Android smartphones have become an integral part of our daily lives,becoming targets for ransomware attacks.Such attacks encrypt user information and ask for payment to recover it.Conventional detection mechanisms,suc...Android smartphones have become an integral part of our daily lives,becoming targets for ransomware attacks.Such attacks encrypt user information and ask for payment to recover it.Conventional detection mechanisms,such as signature-based and heuristic techniques,often fail to detect new and polymorphic ransomware samples.To address this challenge,we employed various ensemble classifiers,such as Random Forest,Gradient Boosting,Bagging,and AutoML models.We aimed to showcase how AutoML can automate processes such as model selection,feature engineering,and hyperparameter optimization,to minimize manual effort while ensuring or enhancing performance compared to traditional approaches.We used this framework to test it with a publicly available dataset from the Kaggle repository,which contains features for Android ransomware network traffic.The dataset comprises 392,024 flow records,divided into eleven groups.There are ten classes for various ransomware types,including SVpeng,PornDroid,Koler,WannaLocker,and Lockerpin.There is also a class for regular traffic.We applied a three-step procedure to select themost relevant features:filter,wrapper,and embeddedmethods.The Bagging classifier was highly accurate,correctly getting 99.84%of the time.The FLAML AutoML framework was evenmore accurate,correctly getting 99.85%of the time.This is indicative of howwellAutoML performs in improving things with minimal human assistance.Our findings indicate that AutoML is an efficient,scalable,and flexible method to discover Android ransomware,and it will facilitate the development of next-generation intrusion detection systems.展开更多
In recent years,ransomware attacks have become one of the most common and destructive types of cyberattacks.Their impact is significant on the operations,finances and reputation of affected companies.Despite the effor...In recent years,ransomware attacks have become one of the most common and destructive types of cyberattacks.Their impact is significant on the operations,finances and reputation of affected companies.Despite the efforts of researchers and security experts to protect information systems from these attacks,the threat persists and the proposed solutions are not able to significantly stop the spread of ransomware attacks.The latest remarkable achievements of large language models(LLMs)in NLP tasks have caught the attention of cybersecurity researchers to integrate thesemodels into security threat detection.Thesemodels offer high embedding capabilities,able to extract rich semantic representations and paving theway formore accurate and adaptive solutions.In this context,we propose a new approach for ransomware detection based on an ensemblemethod that leverages three distinctLLMembeddingmodels.This ensemble strategy takes advantage of the variety of embedding methods and the strengths of each model.In the proposed solution,each embedding model is associated with an independently trainedMLP classifier.The predictions obtained are then merged using a weighted voting technique,assigning each model an influence proportional to its performance.This approach makes it possible to exploit the complementarity of representations,improve detection accuracy and robustness,and offer a more reliable solution in the face of the growing diversity and complexity of modern ransomware.展开更多
The Internet of Things(IoT)has gained more popularity in research because of its large-scale challenges and implementation.But security was the main concern when witnessing the fast development in its applications and...The Internet of Things(IoT)has gained more popularity in research because of its large-scale challenges and implementation.But security was the main concern when witnessing the fast development in its applications and size.It was a dreary task to independently set security systems in every IoT gadget and upgrade them according to the newer threats.Additionally,machine learning(ML)techniques optimally use a colossal volume of data generated by IoT devices.Deep Learning(DL)related systems were modelled for attack detection in IoT.But the current security systems address restricted attacks and can be utilized outdated datasets for evaluations.This study develops an Artificial Algae Optimization Algorithm with Optimal Deep Belief Network(AAA-ODBN)Enabled Ransomware Detection in an IoT environment.The presented AAAODBN technique mainly intends to recognize and categorize ransomware in the IoT environment.The presented AAA-ODBN technique follows a three-stage process:feature selection,classification,and parameter tuning.In the first stage,the AAA-ODBN technique uses AAA based feature selection(AAA-FS)technique to elect feature subsets.Secondly,the AAA-ODBN technique employs the DBN model for ransomware detection.At last,the dragonfly algorithm(DFA)is utilized for the hyperparameter tuning of the DBN technique.A sequence of simulations is implemented to demonstrate the improved performance of the AAA-ODBN algorithm.The experimental values indicate the significant outcome of the AAA-ODBN model over other models.展开更多
