E2E-RDS: Efficient End-to-End Ransomware Detection System Based on Static-Based ML and Vision-Based DL Approaches

Almomani, Iman; Alkhayer, Aala; El‐Shafai, Walid

doi:10.3390/s23094467

Cited by 7 publications

(5 citation statements)

References 55 publications

(62 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many tactics for protecting against ransomware attacks have been discussed in the academic literature [26][27][28][29]. Some of the methods that have been investigated by researchers for ransomware detection include dynamic analysis [30], machine learning algorithms [31], file entropy studies [32], deep learning models [33], and transfer learning [34,35]. Meta-features extracted from volatile memory and the analysis of encrypted traffic have both been investigated for their potential use in ransomware detection.…”

Section: Related Workmentioning

confidence: 99%

Enhancing Ransomware Attack Detection Using Transfer Learning and Deep Learning Ensemble Models on Cloud-Encrypted Data

Singh,

Mushtaq,

Abosaq

et al. 2023

Electronics

View full text Add to dashboard Cite

Ransomware attacks on cloud-encrypted data pose a significant risk to the security and privacy of cloud-based businesses and their consumers. We present RANSOMNET+, a state-of-the-art hybrid model that combines Convolutional Neural Networks (CNNs) with pre-trained transformers, to efficiently take on the challenging issue of ransomware attack classification. RANSOMNET+ excels over other models because it combines the greatest features of both architectures, allowing it to capture hierarchical features and local patterns. Our findings demonstrate the exceptional capabilities of RANSOMNET+. The model had a fantastic precision of 99.5%, recall of 98.5%, and F1 score of 97.64%, and attained a training accuracy of 99.6% and a testing accuracy of 99.1%. The loss values for RANSOMNET+ were impressively low, ranging from 0.0003 to 0.0035 throughout training and testing. We tested our model against the industry standard, ResNet 50, as well as the state-of-the-art, VGG 16. RANSOMNET+ excelled over the other two models in terms of F1 score, accuracy, precision, and recall. The algorithm’s decision-making process was also illuminated by RANSOMNET+’s interpretability analysis and graphical representations. The model’s openness and usefulness were improved by the incorporation of feature distributions, outlier detection, and feature importance analysis. Finally, RANSOMNET+ is a huge improvement in cloud safety and ransomware research. As a result of its unrivaled accuracy and resilience, it provides a formidable line of defense against ransomware attacks on cloud-encrypted data, keeping sensitive information secure and ensuring the reliability of cloud-stored data. Cybersecurity professionals and cloud service providers now have a reliable tool to combat ransomware threats thanks to this research.

show abstract

Section: Related Workmentioning

confidence: 99%

Enhancing Ransomware Attack Detection Using Transfer Learning and Deep Learning Ensemble Models on Cloud-Encrypted Data

Singh,

Mushtaq,

Abosaq

et al. 2023

Electronics

View full text Add to dashboard Cite

show abstract

“…Studies in the realm of ransomware detection have extensively concentrated on pinpointing specific attack patterns and atypical behaviors within file systems [11], [21], [22]. A prominent strategy in this field has been the deployment of machine learning algorithms, which scrutinize file access patterns to pinpoint irregular encryption activities that are typically indicative of ransomware infiltration [5], [23], [8]. These algorithms are trained on vast datasets to accurately distinguish between normal operations and potential ransomware threats [17], [24], [25].…”

Section: A Ransomware Detectionmentioning

confidence: 99%

“…Ransomware prevention encompasses an array of solutions, both technical and policy-oriented [11], [2], [8]. Technically, the development of endpoint security solutions, which integrate state-of-the-art threat prevention capabilities, play an instrumental role in thwarting the execution of ransomware attacks [9], [20], [36].…”

