A Pseudo Feedback-Based Annotated TF-IDF Technique for Dynamic Crypto-Ransomware Pre-Encryption Boundary Delineation and Features Extraction

Al‐rimy, Bander Ali Saleh; Maarof, Mohd Aiziani; Alazab, Mamoun; Alsolami, Fawaz; Shaid, Syed Zainudeen Mohd; Ghaleb, Fuad A.; Al-Hadhrami, Tawfik; Ali, Abdullah Marish

doi:10.1109/access.2020.3012674

Cited by 51 publications

(73 citation statements)

References 45 publications

(64 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(2018) ; Mehnaz et al. (2018) ; Moore (2016) ; Shaukat and Ribeiro (2018) Machine Learning (API/System Calls) Al-Rimy et al. (2020) ; Al-rimy et al.…”

Section: Literature Reviewmentioning

confidence: 99%

Ransomware: Recent advances, analysis, challenges and future research directions

Beaman

Barkworth

Akande

et al. 2021

Computers & Security

107

View full text Add to dashboard Cite

The COVID-19 pandemic has witnessed a huge surge in the number of ransomware attacks. Different institutions such as healthcare, financial, and government have been targeted. There can be numerous reasons for such a sudden rise in attacks, but it appears working remotely in home-based environments (which is less secure compared to traditional institutional networks) could be one of the reasons. Cybercriminals are constantly exploring different approaches like social engineering attacks, such as phishing attacks, to spread ransomware. Hence, in this paper, we explored recent advances in ransomware prevention and detection and highlighted future research challenges and directions. We also carried out an analysis of a few popular ransomware samples and developed our own experimental ransomware, AESthetic, that was able to evade detection against eight popular antivirus programs.

show abstract

“…(2018) ; Mehnaz et al. (2018) ; Moore (2016) ; Shaukat and Ribeiro (2018) Machine Learning (API/System Calls) Al-Rimy et al. (2020) ; Al-rimy et al.…”

Section: Literature Reviewmentioning

confidence: 99%

Ransomware: Recent advances, analysis, challenges and future research directions

Beaman

Barkworth

Akande

et al. 2021

Computers & Security

107

View full text Add to dashboard Cite

show abstract

“…All the experiments in this study were carried out in a sandbox environment with host computer CPU Intel (R) Core i7 @ 3.20 GH, the RAM is 16.0 GB and the host operating system is Linux Ubuntu 18.04, and Windows 7 guest operating system was used as a victim machine. Sandboxes are tools that are commonly used by malware analysts and researchers to conduct dynamic analysis [36,37]. They provide a means of detecting windows APIs invoked by a malware instance at the run time in a process called API hooking and DLL injection [38].…”

Section: A Experimental Setupmentioning

confidence: 99%

“…The malware binary files were downloaded from the public repository Vxheaven (https://www.vxheaven.org). Vxheaven dataset is a public repository that is commonly-used by previous malware analysis studies such as in [14,36,37,[40][41][42]. The malware dataset contains different types of malware families such as trojans, adware, backdoors, ransomware, viruses, and worms among many others.…”

Section: B Dataset Descriptionmentioning

confidence: 99%

See 1 more Smart Citation

An Adaptive Behavioral-Based Incremental Batch Learning Malware Variants Detection Model Using Concept Drift Detection and Sequential Deep Learning

