Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive Pareto Ensemble classifier

Ransomware attacks pose a serious threat to Internet resources due to their far-reaching effects. It’s Zero-day variants are even more hazardous, as less is known about them. In this regard, when used for ransomware attack detection, conventional machine learning approaches may become data-dependent...

Descripción completa

Detalles Bibliográficos
Autores principales: Zahoora, Umme, Khan, Asifullah, Rajarajan, Muttukrishnan, Khan, Saddam Hussain, Asam, Muhammad, Jamal, Tauseef
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Nature Publishing Group UK 2022
Materias:
Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9485118/
https://www.ncbi.nlm.nih.gov/pubmed/36123364
http://dx.doi.org/10.1038/s41598-022-19443-7
_version_ 1784792021045608448
author Zahoora, Umme
Khan, Asifullah
Rajarajan, Muttukrishnan
Khan, Saddam Hussain
Asam, Muhammad
Jamal, Tauseef
author_facet Zahoora, Umme
Khan, Asifullah
Rajarajan, Muttukrishnan
Khan, Saddam Hussain
Asam, Muhammad
Jamal, Tauseef
author_sort Zahoora, Umme
collection PubMed
description Ransomware attacks pose a serious threat to Internet resources due to their far-reaching effects. It’s Zero-day variants are even more hazardous, as less is known about them. In this regard, when used for ransomware attack detection, conventional machine learning approaches may become data-dependent, insensitive to error cost, and thus may not tackle zero-day ransomware attacks. Zero-day ransomware have normally unseen underlying data distribution. This paper presents a Cost-Sensitive Pareto Ensemble strategy, CSPE-R to detect novel Ransomware attacks. Initially, the proposed framework exploits the unsupervised deep Contractive Auto Encoder (CAE) to transform the underlying varying feature space to a more uniform and core semantic feature space. To learn the robust features, the proposed CSPE-R ensemble technique explores different semantic spaces at various levels of detail. Heterogeneous base estimators are then trained over these extracted subspaces to find the core relevance between the various families of the ransomware attacks. Then, a novel Pareto Ensemble-based estimator selection strategy is implemented to achieve a cost-sensitive compromise between false positives and false negatives. Finally, the decision of selected estimators are aggregated to improve the detection against unknown ransomware attacks. The experimental results show that the proposed CSPE-R framework performs well against zero-day ransomware attacks.
format Online
Article
Text
id pubmed-9485118
institution National Center for Biotechnology Information
language English
publishDate 2022
publisher Nature Publishing Group UK
record_format MEDLINE/PubMed
spelling pubmed-94851182022-09-21 Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive Pareto Ensemble classifier Zahoora, Umme Khan, Asifullah Rajarajan, Muttukrishnan Khan, Saddam Hussain Asam, Muhammad Jamal, Tauseef Sci Rep Article Ransomware attacks pose a serious threat to Internet resources due to their far-reaching effects. It’s Zero-day variants are even more hazardous, as less is known about them. In this regard, when used for ransomware attack detection, conventional machine learning approaches may become data-dependent, insensitive to error cost, and thus may not tackle zero-day ransomware attacks. Zero-day ransomware have normally unseen underlying data distribution. This paper presents a Cost-Sensitive Pareto Ensemble strategy, CSPE-R to detect novel Ransomware attacks. Initially, the proposed framework exploits the unsupervised deep Contractive Auto Encoder (CAE) to transform the underlying varying feature space to a more uniform and core semantic feature space. To learn the robust features, the proposed CSPE-R ensemble technique explores different semantic spaces at various levels of detail. Heterogeneous base estimators are then trained over these extracted subspaces to find the core relevance between the various families of the ransomware attacks. Then, a novel Pareto Ensemble-based estimator selection strategy is implemented to achieve a cost-sensitive compromise between false positives and false negatives. Finally, the decision of selected estimators are aggregated to improve the detection against unknown ransomware attacks. The experimental results show that the proposed CSPE-R framework performs well against zero-day ransomware attacks. Nature Publishing Group UK 2022-09-19 /pmc/articles/PMC9485118/ /pubmed/36123364 http://dx.doi.org/10.1038/s41598-022-19443-7 Text en © The Author(s) 2022 https://creativecommons.org/licenses/by/4.0/Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ (https://creativecommons.org/licenses/by/4.0/) .
spellingShingle Article
Zahoora, Umme
Khan, Asifullah
Rajarajan, Muttukrishnan
Khan, Saddam Hussain
Asam, Muhammad
Jamal, Tauseef
Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive Pareto Ensemble classifier
title Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive Pareto Ensemble classifier
title_full Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive Pareto Ensemble classifier
title_fullStr Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive Pareto Ensemble classifier
title_full_unstemmed Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive Pareto Ensemble classifier
title_short Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive Pareto Ensemble classifier
title_sort ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive pareto ensemble classifier
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9485118/
https://www.ncbi.nlm.nih.gov/pubmed/36123364
http://dx.doi.org/10.1038/s41598-022-19443-7
work_keys_str_mv AT zahooraumme ransomwaredetectionusingdeeplearningbasedunsupervisedfeatureextractionandacostsensitiveparetoensembleclassifier
AT khanasifullah ransomwaredetectionusingdeeplearningbasedunsupervisedfeatureextractionandacostsensitiveparetoensembleclassifier
AT rajarajanmuttukrishnan ransomwaredetectionusingdeeplearningbasedunsupervisedfeatureextractionandacostsensitiveparetoensembleclassifier
AT khansaddamhussain ransomwaredetectionusingdeeplearningbasedunsupervisedfeatureextractionandacostsensitiveparetoensembleclassifier
AT asammuhammad ransomwaredetectionusingdeeplearningbasedunsupervisedfeatureextractionandacostsensitiveparetoensembleclassifier
AT jamaltauseef ransomwaredetectionusingdeeplearningbasedunsupervisedfeatureextractionandacostsensitiveparetoensembleclassifier

Ejemplares similares