AI-enhanced Defense Against Ransomware Within the Organization’s Architecture

Authors

  • B. N. Chaithanya CSE, GITAM School of Technology, Bangalore, India
  • S. H. Brahmananda CSE, GITAM School of Technology, Bangalore, India

DOI:

https://doi.org/10.13052/jcsm2245-1439.1146

Keywords:

Ransomware detection, Ransomware prediction, Data analysis, Natural Language Processing, deep learning, LSTM

Abstract

Ransomware is a type of revenue-generating tactic that cybercriminals utilize to improve their income. Businesses have spent billions of dollars recovering control of their resources, which may include confidential data, operational applications and models, financial transactions, and other information, as a result of malicious software. Ransomware can infiltrate a resource or device and restrict the owner from accessing or utilizing it. There are various obstacles that a business must overcome in order to avoid ransomware attacks. Traditional ransomware detection systems employ a static detection method in which a finite dataset is provided into the system and a logical check is performed to prevent ransomware attacks against the system. This was effective in the early stages of the internet, but the scenario of recent times is far more advanced, and as more and more cyber world contrivances have been analyzed, multiple gaps have been identified, to the benefit of ransomware attackers, who use these gaps to generate astronomically large sums of money. As a result, the suggested methodology aims to efficiently detect diverse patterns associated with various file formats by starting with their sources, data collecting, probabilistic identification of target devices, and deep learning classifier with intelligent detection. An organization can use the recommended approach to safeguard its data and prepare for future ransomware attacks by using it as a roadmap to lead them through their security efforts.

Downloads

Download data is not yet available.

Author Biographies

B. N. Chaithanya, CSE, GITAM School of Technology, Bangalore, India

B. N. Chaithanya received the bachelor’s degree in computer engineering from Visesvaraya technological University in 2008, the master’s degree in computer networks from Visesvaraya technological in 2014 and pursuing PhD in Computer Science Engineering from GITAM University, respectively. Currently working as Assistant Professor in Department of Computer Science and Engineering at GITAM School of Technology, Bangalore. Areas of Interest are Network Security, Threat intelligence, Robotic process Automation and Cyber Security. Published papers in the those specified areas.

S. H. Brahmananda, CSE, GITAM School of Technology, Bangalore, India

S. H. Brahmananda received the bachelor’s degree in computer engineering from Sri Siddhartha Institute of technology, VTU University in 1995, the master’s degree in computer engineering from NITK, Suratkal in 2004, and the philosophy of doctorate degree in Computer Science Engineering from Dr MGR University in 2013, respectively. He is currently working as an Professor at the Department of Computer Engineering, GITAM University. His research areas include Cyber Security, deep learning, Threat intelligence and social network analysis. He has been serving as a reviewer for many highly respected journals.

References

Corallo, A., Lazoi, M., and Lezzi, M. (2020). Cybersecurity in the context of industry 4.0: A structured classification of critical assets and business impacts. Computers in Industry, 114, 103165. doi:10.1016/j.compind.2019.103165

Z. Liu, K. Choo, W. Liu, and M. Khan, “Guest Editorial: Introduction to the Special Section on Cyber Security Threats and Defense Advance” in IEEE Transactions on Emerging Topics in Computing, vol. 8, no. 02, pp. 264–266, 2020. doi: 10.1109/TETC.2020.2995250

Chesti, I. A., Humayun, M., Sama, N. U., and Jhanjhi, N. (2020). Evolution, Mitigation, and Prevention of Ransomware. 2020 2nd International Conference on Computer and Information Sciences (ICCIS). doi:10.1109/iccis49240.2020.9257708

Homayoun, S., Dehghantanha, A., Ahmadzadeh, M., Hashemi, S., and Khayami, R. (2017). Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence. IEEE Transactions on Emerging Topics in Computing, 1–1. doi:10.1109/tetc.2017.2756908

