3 research outputs found
Ransomware Detection and Classification Strategies
Ransomware uses encryption methods to make data inaccessible to legitimate
users. To date a wide range of ransomware families have been developed and
deployed, causing immense damage to governments, corporations, and private
users. As these cyberthreats multiply, researchers have proposed a range of
ransomware detection and classification schemes. Most of these methods use
advanced machine learning techniques to process and analyze real-world
ransomware binaries and action sequences. Hence this paper presents a survey of
this critical space and classifies existing solutions into several categories,
i.e., including network-based, host-based, forensic characterization, and
authorship attribution. Key facilities and tools for ransomware analysis are
also presented along with open challenges.Comment: 9 pages, 2 figure
IoT Threat Detection Testbed Using Generative Adversarial Networks
The Internet of Things(IoT) paradigm provides persistent sensing and data
collection capabilities and is becoming increasingly prevalent across many
market sectors. However, most IoT devices emphasize usability and function over
security, making them very vulnerable to malicious exploits. This concern is
evidenced by the increased use of compromised IoT devices in large scale bot
networks (botnets) to launch distributed denial of service(DDoS) attacks
against high value targets. Unsecured IoT systems can also provide entry points
to private networks, allowing adversaries relatively easy access to valuable
resources and services. Indeed, these evolving IoT threat vectors (ranging from
brute force attacks to remote code execution exploits) are posing key
challenges. Moreover, many traditional security mechanisms are not amenable for
deployment on smaller resource-constrained IoT platforms. As a result,
researchers have been developing a range of methods for IoT security, with many
strategies using advanced machine learning(ML) techniques. Along these lines,
this paper presents a novel generative adversarial network(GAN) solution to
detect threats from malicious IoT devices both inside and outside a network.
This model is trained using both benign IoT traffic and global darknet data and
further evaluated in a testbed with real IoT devices and malware threats.Comment: 8 pages, 5 figure
Ransomware Detection Using Federated Learning with Imbalanced Datasets
Ransomware is a type of malware which encrypts user data and extorts payments
in return for the decryption keys. This cyberthreat is one of the most serious
challenges facing organizations today and has already caused immense financial
damage. As a result, many researchers have been developing techniques to
counter ransomware. Recently, the federated learning (FL) approach has also
been applied for ransomware analysis, allowing corporations to achieve
scalable, effective detection and attribution without having to share their
private data. However, in reality there is much variation in the quantity and
composition of ransomware data collected across multiple FL client
sites/regions. This imbalance will inevitably degrade the effectiveness of any
defense mechanisms. To address this concern, a modified FL scheme is proposed
using a weighted cross-entropy loss function approach to mitigate dataset
imbalance. A detailed performance evaluation study is then presented for the
case of static analysis using the latest Windows-based ransomware families. The
findings confirm improved ML classifier performance for a highly imbalanced
dataset.Comment: 6 pages, 4 figures, 3 table