Enhancing ransomware defense: deep learning-based detection and family-wise classification of evolving threats.

IF 3.5 4区 计算机科学 Q2 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE
PeerJ Computer Science Pub Date : 2024-11-29 eCollection Date: 2024-01-01 DOI:10.7717/peerj-cs.2546
Amjad Hussain, Ayesha Saadia, Musaed Alhussein, Ammara Gul, Khursheed Aurangzeb
{"title":"Enhancing ransomware defense: deep learning-based detection and family-wise classification of evolving threats.","authors":"Amjad Hussain, Ayesha Saadia, Musaed Alhussein, Ammara Gul, Khursheed Aurangzeb","doi":"10.7717/peerj-cs.2546","DOIUrl":null,"url":null,"abstract":"<p><p>Ransomware is a type of malware that locks access to or encrypts its victim's files for a ransom to be paid to get back locked or encrypted data. With the invention of obfuscation techniques, it became difficult to detect its new variants. Identifying the exact malware category and family can help to prepare for possible attacks. Traditional machine learning-based approaches failed to detect and classify advanced obfuscated ransomware variants using existing pattern-matching and signature-based detection techniques. Deep learning-based approaches have proven helpful in both detection and classification by analyzing obfuscated ransomware deeply. Researchers have contributed mainly to detection and minimaly to family attribution. This research aims to address all these multi-class classification problems by leveraging the power of deep learning. We have proposed a novel group normalization-based bidirectional long short-term memory (GN-BiLSTM) method to detect and classify ransomware variants with high accuracy. To validate the technique, five other deep learning models are also trained on the CIC-MalMem-2022, an obfuscated malware dataset. The proposed approach outperformed with an accuracy of 99.99% in detection, 85.48% in category-wise classification, and 74.65% in the identification of ransomware families. To verify its effectiveness, models are also trained on 10,876 self-collected latest samples of 26 malware families and the proposed model has achieved 99.20% accuracy in detecting malware, 97.44% in classifying its category, and 96.23% in identifying its family. Our proposed approach has proven the best for detecting new variants of ransomware with high accuracy and can be implemented in real-world applications of ransomware detection.</p>","PeriodicalId":54224,"journal":{"name":"PeerJ Computer Science","volume":"10 ","pages":"e2546"},"PeriodicalIF":3.5000,"publicationDate":"2024-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC11640932/pdf/","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"PeerJ Computer Science","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.7717/peerj-cs.2546","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2024/1/1 0:00:00","PubModel":"eCollection","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 0

Abstract

Ransomware is a type of malware that locks access to or encrypts its victim's files for a ransom to be paid to get back locked or encrypted data. With the invention of obfuscation techniques, it became difficult to detect its new variants. Identifying the exact malware category and family can help to prepare for possible attacks. Traditional machine learning-based approaches failed to detect and classify advanced obfuscated ransomware variants using existing pattern-matching and signature-based detection techniques. Deep learning-based approaches have proven helpful in both detection and classification by analyzing obfuscated ransomware deeply. Researchers have contributed mainly to detection and minimaly to family attribution. This research aims to address all these multi-class classification problems by leveraging the power of deep learning. We have proposed a novel group normalization-based bidirectional long short-term memory (GN-BiLSTM) method to detect and classify ransomware variants with high accuracy. To validate the technique, five other deep learning models are also trained on the CIC-MalMem-2022, an obfuscated malware dataset. The proposed approach outperformed with an accuracy of 99.99% in detection, 85.48% in category-wise classification, and 74.65% in the identification of ransomware families. To verify its effectiveness, models are also trained on 10,876 self-collected latest samples of 26 malware families and the proposed model has achieved 99.20% accuracy in detecting malware, 97.44% in classifying its category, and 96.23% in identifying its family. Our proposed approach has proven the best for detecting new variants of ransomware with high accuracy and can be implemented in real-world applications of ransomware detection.

勒索软件是一种恶意软件,它锁定受害者文件的访问权限或对其进行加密,受害者需要支付赎金才能取回被锁定或加密的数据。随着混淆技术的发明,发现其新变种变得十分困难。识别确切的恶意软件类别和家族有助于为可能的攻击做好准备。使用现有的模式匹配和基于签名的检测技术,基于机器学习的传统方法无法检测到高级混淆勒索软件变种并对其进行分类。事实证明,通过深入分析混淆勒索软件,基于深度学习的方法有助于检测和分类。研究人员主要在检测方面做出了贡献,而在家族归属方面贡献甚微。本研究旨在利用深度学习的力量解决所有这些多类分类问题。我们提出了一种新颖的基于组归一化的双向长短时记忆(GN-BiLSTM)方法,以高精度检测勒索软件变体并对其进行分类。为了验证这一技术,我们还在 CIC-MalMem-2022 这一混淆恶意软件数据集上训练了其他五个深度学习模型。所提出的方法在检测方面的准确率为 99.99%,在分类方面的准确率为 85.48%,在识别勒索软件家族方面的准确率为 74.65%。为了验证其有效性,我们还在 10876 个自收集的 26 个恶意软件系列的最新样本上对模型进行了训练,结果发现所提出的模型在检测恶意软件方面的准确率达到 99.20%,在分类恶意软件类别方面的准确率达到 97.44%,在识别恶意软件系列方面的准确率达到 96.23%。事实证明,我们提出的方法是检测勒索软件新变种的最佳方法,而且准确率很高,可以在勒索软件检测的实际应用中实施。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
PeerJ Computer Science
PeerJ Computer Science Computer Science-General Computer Science
CiteScore
6.10
自引率
5.30%
发文量
332
审稿时长
10 weeks
期刊介绍: PeerJ Computer Science is the new open access journal covering all subject areas in computer science, with the backing of a prestigious advisory board and more than 300 academic editors.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信