Crypto-ransomware remains a significant threat to governments and companies alike, with high-profile cyber security incidents regularly making headlines. Many different detection systems have been proposed as solution...Crypto-ransomware remains a significant threat to governments and companies alike, with high-profile cyber security incidents regularly making headlines. Many different detection systems have been proposed as solutions to the ever-changing dynamic landscape of ransomware detection. In the majority of cases, these described systems propose a method based on the result of a single test performed on either the executable code, the process under investigation, its behaviour, or its output. In a small subset of ransomware detection systems, the concept of a scorecard is employed where multiple tests are performed on various aspects of a process under investigation and their results are then analysed using machine learning. The purpose of this paper is to propose a new majority voting approach to ransomware detection by developing a method that uses a cumulative score derived from discrete tests based on calculations using algorithmic rather than heuristic techniques. The paper describes 23 candidate tests, as well as 9 Windows API tests which are validated to determine both their accuracy and viability for use within a ransomware detection system. Using a cumulative score calculation approach to ransomware detection has several benefits, such as the immunity to the occasional inaccuracy of individual tests when making its final classification. The system can also leverage multiple tests that can be both comprehensive and complimentary in an attempt to achieve a broader, deeper, and more robust analysis of the program under investigation. Additionally, the use of multiple collaborative tests also significantly hinders ransomware from masking or modifying its behaviour in an attempt to bypass detection. The results achieved by this research demonstrate that many of the proposed tests achieved a high degree of accuracy in differentiating between benign and malicious targets and suggestions are offered as to how these tests, and combinations of tests, could be adapted to further improve the detection accuracy.展开更多
Ransomware has emerged as a critical cybersecurity threat,characterized by its ability to encrypt user data or lock devices,demanding ransom for their release.Traditional ransomware detection methods face limitations ...Ransomware has emerged as a critical cybersecurity threat,characterized by its ability to encrypt user data or lock devices,demanding ransom for their release.Traditional ransomware detection methods face limitations due to their assumption of similar data distributions between training and testing phases,rendering them less effective against evolving ransomware families.This paper introduces TLERAD(Transfer Learning for Enhanced Ransomware Attack Detection),a novel approach that leverages unsupervised transfer learning and co-clustering techniques to bridge the gap between source and target domains,enabling robust detection of both known and unknown ransomware variants.The proposed method achieves high detection accuracy,with an AUC of 0.98 for known ransomware and 0.93 for unknown ransomware,significantly outperforming baseline methods.Comprehensive experiments demonstrate TLERAD’s effectiveness in real-world scenarios,highlighting its adapt-ability to the rapidly evolving ransomware landscape.The paper also discusses future directions for enhancing TLERAD,including real-time adaptation,integration with lightweight and post-quantum cryptography,and the incorporation of explainable AI techniques.展开更多
基金supported through theOngoing Research Funding Program(ORF-2025-498),King Saud University,Riyadh,Saudi Arabia.
文摘Android smartphones have become an integral part of our daily lives,becoming targets for ransomware attacks.Such attacks encrypt user information and ask for payment to recover it.Conventional detection mechanisms,such as signature-based and heuristic techniques,often fail to detect new and polymorphic ransomware samples.To address this challenge,we employed various ensemble classifiers,such as Random Forest,Gradient Boosting,Bagging,and AutoML models.We aimed to showcase how AutoML can automate processes such as model selection,feature engineering,and hyperparameter optimization,to minimize manual effort while ensuring or enhancing performance compared to traditional approaches.We used this framework to test it with a publicly available dataset from the Kaggle repository,which contains features for Android ransomware network traffic.The dataset comprises 392,024 flow records,divided into eleven groups.There are ten classes for various ransomware types,including SVpeng,PornDroid,Koler,WannaLocker,and Lockerpin.There is also a class for regular traffic.We applied a three-step procedure to select themost relevant features:filter,wrapper,and embeddedmethods.The Bagging classifier was highly accurate,correctly getting 99.84%of the time.The FLAML AutoML framework was evenmore accurate,correctly getting 99.85%of the time.This is indicative of howwellAutoML performs in improving things with minimal human assistance.Our findings indicate that AutoML is an efficient,scalable,and flexible method to discover Android ransomware,and it will facilitate the development of next-generation intrusion detection systems.
基金funded by the Deanship of Graduate Studies and Scientific Research at Jouf University under grant No.(DGSSR-2024-02-01176).
