The Internet of Things(IoT)has gained more popularity in research because of its large-scale challenges and implementation.But security was the main concern when witnessing the fast development in its applications and...The Internet of Things(IoT)has gained more popularity in research because of its large-scale challenges and implementation.But security was the main concern when witnessing the fast development in its applications and size.It was a dreary task to independently set security systems in every IoT gadget and upgrade them according to the newer threats.Additionally,machine learning(ML)techniques optimally use a colossal volume of data generated by IoT devices.Deep Learning(DL)related systems were modelled for attack detection in IoT.But the current security systems address restricted attacks and can be utilized outdated datasets for evaluations.This study develops an Artificial Algae Optimization Algorithm with Optimal Deep Belief Network(AAA-ODBN)Enabled Ransomware Detection in an IoT environment.The presented AAAODBN technique mainly intends to recognize and categorize ransomware in the IoT environment.The presented AAA-ODBN technique follows a three-stage process:feature selection,classification,and parameter tuning.In the first stage,the AAA-ODBN technique uses AAA based feature selection(AAA-FS)technique to elect feature subsets.Secondly,the AAA-ODBN technique employs the DBN model for ransomware detection.At last,the dragonfly algorithm(DFA)is utilized for the hyperparameter tuning of the DBN technique.A sequence of simulations is implemented to demonstrate the improved performance of the AAA-ODBN algorithm.The experimental values indicate the significant outcome of the AAA-ODBN model over other models.展开更多
Crypto-ransomware remains a significant threat to governments and companies alike, with high-profile cyber security incidents regularly making headlines. Many different detection systems have been proposed as solution...Crypto-ransomware remains a significant threat to governments and companies alike, with high-profile cyber security incidents regularly making headlines. Many different detection systems have been proposed as solutions to the ever-changing dynamic landscape of ransomware detection. In the majority of cases, these described systems propose a method based on the result of a single test performed on either the executable code, the process under investigation, its behaviour, or its output. In a small subset of ransomware detection systems, the concept of a scorecard is employed where multiple tests are performed on various aspects of a process under investigation and their results are then analysed using machine learning. The purpose of this paper is to propose a new majority voting approach to ransomware detection by developing a method that uses a cumulative score derived from discrete tests based on calculations using algorithmic rather than heuristic techniques. The paper describes 23 candidate tests, as well as 9 Windows API tests which are validated to determine both their accuracy and viability for use within a ransomware detection system. Using a cumulative score calculation approach to ransomware detection has several benefits, such as the immunity to the occasional inaccuracy of individual tests when making its final classification. The system can also leverage multiple tests that can be both comprehensive and complimentary in an attempt to achieve a broader, deeper, and more robust analysis of the program under investigation. Additionally, the use of multiple collaborative tests also significantly hinders ransomware from masking or modifying its behaviour in an attempt to bypass detection. The results achieved by this research demonstrate that many of the proposed tests achieved a high degree of accuracy in differentiating between benign and malicious targets and suggestions are offered as to how these tests, and combinations of tests, could be adapted to further improve the detection accuracy.展开更多
Ransomware has emerged as a critical cybersecurity threat,characterized by its ability to encrypt user data or lock devices,demanding ransom for their release.Traditional ransomware detection methods face limitations ...Ransomware has emerged as a critical cybersecurity threat,characterized by its ability to encrypt user data or lock devices,demanding ransom for their release.Traditional ransomware detection methods face limitations due to their assumption of similar data distributions between training and testing phases,rendering them less effective against evolving ransomware families.This paper introduces TLERAD(Transfer Learning for Enhanced Ransomware Attack Detection),a novel approach that leverages unsupervised transfer learning and co-clustering techniques to bridge the gap between source and target domains,enabling robust detection of both known and unknown ransomware variants.The proposed method achieves high detection accuracy,with an AUC of 0.98 for known ransomware and 0.93 for unknown ransomware,significantly outperforming baseline methods.Comprehensive experiments demonstrate TLERAD’s effectiveness in real-world scenarios,highlighting its adapt-ability to the rapidly evolving ransomware landscape.The paper also discusses future directions for enhancing TLERAD,including real-time adaptation,integration with lightweight and post-quantum cryptography,and the incorporation of explainable AI techniques.展开更多
基金This work was funded by the Deanship of Scientific Research at Princess Nourah bint Abdulrahman University,through the Research Groups Program Grant no.(RGP-1443-0048).
