A Multi-Tier Streaming Analytics Model of 0-Day Ransomware Detection Using Machine Learning

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F62690094%3A18450%2F20%3A50017062" target="_blank" >RIV/62690094:18450/20:50017062 - isvavai.cz</a>

Výsledek na webu

<a href="https://www.mdpi.com/2076-3417/10/9/3210/htm" target="_blank" >https://www.mdpi.com/2076-3417/10/9/3210/htm</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.3390/app10093210" target="_blank" >10.3390/app10093210</a>

Jazyk výsledku

angličtina

Název v původním jazyce

A Multi-Tier Streaming Analytics Model of 0-Day Ransomware Detection Using Machine Learning

Popis výsledku v původním jazyce

Desktop and portable platform-based information systems become the most tempting target of crypto and locker ransomware attacks during the last decades. Hence, researchers have developed anti-ransomware tools to assist the Windows platform at thwarting ransomware attacks, protecting the information, preserving the users&apos; privacy, and securing the inter-related information systems through the Internet. Furthermore, they utilized machine learning to devote useful anti-ransomware tools that detect sophisticated versions. However, such anti-ransomware tools remain sub-optimal in efficacy, partial to analyzing ransomware traits, inactive to learn significant and imbalanced data streams, limited to attributing the versions&apos; ancestor families, and indecisive about fusing the multi-descent versions. In this paper, we propose a hybrid machine learner model, which is a multi-tiered streaming analytics model that classifies various ransomware versions of 14 families by learning 24 static and dynamic traits. The proposed model classifies ransomware versions to their ancestor families numerally and fuses those of multi-descent families statistically. Thus, it classifies ransomware versions among 40K corpora of ransomware, malware, and good-ware versions through both semi-realistic and realistic environments. The supremacy of this ransomware streaming analytics model among competitive anti-ransomware technologies is proven experimentally and justified critically with the average of 97% classification accuracy, 2.4% mistake rate, and 0.34% miss rate under comparative and realistic test.

Název v anglickém jazyce

A Multi-Tier Streaming Analytics Model of 0-Day Ransomware Detection Using Machine Learning

Popis výsledku anglicky

Desktop and portable platform-based information systems become the most tempting target of crypto and locker ransomware attacks during the last decades. Hence, researchers have developed anti-ransomware tools to assist the Windows platform at thwarting ransomware attacks, protecting the information, preserving the users&apos; privacy, and securing the inter-related information systems through the Internet. Furthermore, they utilized machine learning to devote useful anti-ransomware tools that detect sophisticated versions. However, such anti-ransomware tools remain sub-optimal in efficacy, partial to analyzing ransomware traits, inactive to learn significant and imbalanced data streams, limited to attributing the versions&apos; ancestor families, and indecisive about fusing the multi-descent versions. In this paper, we propose a hybrid machine learner model, which is a multi-tiered streaming analytics model that classifies various ransomware versions of 14 families by learning 24 static and dynamic traits. The proposed model classifies ransomware versions to their ancestor families numerally and fuses those of multi-descent families statistically. Thus, it classifies ransomware versions among 40K corpora of ransomware, malware, and good-ware versions through both semi-realistic and realistic environments. The supremacy of this ransomware streaming analytics model among competitive anti-ransomware technologies is proven experimentally and justified critically with the average of 97% classification accuracy, 2.4% mistake rate, and 0.34% miss rate under comparative and realistic test.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

20401 - Chemical engineering (plants, products)

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2020

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

APPLIED SCIENCES-BASEL

ISSN

2076-3417

e-ISSN

—

Svazek periodika

10

Číslo periodika v rámci svazku

9

Stát vydavatele periodika

CH - Švýcarská konfederace

Počet stran výsledku

23

Strana od-do

"Article Number: 3210"

Kód UT WoS článku

000535541900223

EID výsledku v databázi Scopus

2-s2.0-85085074436