文摘In recent years,ransomware attacks have become one of the most common and destructive types of cyberattacks.Their impact is significant on the operations,finances and reputation of affected companies.Despite the efforts of researchers and security experts to protect information systems from these attacks,the threat persists and the proposed solutions are not able to significantly stop the spread of ransomware attacks.The latest remarkable achievements of large language models(LLMs)in NLP tasks have caught the attention of cybersecurity researchers to integrate thesemodels into security threat detection.Thesemodels offer high embedding capabilities,able to extract rich semantic representations and paving theway formore accurate and adaptive solutions.In this context,we propose a new approach for ransomware detection based on an ensemblemethod that leverages three distinctLLMembeddingmodels.This ensemble strategy takes advantage of the variety of embedding methods and the strengths of each model.In the proposed solution,each embedding model is associated with an independently trainedMLP classifier.The predictions obtained are then merged using a weighted voting technique,assigning each model an influence proportional to its performance.This approach makes it possible to exploit the complementarity of representations,improve detection accuracy and robustness,and offer a more reliable solution in the face of the growing diversity and complexity of modern ransomware.
基金This work was funded by the Deanship of Scientific Research at Princess Nourah bint Abdulrahman University,through the Research Groups Program Grant no.(RGP-1443-0048).
文摘The Internet of Things(IoT)has gained more popularity in research because of its large-scale challenges and implementation.But security was the main concern when witnessing the fast development in its applications and size.It was a dreary task to independently set security systems in every IoT gadget and upgrade them according to the newer threats.Additionally,machine learning(ML)techniques optimally use a colossal volume of data generated by IoT devices.Deep Learning(DL)related systems were modelled for attack detection in IoT.But the current security systems address restricted attacks and can be utilized outdated datasets for evaluations.This study develops an Artificial Algae Optimization Algorithm with Optimal Deep Belief Network(AAA-ODBN)Enabled Ransomware Detection in an IoT environment.The presented AAAODBN technique mainly intends to recognize and categorize ransomware in the IoT environment.The presented AAA-ODBN technique follows a three-stage process:feature selection,classification,and parameter tuning.In the first stage,the AAA-ODBN technique uses AAA based feature selection(AAA-FS)technique to elect feature subsets.Secondly,the AAA-ODBN technique employs the DBN model for ransomware detection.At last,the dragonfly algorithm(DFA)is utilized for the hyperparameter tuning of the DBN technique.A sequence of simulations is implemented to demonstrate the improved performance of the AAA-ODBN algorithm.The experimental values indicate the significant outcome of the AAA-ODBN model over other models.
文摘Crypto-ransomware remains a significant threat to governments and companies alike, with high-profile cyber security incidents regularly making headlines. Many different detection systems have been proposed as solutions to the ever-changing dynamic landscape of ransomware detection. In the majority of cases, these described systems propose a method based on the result of a single test performed on either the executable code, the process under investigation, its behaviour, or its output. In a small subset of ransomware detection systems, the concept of a scorecard is employed where multiple tests are performed on various aspects of a process under investigation and their results are then analysed using machine learning. The purpose of this paper is to propose a new majority voting approach to ransomware detection by developing a method that uses a cumulative score derived from discrete tests based on calculations using algorithmic rather than heuristic techniques. The paper describes 23 candidate tests, as well as 9 Windows API tests which are validated to determine both their accuracy and viability for use within a ransomware detection system. Using a cumulative score calculation approach to ransomware detection has several benefits, such as the immunity to the occasional inaccuracy of individual tests when making its final classification. The system can also leverage multiple tests that can be both comprehensive and complimentary in an attempt to achieve a broader, deeper, and more robust analysis of the program under investigation. Additionally, the use of multiple collaborative tests also significantly hinders ransomware from masking or modifying its behaviour in an attempt to bypass detection. The results achieved by this research demonstrate that many of the proposed tests achieved a high degree of accuracy in differentiating between benign and malicious targets and suggestions are offered as to how these tests, and combinations of tests, could be adapted to further improve the detection accuracy.
文摘Ransomware has emerged as a critical cybersecurity threat,characterized by its ability to encrypt user data or lock devices,demanding ransom for their release.Traditional ransomware detection methods face limitations due to their assumption of similar data distributions between training and testing phases,rendering them less effective against evolving ransomware families.This paper introduces TLERAD(Transfer Learning for Enhanced Ransomware Attack Detection),a novel approach that leverages unsupervised transfer learning and co-clustering techniques to bridge the gap between source and target domains,enabling robust detection of both known and unknown ransomware variants.The proposed method achieves high detection accuracy,with an AUC of 0.98 for known ransomware and 0.93 for unknown ransomware,significantly outperforming baseline methods.Comprehensive experiments demonstrate TLERAD’s effectiveness in real-world scenarios,highlighting its adapt-ability to the rapidly evolving ransomware landscape.The paper also discusses future directions for enhancing TLERAD,including real-time adaptation,integration with lightweight and post-quantum cryptography,and the incorporation of explainable AI techniques.