et al. 2021

Self Cite

View full text Add to dashboard Cite

Malware variants are the major emerging threats that face cybersecurity due to the potential damage to computer systems. Many solutions have been proposed for detecting malware variants. However, accurate detection is challenging due to the constantly evolving nature of the malware variants that cause concept drift. Existing malware detection solutions assume that the mapping learned from historical malware features will be valid for new and future malware. The relationship between input features and the class label has been considered stationary, which doesn't hold for the ever-evolving nature of malware variants. Malware features change dynamically due to code obfuscations, mutations, and the modification made by malware authors to change the features' distribution and thus evade the detection rendering the detection model obsolete and ineffective. This study presents an Adaptive behavioral-based Incremental Batch Learning Malware Variants Detection model using concept drift detection and sequential deep learning (AIBL-MVD) to accommodate the new malware variants. Malware behavior were extracted using dynamic analysis by running the malware files in a sandbox environment and collecting their Application Programming Interface (API) traces. According to the malware first-time appearance, the malware samples were sorted to capture the malware variants' change characteristics. The base classifier was then trained based on a subset of historical malware samples using a sequential deep learning model. The new malware samples were mixed with a subset of old data and gradually introduced to the learning model in an adaptive batch size incremental learning manner to address the catastrophic forgetting dilemma of the incremental learning. The statistical process control technique has been used to detect the concept drift as indication for incrementally updating the model as well as reducing the frequency of model updates. Results from extensive experiments show that the proposed model is superior in terms of detection rate and the efficiency compared with the static model, periodic retraining approaches, and the fixed batch size incremental learning approach. The model maintains an average of 99.41% detection accuracy of new and variants malware with a low updating frequency of 1.35 times per month.

show abstract

“…This harsh vehicular environment makes monitoring user activities in VANETs a challenging task, which opens the door for many types of attacks. Moreover, the decentralized nature of VANET makes it vulnerable to several types of attacks such as active interfering, passive eavesdropping, and others [2,[8][9][10]. Cybercriminals can disturb VANET operations and launch many types of attacks that might lead to accidents, congestions, and disruption of the network activities.…”

Section: Introductionmentioning

confidence: 99%

Misbehavior-Aware On-Demand Collaborative Intrusion Detection System Using Distributed Ensemble Learning for VANET

et al. 2020

Self Cite

View full text Add to dashboard Cite

Vehicular ad hoc networks (VANETs) play an important role as enabling technology for future cooperative intelligent transportation systems (CITSs). Vehicles in VANETs share real-time information about their movement state, traffic situation, and road conditions. However, VANETs are susceptible to the cyberattacks that create life threatening situations and/or cause road congestion. Intrusion detection systems (IDSs) that rely on the cooperation between vehicles to detect intruders, were the most suggested security solutions for VANET. Unfortunately, existing cooperative IDSs (CIDSs) are vulnerable to the legitimate yet compromised collaborators that share misleading and manipulated information and disrupt the IDSs’ normal operation. As such, this paper proposes a misbehavior-aware on-demand collaborative intrusion detection system (MA-CIDS) based on the concept of distributed ensemble learning. That is, vehicles individually use the random forest algorithm to train local IDS classifiers and share their locally trained classifiers on-demand with the vehicles in their vicinity, which reduces the communication overhead. Once received, the performance of the classifiers is evaluated using the local testing dataset in the receiving vehicle. The evaluation values are used as a trustworthiness factor and used to rank the received classifiers. The classifiers that deviate much from the box-and-whisker plot lower boundary are excluded from the set of the collaborators. Then, each vehicle constructs an ensemble of weighted random forest-based classifiers that encompasses the locally and remotely trained classifiers. The outputs of the classifiers are aggregated using a robust weighted voting scheme. Extensive simulations were conducted utilizing the network security laboratory-knowledge discovery data mining (NSL-KDD) dataset to evaluate the performance of the proposed MA-CIDS model. The obtained results show that MA-CIDS performs better than the other existing models in terms of effectiveness and efficiency for VANET.

show abstract

A Pseudo Feedback-Based Annotated TF-IDF Technique for Dynamic Crypto-Ransomware Pre-Encryption Boundary Delineation and Features Extraction

Cited by 51 publications

References 45 publications

Ransomware: Recent advances, analysis, challenges and future research directions

Ransomware: Recent advances, analysis, challenges and future research directions

An Adaptive Behavioral-Based Incremental Batch Learning Malware Variants Detection Model Using Concept Drift Detection and Sequential Deep Learning

Misbehavior-Aware On-Demand Collaborative Intrusion Detection System Using Distributed Ensemble Learning for VANET

Contact Info

Product

Resources

About