Fagioli, A. (2019). Zero-day recovery: the key to mitigating the ransomware threat. Computer Fraud & Security, 2019(1), 6–9. doi:10.1016/s1361-3723(19)30006-5

Maigida, A. M., Abdulhamid, S. M., Olalere, M., Alhassan, J. K., Chiroma, H., and Dada, E. G. (2019). Systematic literature review and metadata analysis of ransomware attacks and detection mechanisms. Journal of Reliable Intelligent Environments. doi:10.1007/s40860-019-00080-3

Noor, M., Abbas, H., and Shahid, W. B. (2018). Countering cyber threats for industrial applications: An automated approach for malware evasion detection and analysis. Journal of Network and Computer Applications, 103, 249–261. doi:10.1016/j.jnca.2017.10.004

Humayun, M., Niazi, M., Jhanjhi, N., Alshayeb, M., and Mahmood, S. (2020). Cyber Security Threats and Vulnerabilities: A Systematic Mapping Study. Arabian Journal for Science and Engineering. doi:10.1007/s13369-019-04319-2

Pivarníková, M.; Sokol, P.; Bajtoš, T. Early-Stage Detection of Cyber Attacks. Information 2020, 11, 560. https://doi.org/10.3390/info11120560

Parn, E. A., and Edwards, D. (2019). Cyber threats confronting the digital built environment. Engineering, Construction and Architectural Management. doi:10.1108/ecam-03-2018-0101

Walker-Roberts, Steven, Hammoudeh, Mohammad, Aldabbas, Omar, Aydin, Mehmet and Dehghantanha, Ali. (2020). Threats on the horizon: understanding security threats in the era of cyber-physical systems. The Journal of Supercomputing. 76. 1–22. doi:10.1007/s11227-019-03028-9

S. Yu, G. Wang and W. Zhou, “Modeling malicious activities in cyber space,” in IEEE Network, vol. 29, no. 6, pp. 83–87, Nov.-Dec. 2015, doi:10.1109/MNET.2015.7340429

Chikapa, Macdonald and Namanya, Anitta Patience. (2018). Towards a Fast Off-Line Static Malware Analysis Framework. 182–187. doi:10.1109/W-FiCloud.2018.00035

Alenezi, Mohammed, Alabdulrazzaq, Haneen, Alshaher, Abdullah and Alkharang, Mubarak. (2020). Evolution of Malware Threats and Techniques: A Review. International Journal of Communication Networks and Information Security. 12. 326.

Ali, Azad. (2017). Ransomware: A Research and a Personal Case Study of Dealing with this Nasty Malware. Issues in Informing Science and Information Technology. 14. 087–099. doi:10.28945/3707.

Al-rimy Bander Ali Saleh, Maarof, M. A., and Shaid, S. Z. M. (2018). Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions. Computers & Security, 74, 144–166. doi:10.1016/j.cose.2018.01.001

Tailor, Jinal and Patel, Ashish. (2017). A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage Control. International Journal of Scientific Research. 4.

Simran Sabharwal, Dr. Shilpi Sharma, 2018, Ransomware Attack : India issues Red Alert, International Journal of Engineering Research & Technology (IJERT) Volume 07, Issue 02 (February 2018), http://dx.doi.org/10.17577/IJERTV7IS020074

Bansal, Chetan, Deligiannis, Pantazis, Maddila, Chandra and Rao, Nikitha. (2020). Studying Ransomware Attacks Using Web Search Logs.