Section: B Ransomware Preventionmentioning

confidence: 99%

“…However, recent developments have seen ransomware adopting more sophisticated encryption techniques, making it increasingly challenging to recover the affected data without yielding to the ransom demands [5], [6]. This alarming trend underscores a shift in the mode of operation of ransomware attacks, evolving from mere nuisances to significant threats capable of crippling entire organizational operations [7], [8]. The impact of these attacks has been profound, with businesses and institutions facing not just financial losses due to the ransom payments but also significant operational disruptions and potential breaches of sensitive data [9], [1].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

NTFS+: An Enhanced NTFS File System Against Ransomware Invasions

Gu,

Kang

2023

Preprint

View full text Add to dashboard Cite

Ransomware poses a significant threat to digital security, evolving rapidly with sophisticated encryption and data exfiltration tactics. This study introduces NTFS+, an enhanced version of the New Technology File System (NTFS), designed to combat these emerging ransomware threats. NTFS+ integrates machine learning, specifically Generative Adversarial Networks, to detect abnormal file system activities indicative of ransomware attacks. The system's core architecture features minifilter drivers that analyze file access patterns in real-time, enabling proactive response to potential threats. Evaluation of NTFS+ demonstrates its efficacy in accurately distinguishing between benign and ransomware activities, with a focus on minimizing false positives and negatives. Despite its effectiveness, challenges such as zero-day ransomware attacks highlight areas for future improvement, including enhanced learning capabilities and cloud integration. NTFS+ represents a significant advancement in file system-based ransomware mitigation, offering a scalable, adaptable, and robust solution for modern cybersecurity needs.

show abstract

“…Raw binary bits of executable files were grouped together to represent a corresponding color from a grayscale spectrum and were used with a CNN classifier, showing an accuracy of 96% in binary malware classification and 92.3% in multi-level malware family classification [24]. Almomani [31] developed a vision-based framework where samples were converted into grayscale images and used the Adaboost algorithm to achieve 79% accuracy. Ghanei et al [32] made use of the fact that grayscale images tend to produce highly accurate classifiers when used with CNN to build a novel approach that relies on dynamic features.…”

Section: Grayscale-based Transform Featuresmentioning

confidence: 99%

A Neural Network Approach to a Grayscale Image-Based Multi-File Type Malware Detection System

Copiaco,

El Neel,

Nazzal

et al. 2023

Applied Sciences

View full text Add to dashboard Cite

This study introduces an innovative all-in-one malware identification model that significantly enhances convenience and resource efficiency in classifying malware across diverse file types. Traditional malware identification methods involve the extraction of static and dynamic features, followed by comparisons with signature-based databases or machine learning-based classifiers. However, many malware detection applications that rely on transfer learning and image transformation suffer from excessive resource consumption. In recent years, transfer learning has emerged as a powerful tool for developing effective classifiers, leveraging pre-trained neural network models. In this research, we comprehensively explore various pre-trained network architectures, including compact and conventional networks, as well as series and directed acyclic graph configurations for malware classification. Our approach utilizes grayscale transform-based features as a standardized set of characteristics, streamlining malware classification across various file types. To ensure the robustness and generalization of our classification models, we integrate multiple datasets into the training process. Remarkably, we achieve an optimal model with 96% accuracy, while maintaining a modest 5 MB size using the SqueezeNet classifier. Overall, our model efficiently classifies malware across file types, reducing the computational load, which can be useful for cybersecurity professionals and organizations.

show abstract

E2E-RDS: Efficient End-to-End Ransomware Detection System Based on Static-Based ML and Vision-Based DL Approaches

Cited by 7 publications

References 55 publications

Enhancing Ransomware Attack Detection Using Transfer Learning and Deep Learning Ensemble Models on Cloud-Encrypted Data

Enhancing Ransomware Attack Detection Using Transfer Learning and Deep Learning Ensemble Models on Cloud-Encrypted Data

NTFS+: An Enhanced NTFS File System Against Ransomware Invasions

A Neural Network Approach to a Grayscale Image-Based Multi-File Type Malware Detection System

Contact Info

Product

Resources

About