Universiti Teknologi Malaysia Institutional Repository

Crypto-ransomware early detection model using novel incremental bagging with enhanced semi-random subspace selection

Al-rimy, Bander Ali Saleh and Maarof, Mohd. Aizaini and Mohd. Shaid, Syed Zainudeen (2019) Crypto-ransomware early detection model using novel incremental bagging with enhanced semi-random subspace selection. Future Generation Computer Systems, 101 . pp. 476-491. ISSN 0167-739X

Full text not available from this repository.

Official URL: http://dx.doi.org/10.1016/j.future.2019.06.005


The irreversible effect is what characterizes crypto-ransomware and distinguishes it from traditional malware. That is, even after neutralizing the attack, the targeted files remain encrypted and cannot be accessed without the decryption key. Thus, it is imperative to detect such a threat early, i.e. in the initial phases before the encryption takes place. However, the lack of sufficient information in initial phases of the attack is the main challenge to early detection, leading to low detection accuracy and a high rate of false alarms. This is due to the way that the existing solutions have been designed based on, which assumes the availability of complete information about the behavior of such attacks at detection time. Nevertheless, this does not hold for early detection that takes place while the attack is underway, and data are not fully available. To address such limitations, this paper proposes two novel techniques; incremental bagging (iBagging) and enhanced semi-random subspace selection (ESRS), and incorporates them into an ensemble-based detection model. The proposed iBagging was firstly used to build incremental subsets in a way that reflects the progression of crypto-ransomware behavior during its different attack phases. ESRS was then used to build optimal, noise-free and diverse features subspaces, by which, a pool of classifiers was trained. Finally, a grid search was employed to select the best combination of base classifiers. Majority voting was utilized for the final decision. The experimental evaluation of the proposed techniques and model was conducted and compared with the existing crypto-ransomware early detection solutions. The results demonstrate that the proposed techniques and model overcame the data limitation in the early phases of the attacks and achieved higher detection accuracy than existing solutions.

Item Type:Article
Uncontrolled Keywords:ensemble learning, IoT, malware, ransomware
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
ID Code:89407
Deposited By: Yanti Mohd Shah
Deposited On:22 Feb 2021 14:04
Last Modified:22 Feb 2021 14:04

Repository Staff Only: item control page