Industrial Internet of Things Based Ransomware Detection using Stacked Variational Neural Network

To protect the Industrial Internet of Things (IIoT) systems against ransomware attacks, their host machines systems activities need to be efficiently monitored by an efficient detection model that is able to accurately detect ransomware behavior and trigger an alarm before its impact extends to the critical control systems. However, the detection models for these hosts' machines encounter significant challenges in dealing with a high dimension data, few numbers of trained observations, and the dynamic behavior of ransomware. Therefore, there is a need for an efficient detection model that can address these challenges. In this paper, we propose a detection model based on the stacked Variational Auto-Encoder (VAE) with a fully connected neural network that is able to learn the latent structure of system activities and reveal the ransomware behavior. Further, we also come up with a data augmentation method based on VAE for generating new data that can be used in training a fully connected network in order to improve the generalized capabilities of the proposed detection model. The results showed that our proposed model achieved considerable performance in detecting ransomware activities.

[1]  Tseng Aragorn,et al.  Deep Learning for Ransomware Detection , 2016 .

[2]  Munam Ali Shah,et al.  IoT based ransomware growth rate evaluation and detection using command and control blacklisting , 2017, 2017 23rd International Conference on Automation and Computing (ICAC).

[3]  Muna Al-Hawawreh,et al.  Targeted Ransomware: A New Cyber Threat to Edge System of Brownfield Industrial Internet of Things , 2019, IEEE Internet of Things Journal.

[4]  Ali Dehghantanha,et al.  Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence , 2018, IEEE Transactions on Emerging Topics in Computing.

[5]  Raheem Beyah,et al.  Out of Control : Ransomware for Industrial Control Systems , 2017 .

[6]  D. Nieuwenhuizen A behavioural-based approach to ransomware detection , 2017 .

[7]  Carl Doersch,et al.  Tutorial on Variational Autoencoders , 2016, ArXiv.

[8]  Prabaharan Poornachandran,et al.  Deep learning LSTM based ransomware detection , 2017, 2017 Recent Developments in Control, Automation & Power Engineering (RDCAPE).

[9]  Jeffrey L. Gunter,et al.  Medical Image Synthesis for Data Augmentation and Anonymization using Generative Adversarial Networks , 2018, SASHIMI@MICCAI.

[10]  Ali Dehghantanha,et al.  DRTHIS: Deep ransomware threat hunting and intelligence system at the fog layer , 2019, Future Gener. Comput. Syst..

[11]  Patrick Traynor,et al.  CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data , 2016, 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).

[12]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[13]  Mohsen Guizani,et al.  The rise of ransomware and emerging security challenges in the Internet of Things , 2017, Comput. Networks.

[14]  Ali Dehghantanha,et al.  Detecting crypto-ransomware in IoT networks based on energy consumption footprint , 2018, J. Ambient Intell. Humaniz. Comput..

[15]  Carolina Adaros Boye,et al.  Cyber-Risks in the Industrial Internet of Things (IIoT): Towards a Method for Continuous Assessment , 2018, ISC.

[16]  Fabio Martinelli,et al.  R-PackDroid: API package-based characterization and detection of mobile ransomware , 2017, SAC.

[17]  Ali Dehghantanha,et al.  Leveraging Machine Learning Techniques for Windows Ransomware Network Traffic Detection , 2018, ArXiv.

[18]  Kazukuni Kobara,et al.  Cyber Physical Security for Industrial Control Systems and IoT , 2016, IEICE Trans. Inf. Syst..

[19]  Qi Shi,et al.  A Deep Learning Approach to Network Intrusion Detection , 2018, IEEE Transactions on Emerging Topics in Computational Intelligence.

[20]  Bander Ali Saleh Al-rimy,et al.  Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions , 2018, Comput. Secur..

[21]  Daniele Sgandurra,et al.  Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection , 2016, ArXiv.