware Threats (2026)
  Jannatul Ferdous, Rafiqul Islam, Arash Mahboubi, et al.
  2.00
• Internet Malware Propagation: Dynamics And Control Through SEIRV Epidemic Model With Relapse And Intervention (2026)
  Samiran Ghosh, V Anil Kumar
  2.00
• Cutting The Gordian Knot: Detecting Malicious Pypi Packages Via A Knowledge-mining Framework (2026)
  Wenbo Guo, Chengwei Liu, Ming Kang, et al.
  2.00
• From Component Manipulation To System Compromise: Understanding And Detecting Malicious MCP Servers (2026)
  Yiheng Huang, Zhijia Zhao, Bihuan Chen, et al.
  2.00
• Cleanbase: Detecting Malicious Documents In RAG Knowledge Databases (2026)
  Weifei Jin, Xilong Wang, Wei Zou, et al.
  2.00
• Reproducibility In Event-log Research: A Parametrised Generator And Benchmark For Event-based Signatures (2026)
  Saad Khan, Simon Parkinson, Monika Roopak
  2.00
• Rhea: Detecting Privilege-escalated Evasive Ransomware Attacks Using Format-aware Validation In The Cloud (2026)
  Beom Heyn Kim, Seok Min Hong, Mohammad Mannan
  2.00
• Regular Expression Denial Of Service Induced By Backreferences (2026)
  Yichen Liu, Berk Çakar, Aman Agrawal, et al.
  2.00
• Learning The APT Kill Chain: Temporal Reasoning Over Provenance Data For Attack Stage Estimation (2026)
  Trung V. Phan, Thomas Bauschert
  2.00
• An Integrated Endpoint Detection and Response Framework Utilizing Image-Based Malware Detection, Memory Forensics, and Behavioral Analysis (2026)
  Dharmesh P et al.
  2.00
• Real-Time Nlp Pipelines For Proactive Threat Detection In High-Velocity Data Streams (2026)
  Abhishek Suman
  2.00
• Mempot: Defending Against Memory Extraction Attack With Optimized Honeypots (2026)
  Yuhao Wang, Shengfang Zhai, Guanghao Jin, et al.
  2.00
• Backbone is All You Need: Assessing Vulnerabilities of Frozen Foundation Models in Synthetic Image Forensics (2026)
  C. Musso et al.
  1.94
• Self-Supervised Learning for Android Malware Detection on a Time-Stamped Dataset (2026)
  Annan Fu et al.
  1.89
• Evidence Of Cognitive Biases In Capture-the-flag Cybersecurity Competitions (2025)
  Carolina Carreira, Anu Aggarwal, Alejandro Cuevas, et al.
  1.33
• Phishkey: A Novel Centroid-based Approach For Enhanced Phishing Detection Using Adaptive HTML Component Extraction (2025)
  Felipe Castaño, Eduardo Fidalgo, Enrique Alegre, et al.
  1.33
• Phishlumos: An Adaptive Multi-agent System For Proactive Phishing Campaign Mitigation (2025)
  Daiki Chiba, Hiroki Nakano, Takashi Koide
  1.33
• A Comprehensive Review Of Denial Of Wallet Attacks In Serverless Architectures (2025)
  Mark Dorsett, Scott Mann, Jabed Chowdhury, et al.
  1.33
• Neural Encrypted State Transduction For Ransomware Classification: A Novel Approach Using Cryptographic Flow Residuals (2025)
  Barnaby Fortescue, Edmund Hawksmoor, Alistair Wetherington, et al.
  1.33
• Cybersleuth: Autonomous Blue-team LLM Agent For Web Attack Forensics (2025)
  Stefano Fumero, Kai Huang, Matteo Boffa, et al.
  1.33
• Bounty Hunter: Autonomous, Comprehensive Emulation Of Multi-faceted Adversaries (2025)
  Louis Hackländer-Jansen, Rafael Uetz, Martin Henze
  1.33
• Evomail: Self-evolving Cognitive Agents For Adaptive Spam And Phishing Email Defense (2025)
  Wei Huang, de-Tian Chu, Lin-Yuan Bai, et al.
  1.33
• Pimref: Detecting And Explaining Ever-evolving Spear Phishing Emails With Knowledge Base Invariants (2025)
  Ruofan Liu, Yun Lin, Silas Yeo Shuen Yu, et al.
  1.33
• Trojandec: Data-free Detection Of Trojan Inputs In Self-supervised Learning (2025)
  Yupei Liu, Yanting Wang, Jinyuan Jia
  1.33
• Ancora: Accurate Intrusion Recovery For Web Applications (2025)
  Yihao Peng, Biao Ma, Hai Wan, et al.
  1.33
• "explain, Don't Just Warn!" -- A Real-time Framework For Generating Phishing Warnings With Contextual Cues (2025)
  Sayak Saha Roy, Cesar Torres, Shirin Nilizadeh
  1.33
• Modeling Behavioral Preferences Of Cyber Adversaries Using Inverse Reinforcement Learning (2025)
  Aditya Shinde, Prashant Doshi
  1.33
• Send To Which Account? Evaluation Of An Llm-based Scambaiting System (2025)
  Hossein Siadati, Haadi Jafarian, Sima Jafarikhah
  1.33
• Mcptox: A Benchmark For Tool Poisoning Attack On Real-world MCP Servers (2025)
  Zhiqiang Wang, Yichao Gao, Yanting Wang, et al.
  1.33
• A Set Of Generalized Components To Achieve Effective Poison-only Clean-label Backdoor Attacks With Collaborative Sample Selection And Triggers (2025)
  Zhixiao Wu, Yao Lu, Jie Wen, et al.
  1.33