Reducing False Negatives in Ransomware Detection: A Critical Evaluation of Machine Learning Algorithms

Bold, Robert; Al-Khateeb, Haider; Ersotelos, Nikolaos

doi:10.3390/app122412941

Cited by 10 publications

(16 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, an analysis was carried out with the RapidMiner Studio application in making an appropriate and automatic classification program. The confusion matrix, a technique for gauging the algorithm model's level of accuracy throughout the classification phase, is used for the model's evaluation and validation at this point [20], and a table that can show how well the categorization model performs [21]. The classification of prediction data derived from models based on real or accurate data is shown in Table 1.…”

Section: Methodsmentioning

confidence: 99%

“…The method starts with entering data that was gathered during the data collecting stage, and it then moves on to text mining utilizing the naive Bayes algorithm model, support vector machine, knearest neighbors, and random forest from the outcomes of preprocessing. The performance results of the algorithm model then show that a text classification is formed into many categories.d) Validation evaluationThe confusion matrix, a technique for gauging the algorithm model's level of accuracy throughout the classification phase, is used for the model's evaluation and validation at this point[20], and a table that can show how well the categorization model performs[21].…”

mentioning

confidence: 99%

See 1 more Smart Citation

Opinion mining toward work from office policies on post-pandemic covid-19 by using supervised learning

Wicaksono,

Imam Yuadi,

Ira Puspitasari

2024

tekno

View full text Add to dashboard Cite

Post-pandemic COVID-19, many companies have re-implemented work from office policies for their employees. However, the policy has been controversial among social media activists, especially in Twitter. The sentiment arose according to them, during the pandemic COVID-19 they believe that working from home has many advantages over working in an office. The emergence of 'work from office' sentiments is an interesting target for opinion-mining research. Opinion mining or sentiment analysis is a general research area of data mining that helps to explore and analyze existing views and opinions to obtain useful information. The analysis process involves the use of machine learning with several supporting algorithms. This study used four classification algorithm models of supervised learning, including naive Bayes, support vector machines, k-nearest neighbors, and random forests. The selection of those algorithms also aims to find out which model produced a good performance for the results. The performance results of each model were evaluated by the confusion matrix and the k-nearest neighbor algorithm model with an accuracy value of 96.62% was found to give the best results and to be the most used model in the classification process. On the other hand, the algorithm model that obtains the lowest accuracy is a random forest with 72.08%.

show abstract

Section: Methodsmentioning

confidence: 99%

mentioning

confidence: 99%

Opinion mining toward work from office policies on post-pandemic covid-19 by using supervised learning

Wicaksono,

Imam Yuadi,

Ira Puspitasari

2024

tekno

View full text Add to dashboard Cite

show abstract

“…As the digital sphere continues to evolve, the methods employed ✹✸ by ransomware have become increasingly sophisticated, leveraging various attack vectors ✹✹ to infiltrate and compromise systems [1,14]. This relentless progression of ransomware ✹✺ attacks requires a continuous and rigorous approach to cybersecurity, particularly in the ✹✻ development of dynamic and resilient strategies to counteract these threats [1, 15,16].…”

Section: ✷✷mentioning

confidence: 99%

“…The dense and disordered nature of these ✻✵ traces often leads to a surge in computational overhead and a consequent depletion in the ✻✶ ability to accurately pinpoint and characterize malevolent activities [14,22]. This increase ✻✷ in resource consumption coupled with the challenge of accurately discerning the malicious ✻✸ from the benign has driven researchers and cybersecurity professionals to seek out more ✻✹ advanced and nuanced methods of detection and analysis [15,23,24]. As ransomware ✻✺ evolves, so too must the tools and techniques employed to detect it, underscoring the need ✻✻ for continuous innovation in the realm of cybersecurity [25,26].…”

Section: ✹✼mentioning

confidence: 99%

Enhancing Ransomware Detection: A Windows API Min Max Relevance Refinement Approach

Kang,

2023

Preprint

View full text Add to dashboard Cite

Ransomware constitutes a distinctive category of pernicious software that sequesters a user's digital assets by encryption, holding them hostage until a sum is extorted from the victim. These incursions have escalated to become among the most prevalent and significant threats confronting both individuals and corporate entities. In combatting this virulent program, dynamic analysis has been established as the favored detection modality. Such analyses typically hinge on Windows API calls, the conduits through which programs requisition services from the operating system. Yet, the superfluous and unrelated Windows API calls interjected by adversaries into the execution stream of suspect binaries precipitate an excessively noisy behavioral sequence, which impairs the performance of counter-ransomware mechanisms. The research outlined herein introduces a novel non-signature-based detection paradigm that harnesses efficacious Windows API call sequences through supervised machine learning strategies. An innovative Enhanced Min Max (EmRmR) filter technique is proposed, aiming to purge noisy features and isolate the most indicative feature subset that encapsulates the ransomware's true behavior. The EmRmR method, diverging from the traditional Min Max approach, circumvents the superfluous calculations that are a hallmark of the conventional algorithms, thereby necessitating a reduced number of evaluations. Additionally, a refinement procedure has been integrated to contract the program's call trace volume by discarding those Windows API calls lacking a robust correlation with ransomware's pivotal behavior. Subsequent to rigorous experimental analyses and juxtaposition with extant behavior-based detection methodologies, the proposed strategy has demonstrated its efficacy in differentiating ransomware behavior, delivering high detection precision alongside a diminution in false-positive occurrences.

show abstract

“…Additionally, [11] suggests monitoring external server connections to identify ransomware activities early on, thereby preventing the completion of the encryption processes. Bold et al [12] stress the importance of intelligent early detection in reducing false negatives, emphasizing the advantages of promptly identifying and eradicating ransomware. Thus, early detection of ransomware through advanced detection techniques is essential to prevent data loss, financial harm, and operational disruptions resulting from ransomware attacks.…”

Section: Introductionmentioning

confidence: 99%

Novel Ransomware Detection Exploiting Uncertainty and Calibration Quality Measures Using Deep Learning

Gazzan,

Sheldon

2024

Information

View full text Add to dashboard Cite

Ransomware poses a significant threat by encrypting files or systems demanding a ransom be paid. Early detection is essential to mitigate its impact. This paper presents an Uncertainty-Aware Dynamic Early Stopping (UA-DES) technique for optimizing Deep Belief Networks (DBNs) in ransomware detection. UA-DES leverages Bayesian methods, dropout techniques, and an active learning framework to dynamically adjust the number of epochs during the training of the detection model, preventing overfitting while enhancing model accuracy and reliability. Our solution takes a set of Application Programming Interfaces (APIs), representing ransomware behavior as input we call “UA-DES-DBN.” The method incorporates uncertainty and calibration quality measures, optimizing the training process for better more accurate ransomware detection. Experiments demonstrate the effectiveness of UA-DES-DBN compared to more conventional models. The proposed model improved accuracy from 94% to 98% across various input sizes, surpassing other models. UA-DES-DBN also decreased the false positive rate from 0.18 to 0.10, making it more useful in real-world cybersecurity applications.

show abstract

Reducing False Negatives in Ransomware Detection: A Critical Evaluation of Machine Learning Algorithms

Cited by 10 publications

References 37 publications

Opinion mining toward work from office policies on post-pandemic covid-19 by using supervised learning

Opinion mining toward work from office policies on post-pandemic covid-19 by using supervised learning

Enhancing Ransomware Detection: A Windows API Min Max Relevance Refinement Approach

Novel Ransomware Detection Exploiting Uncertainty and Calibration Quality Measures Using Deep Learning

Contact Info

Product

Resources

About