文摘The Internet of Things(IoT)has gained more popularity in research because of its large-scale challenges and implementation.But security was the main concern when witnessing the fast development in its applications and size.It was a dreary task to independently set security systems in every IoT gadget and upgrade them according to the newer threats.Additionally,machine learning(ML)techniques optimally use a colossal volume of data generated by IoT devices.Deep Learning(DL)related systems were modelled for attack detection in IoT.But the current security systems address restricted attacks and can be utilized outdated datasets for evaluations.This study develops an Artificial Algae Optimization Algorithm with Optimal Deep Belief Network(AAA-ODBN)Enabled Ransomware Detection in an IoT environment.The presented AAAODBN technique mainly intends to recognize and categorize ransomware in the IoT environment.The presented AAA-ODBN technique follows a three-stage process:feature selection,classification,and parameter tuning.In the first stage,the AAA-ODBN technique uses AAA based feature selection(AAA-FS)technique to elect feature subsets.Secondly,the AAA-ODBN technique employs the DBN model for ransomware detection.At last,the dragonfly algorithm(DFA)is utilized for the hyperparameter tuning of the DBN technique.A sequence of simulations is implemented to demonstrate the improved performance of the AAA-ODBN algorithm.The experimental values indicate the significant outcome of the AAA-ODBN model over other models.
文摘Crypto-ransomware remains a significant threat to governments and companies alike, with high-profile cyber security incidents regularly making headlines. Many different detection systems have been proposed as solutions to the ever-changing dynamic landscape of ransomware detection. In the majority of cases, these described systems propose a method based on the result of a single test performed on either the executable code, the process under investigation, its behaviour, or its output. In a small subset of ransomware detection systems, the concept of a scorecard is employed where multiple tests are performed on various aspects of a process under investigation and their results are then analysed using machine learning. The purpose of this paper is to propose a new majority voting approach to ransomware detection by developing a method that uses a cumulative score derived from discrete tests based on calculations using algorithmic rather than heuristic techniques. The paper describes 23 candidate tests, as well as 9 Windows API tests which are validated to determine both their accuracy and viability for use within a ransomware detection system. Using a cumulative score calculation approach to ransomware detection has several benefits, such as the immunity to the occasional inaccuracy of individual tests when making its final classification. The system can also leverage multiple tests that can be both comprehensive and complimentary in an attempt to achieve a broader, deeper, and more robust analysis of the program under investigation. Additionally, the use of multiple collaborative tests also significantly hinders ransomware from masking or modifying its behaviour in an attempt to bypass detection. The results achieved by this research demonstrate that many of the proposed tests achieved a high degree of accuracy in differentiating between benign and malicious targets and suggestions are offered as to how these tests, and combinations of tests, could be adapted to further improve the detection accuracy.
文摘Ransomware has emerged as a critical cybersecurity threat,characterized by its ability to encrypt user data or lock devices,demanding ransom for their release.Traditional ransomware detection methods face limitations due to their assumption of similar data distributions between training and testing phases,rendering them less effective against evolving ransomware families.This paper introduces TLERAD(Transfer Learning for Enhanced Ransomware Attack Detection),a novel approach that leverages unsupervised transfer learning and co-clustering techniques to bridge the gap between source and target domains,enabling robust detection of both known and unknown ransomware variants.The proposed method achieves high detection accuracy,with an AUC of 0.98 for known ransomware and 0.93 for unknown ransomware,significantly outperforming baseline methods.Comprehensive experiments demonstrate TLERAD’s effectiveness in real-world scenarios,highlighting its adapt-ability to the rapidly evolving ransomware landscape.The paper also discusses future directions for enhancing TLERAD,including real-time adaptation,integration with lightweight and post-quantum cryptography,and the incorporation of explainable AI techniques.