Satheesh Kumar, M., Ben-Othman, J., and Srinivasagan, K. G. (2018). An Investigation on Wannacry Ransomware and its Detection. 2018 IEEE Symposium on Computers and Communications (ISCC). doi:10.1109/iscc.2018.8538354

Shakir, Hasan and Jaber, Aws. (2018). A Short Review for Ransomware: Pros and Cons. 401–411. doi:10.1007/978-3-319-69835-9_38

Chen, Q., and Bridges, R. A. (2017). Automated Behavioral Analysis of Malware: A Case Study of WannaCry Ransomware. 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA). doi:10.1109/icmla.2017.0-119

Luo, Robert and Liao, Qinyu. (2007). Awareness Education as the Key to Ransomware Prevention. Information Systems Security. 16. 195-202. doi:10.1080/10658980701576412

Bae, S. I., Lee, G. B., and Im, E. G. (2019). Ransomware detection using machine learning algorithms. Concurrency and Computation: Practice and Experience, e5422. doi:10.1002/cpe.5422

Bello, I., Chiroma, H., Abdullahi, U. A., Gital, A. Y., Jauro, F., Khan, A., …Abdulhamid, S. M. (2020). Detecting ransomware attacks using intelligent algorithms: recent development and next direction from deep learning and big data perspectives. Journal of Ambient Intelligence and Humanized Computing. doi:10.1007/s12652-020-02630-7

Arabo, Abdullahi, Dijoux, Remi, Poulain, Timothee and Chevalier, Gregoire. (2020). Detecting Ransomware Using Process Behavior Analysis. Procedia Computer Science. 168. 289–296. doi:10.1016/j.procs.2020.02.249

Zhang, H., Xiao, X., Mercaldo, F., Ni, S., Martinelli, F., and Sangaiah, A. K. (2019). Classification of ransomware families with machine learning based onN-gram of opcodes. Future Generation Computer Systems, 90, 211–221. doi:10.1016/j.future.2018.07.052

Cusack, G., Michel, O., and Keller, E. (2018, March). Machine learning-based detection of ransomware using SDN. In Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization (pp. 1–6).

Alhawi, O. M., Baldwin, J., and Dehghantanha, A. (2018). Leveraging machine learning techniques for windows ransomware network traffic detection. In Cyber threat intelligence (pp. 93–106). Springer, Cham.

Poudyal, S., Subedi, K. P., and Dasgupta, D. (2018, November). A framework for analyzing ransomware using machine learning. In 2018 IEEE symposium series on computational intelligence (SSCI) (pp. 1692–1699). IEEE.

Fernando, Damien, Komninos, Nikos and Chen, Thomas. (2020). A Study on the Evolution of Ransomware Detection Using Machine Learning and Deep Learning Techniques. IoT. 1. 551–604. doi:10.3390/iot1020030

Ronen, Royi, Radu, Marian, Feuerstein, Corina, Yom-Tov, Elad and Ahmadi, Mansour. (2018). Microsoft Malware Classification Challenge. doi:10.13140/RG.2.2.34695.91045

Ait Hammou, Badr; Ait Lahcen, Ayoub; Mouline, Salma (2020). Towards a real-time processing framework based on improved distributed recurrent neural network variants with fastText for social big data analytics. Information Processing & Management, 57(1), 102122–. doi:10.1016/j.ipm.2019.102122

Hochreiter, Sepp and Schmidhuber, Jürgen. (1997). Long Short-term Memory. Neural computation. 9. 1735–1780. doi:10.1162/neco.1997.9.8.1735

Li, J., Mohamed, A., Zweig, G., and Gong, Y. (2015). LSTM time and frequency recurrence for automatic speech recognition. 2015 IEEE Workshop on Automatic Speech Recognition and Understanding (ASRU). doi:10.1109/asru.2015.7404793

Kingma, Diederik and Ba, Jimmy. (2014). Adam: A Method for Stochastic Optimization. International Conference on Learning Representations.

Ruder, Sebastian. (2016). An overview of gradient descent optimization algorithms.

https://www.malware-traffic-analysis.net/

Zhang, H., Xiao, X., Mercaldo, F., Ni, S., Martinelli, F., and Sangaiah, A. K. (2019). Classification of ransomware families with machine learning based onN-gram of opcodes. Future Generation Computer Systems, 90, 211–221.

Downloads

Published

2022-11-07

Issue

Section

AI and Machine Learning for intelligent Cybersecurity solutions