EpochZero Learn
EpochZero LearnMulti-Domain Tech Learning Hub
Courses
LeaderboardAbout
Dashboard
EpochZero
EpochZero Learn
Multi-Domain Tech Learning Hub

Structured learning for Reverse Engineering, Cloud Security, Cryptography, and Web Development. Articles, videos, tests, and peer discussion.

Learn

  • Learning Path
  • All Articles
  • Video Lessons
  • Podcast
  • eBooks & PDFs
  • Question Banks
  • Cheatsheets
  • MCQ Banks

Tests & Forum

  • All Tests
  • REMA Tests
  • Cloud Tests
  • Forum
  • REMA Forum
  • Cloud Forum
  • Crypto Forum
  • Web Dev Forum

Campus

  • REMA Club
  • Full Stack Dev Club
  • Extension Activity
  • Events
  • CTF Competitions
  • Workshops
  • Industrial Visits

Platform

  • Dashboard
  • Leaderboard
  • About
  • Verify Certificate

© 2026 EpochZero Learn. Educational content for learning purposes.

Course Instructor: Ashish Revar

All articles
research-methodologyresearch-misconductfabricationfalsification

Research Misconduct: Fabrication, Falsification, and Plagiarism

Most research-integrity offices organise misconduct into three categories abbreviated FFP. What makes the security-domain versions worth studying separately is that the downstream consequences — defences that do not work, benchmarks that cannot be replicated — affect people who never read the paper that contained the misconduct.

Ashish Revar7 July 20268 min read2 views

Sign in to mark this article as read and track your progress.

More articlesTest your knowledge

The Three FFP Categories

Most research integrity offices, in India and internationally, organise misconduct into three categories:

Fabrication. Inventing data or results that were never actually observed. Example: reporting a detection accuracy figure from a test that was never run, or inventing entries in a malware-sample log.

Falsification. Manipulating real data, equipment, or a process so the record no longer honestly represents what happened. Example: running a classifier under controlled lab conditions, then reporting that result as if it were measured in production; or selectively rerunning a comparison after a configuration error is found and reporting both conditions as if they had been run correctly from the start.

Plagiarism. Presenting another person's words, data, or ideas as one's own — covering the full range of forms from verbatim copying to self-plagiarism.

Why the Downstream Consequences Differ

In security research, an FFP violation does not only damage the researcher's career or the field's publication record. It damages the defences that depend on the research being correct:

TypeIn security researchWhy it matters beyond misconduct rules
FabricationReporting detection accuracy from a test never actually runA detection system built on a fabricated benchmark gives no real protection
FalsificationReporting a lab result as if measured in productionDefences calibrated to falsified benchmarks fail under real conditions, directly harming users
PlagiarismCopying a threat-model section without citationThe field's knowledge base depends on attribution so each claim can be challenged, replicated, and built on

Malware's Own Behaviour as an Analogy for Falsification

Malware analysts study software written specifically to behave differently when it is being observed. Many well-documented malware families check for the presence of a sandbox, debugger, or virtual machine and either refuse to run or behave harmlessly if they detect one — so that automated analysis systems record a false, benign picture of what the sample does in the field.

This is falsification carried out by code rather than by a person typing false numbers, but the underlying offence is the same: the recorded result no longer honestly represents what happens under real conditions. A benchmark or reported result that only looks good under the exact conditions it was tested in, and fails outside them, is falsification's academic equivalent — whether or not anyone intended it that way.

This is precisely why the methodology section of a research paper exists: to describe the conditions so precisely that another researcher knows where the result does and does not apply.

The UGC 2018 Plagiarism Regulations

India's University Grants Commission regulation "Promotion of Academic Integrity and Prevention of Plagiarism in Higher Educational Institutions" (2018) sets four consequence levels for theses and dissertations:

LevelSimilarityConsequence
0Up to 10%Minor similarity, no penalty
1Above 10% to 40%Student must submit a revised manuscript within 6 months
2Above 40% to 60%Student is debarred from resubmitting for 1 year
3Above 60%Registration for the degree is cancelled

Fabrication Versus Falsification: A Distinction That Matters

Fabrication invents a result entirely. A researcher who claims to have run 10,000 malware samples through a new detector when they ran 200 has fabricated data. Falsification distorts a real result: a researcher who ran 10,000 but quietly removed the 3,000 that produced false negatives before reporting the accuracy figure has falsified — the test was real, but the record does not honestly represent it.

The Rossow et al. finding discussed in Chapter 2 — that a quarter of 36 published malware studies made questionable assumptions about their datasets — is evidence of how easily a methodology can drift into being misleading without any decision to lie. Which is exactly why a carefully written methodology section matters as much as good intentions.

Check Your Understanding

A researcher compares two malware detectors on the same 10,000-sample set. She gets a good result for Detector A. She later discovers she misconfigured Detector B's threshold. She quietly reruns only Detector B with the correct threshold and reports both numbers as if both had been run correctly from the start. Which FFP category does this fall under? Does it matter that she did not manually enter false data?