Ransomware Detection with Semi-Supervised Learning

2020 10th International Conference on Computer and Knowledge Engineering (ICCKE) Pub Date : 2020-10-29 DOI:10.1109/ICCKE50421.2020.9303689

Fakhroddin Noorbehbahani, Mohammad Saberi

{"title":"Ransomware Detection with Semi-Supervised Learning","authors":"Fakhroddin Noorbehbahani, Mohammad Saberi","doi":"10.1109/ICCKE50421.2020.9303689","DOIUrl":null,"url":null,"abstract":"Today, ransomware is one of the most harmful cybersecurity threats that organizations and people face. Hence, there is a vital need for developing effective ransomware detection methods. Machine learning methods can be very useful for ransomware detection if there is sufficient labeled data for training. However, labeling data is time-consuming and expensive while a huge amount of unlabeled data exists. To cope with this problem, semi-supervised learning can be employed that exploits a few labeled data and a lot of unlabeled data for learning. To our best knowledge, there is no research investigating semi-supervised learning methods for ransomware detection. In this paper, we analyze different feature selection and semi-supervised classification methods applied to the CICAndMal 2017 dataset. Our findings suggest that the wrapper semi-supervised classification method using the random forest as a base classifier and OneR or Chi-squared as a feature selection method outperforms the other semi-supervised classification methods for ransomware detection.","PeriodicalId":402043,"journal":{"name":"2020 10th International Conference on Computer and Knowledge Engineering (ICCKE)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 10th International Conference on Computer and Knowledge Engineering (ICCKE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCKE50421.2020.9303689","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

Today, ransomware is one of the most harmful cybersecurity threats that organizations and people face. Hence, there is a vital need for developing effective ransomware detection methods. Machine learning methods can be very useful for ransomware detection if there is sufficient labeled data for training. However, labeling data is time-consuming and expensive while a huge amount of unlabeled data exists. To cope with this problem, semi-supervised learning can be employed that exploits a few labeled data and a lot of unlabeled data for learning. To our best knowledge, there is no research investigating semi-supervised learning methods for ransomware detection. In this paper, we analyze different feature selection and semi-supervised classification methods applied to the CICAndMal 2017 dataset. Our findings suggest that the wrapper semi-supervised classification method using the random forest as a base classifier and OneR or Chi-squared as a feature selection method outperforms the other semi-supervised classification methods for ransomware detection.

查看原文本刊更多论文

基于半监督学习的勒索软件检测

如今，勒索软件是组织和个人面临的最有害的网络安全威胁之一。因此，迫切需要开发有效的勒索软件检测方法。如果有足够的标记数据用于训练，机器学习方法对于勒索软件检测非常有用。然而，标注数据既耗时又昂贵，同时存在大量未标注数据。为了解决这个问题，可以采用半监督学习，利用少量标记数据和大量未标记数据进行学习。据我们所知，目前还没有研究调查勒索软件检测的半监督学习方法。在本文中，我们分析了不同的特征选择和半监督分类方法应用于CICAndMal 2017数据集。我们的研究结果表明，使用随机森林作为基本分类器和OneR或Chi-squared作为特征选择方法的包装器半监督分类方法在勒索软件检测方面优于其他半监督分类方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 10th International Conference on Computer and Knowledge Engineering (ICCKE)

自引率

0.00%

发文量