Ransomware Detection Using Deep Learning in the SCADA System of Electric Vehicle Charging Station

Basnet, Manoj; Poudyal, Subash; Ali, Mohd. Hasan; Dasgupta, Dipankar

doi:10.48550/arxiv.2104.07409

Cited by 2 publications

(8 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A scalable ransomware detection framework was proposed in [109] to detect the attack on electric vehicle charging stations (EVCS) controlled by supervisory control and data acquisition (SCADA) system. The dynamic binary analysis was performed in virtual unit via PIN framework.…”

Section: Ransomware Dynamic Analysis Studies Utilizing Deep Learningmentioning

confidence: 99%

“…A ransomware detection framework was proposed in [109] for Supervisory Control and Data Acquisition system (SCADA). The proposed framework assessed the impact of ransomware attack on SCADA.…”

Section: Reactive Preventionmentioning

confidence: 99%

“…Each sample was analyzed for more than one minute, i.e., 70 to 90 s, which made its implementation limited. 11 [82] 12 [57] 13 [83] 14 [48] 15 [61] 16 [81] 17 [109] 18 [91] A real-time API based machine learning ransomware detection model was proposed in [20]. A class frequency and non-class frequency method was used to extract the API calls which helped to detect the ransomware and malware accurately.…”

Section: Conventional Detection Studies Utilizing Machine Learningmentioning

confidence: 99%

“…A study in [109] was proposed to detect the ransomware attack on SCADA systems. Three deep learning algorithms CNN, DNN, and LSTM were utilized to detect the ransomware attacks.…”

Section: Conventional Detection Studies Utilizing Machine Learningmentioning

confidence: 99%

See 3 more Smart Citations

Ransomware Detection Using the Dynamic Analysis and Machine Learning: A Survey and Research Directions

et al. 2021

View full text Add to dashboard Cite

Ransomware is an ill-famed malware that has received recognition because of its lethal and irrevocable effects on its victims. The irreparable loss caused due to ransomware requires the timely detection of these attacks. Several studies including surveys and reviews are conducted on the evolution, taxonomy, trends, threats, and countermeasures of ransomware. Some of these studies were specifically dedicated to IoT and android platforms. However, there is not a single study in the available literature that addresses the significance of dynamic analysis for the ransomware detection studies for all the targeted platforms. This study also provides the information about the datasets collection from its sources, which were utilized in the ransomware detection studies of the diverse platforms. This study is also distinct in terms of providing a survey about the ransomware detection studies utilizing machine learning, deep learning, and blend of both techniques while capitalizing on the advantages of dynamic analysis for the ransomware detection. The presented work considers the ransomware detection studies conducted from 2019 to 2021. This study provides an ample list of future directions which will pave the way for future research.

show abstract

Section: Ransomware Dynamic Analysis Studies Utilizing Deep Learningmentioning

confidence: 99%

Section: Reactive Preventionmentioning

confidence: 99%

Section: Conventional Detection Studies Utilizing Machine Learningmentioning

confidence: 99%

“…A study in [109] was proposed to detect the ransomware attack on SCADA systems. Three deep learning algorithms CNN, DNN, and LSTM were utilized to detect the ransomware attacks.…”

Section: Conventional Detection Studies Utilizing Machine Learningmentioning

confidence: 99%

See 2 more Smart Citations

Ransomware Detection Using the Dynamic Analysis and Machine Learning: A Survey and Research Directions

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Even with a limited number of publicly available data sets, the choice of data representation limits their reuse to variations of the original detection models, for example, sequential or time series data, such as audio/video data, cannot be used with common ML-based classification algorithms but Recurrent Neural Networks (RNN) [147]. Thus, if the data representation is sequential or time-series based, as in [27,163,3], then it cannot be utilized with some ransomware detection methods, e.g., [223], and vice versa.…”

Section: Ransomware Behavior Analysismentioning

confidence: 99%

Automating Behavior-based Ransomware Analysis, Detection, and Classification Using Machine Learning

Abbasi¹

View full text Add to dashboard Cite

Ransomware is malware that hijacks a victim's data using encryption and demands a ransom in exchange for the decryption key. Ransomware has gained prominence due to its attack vector and the irreversible nature of damage to data. Ransomware has indiscriminately attacked individuals and organizations worldwide, disrupting their businesses and services. The number of successful ransomware attacks across the globe highlights the inadequacy of existing ransomware defense. Static and dynamic analysis are two popular approaches to malware analysis. The former does not require execution of the malware binary, whereas the latter requires executing the binary in a controlled environment. Static analysis-based detection, e.g., signature-matching, is widely adopted by commercial antivirus solutions but can be thwarted by evasion techniques, e.g., polymorphism and code obfuscation, utilized in modern malware. Consequently, dynamic analysis-based or behavior-based detection approaches have gained popularity because malware behavior cannot be changed entirely across its variants. Both signature and behavior-based detection complement each other. Behavior-based ransomware detection comes with certain challenges and problems, such as data high-dimensionality that occurs because a process may execute thousands of API calls per second. Manual inspection of these API calls for feature engineering requires an expert and is a time-intensive task. Another problem with some existing ransomware detection models is the reliance on handcrafted malice scoring functions that assign scores to the processes describing their threat levels. Other challenges to ransomware detection research include the limited availability of ransomware data sets that can be used with Machine Learning (ML) methods and their reuse scope. The scope of reuse of available data sets is limited because of their format, e.g., sequential data may be used with recurrent neural networks but not with commonly used ML-based classification algorithms, and focus, e.g., network activity and filesystem activity. For the above-mentioned reasons, ransomware detection research is generally followed by ransomware analysis. However, to the best of our knowledge, not many of the existing ransomware behavior analysis studies discuss the challenges involved in the process. This thesis aims to automate the solutions to the problems related to ransomware behavior detection and classification using evolutionary computation methods, i.e., particle swarm optimization and genetic programming, and deep neural networks, i.e., long short-term memory. This thesis proposes a wrapper feature selection method to address the high dimensionality in ransomware behavior data. The proposed method utilizes particle swarm optimization to automatically select a suitable number of features from each feature group and therefore does not require expert input. This thesis further proposes an automated method of evolving malice scoring models for ransomware detection. The proposed method formulates the problem as a symbolic regression problem and solves it using genetic programming. Unlike existing methods, the proposed method does not require expert knowledge to design the model. Furthermore, this thesis proposes an automated behavior analysis framework for highlighting challenges associated with ransomware behavior analysis and solutions to these challenges. Finally, this thesis proposes a new representation of the API call sequences that combines the API call names and important call arguments. The proposed representation of the API call sequences helped improve ransomware early detection performance. All the methods proposed in this thesis either automate the existing manual solutions or achieve comparable or better performance compared to existing methods.

show abstract

Ransomware Detection Using Deep Learning in the SCADA System of Electric Vehicle Charging Station

Cited by 2 publications

References 0 publications

Ransomware Detection Using the Dynamic Analysis and Machine Learning: A Survey and Research Directions

Ransomware Detection Using the Dynamic Analysis and Machine Learning: A Survey and Research Directions

Automating Behavior-based Ransomware Analysis, Detection, and Classification Using Machine Learning

Contact Info

Product

Resources

About