Industrial internet of things based ransomware detection using stacked variational neural network

Muna AL-Hawawreh; Elena Sitnikova

doi:10.1145/3361758.3361763

Industrial internet of things based ransomware detection using stacked variational neural network

Muna AL-Hawawreh, Elena Sitnikova

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

33 Citations (Scopus)

Abstract

To protect the Industrial Internet of Things (IIoT) systems against ransomware attacks, their host machines systems activities need to be efficiently monitored by an efficient detection model that is able to accurately detect ransomware behavior and trigger an alarm before its impact extends to the critical control systems. However, the detection models for these hosts' machines encounter significant challenges in dealing with a high dimension data, few numbers of trained observations, and the dynamic behavior of ransomware. Therefore, there is a need for an efficient detection model that can address these challenges. In this paper, we propose a detection model based on the stacked Variational Auto-Encoder (VAE) with a fully connected neural network that is able to learn the latent structure of system activities and reveal the ransomware behavior. Further, we also come up with a data augmentation method based on VAE for generating new data that can be used in training a fully connected network in order to improve the generalized capabilities of the proposed detection model. The results showed that our proposed model achieved considerable performance in detecting ransomware activities.

Original language	English
Title of host publication	BDIOT 2019 - 3rd International Conference on Big Data and Internet of Things
Publisher	Association for Computing Machinery
Pages	126-130
Number of pages	5
ISBN (Electronic)	9781450372466
DOIs	https://doi.org/10.1145/3361758.3361763
Publication status	Published - 22 Aug 2019
Externally published	Yes
Event	3rd International Conference on Big Data and Internet of Things, BDIOT 2019 - Melbourne, Australia Duration: 22 Aug 2019 → 24 Aug 2019

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	3rd International Conference on Big Data and Internet of Things, BDIOT 2019
Country/Territory	Australia
City	Melbourne
Period	22/08/19 → 24/08/19

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 9 Industry, Innovation, and Infrastructure

Keywords

API
Deep learning
Detection
IIoT
LAN
Ransomware
Windows

Access to Document

10.1145/3361758.3361763Licence: In Copyright

Cite this

@inproceedings{26dd4559f4064e13bb38532b23b7f6d1,

title = "Industrial internet of things based ransomware detection using stacked variational neural network",

abstract = "To protect the Industrial Internet of Things (IIoT) systems against ransomware attacks, their host machines systems activities need to be efficiently monitored by an efficient detection model that is able to accurately detect ransomware behavior and trigger an alarm before its impact extends to the critical control systems. However, the detection models for these hosts' machines encounter significant challenges in dealing with a high dimension data, few numbers of trained observations, and the dynamic behavior of ransomware. Therefore, there is a need for an efficient detection model that can address these challenges. In this paper, we propose a detection model based on the stacked Variational Auto-Encoder (VAE) with a fully connected neural network that is able to learn the latent structure of system activities and reveal the ransomware behavior. Further, we also come up with a data augmentation method based on VAE for generating new data that can be used in training a fully connected network in order to improve the generalized capabilities of the proposed detection model. The results showed that our proposed model achieved considerable performance in detecting ransomware activities.",

keywords = "API, Deep learning, Detection, IIoT, LAN, Ransomware, Windows",

author = "Muna AL-Hawawreh and Elena Sitnikova",

year = "2019",

month = aug,

day = "22",

doi = "10.1145/3361758.3361763",

language = "English",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

pages = "126--130",

booktitle = "BDIOT 2019 - 3rd International Conference on Big Data and Internet of Things",

note = "3rd International Conference on Big Data and Internet of Things, BDIOT 2019 ; Conference date: 22-08-2019 Through 24-08-2019",

}

AL-Hawawreh, M & Sitnikova, E 2019, Industrial internet of things based ransomware detection using stacked variational neural network. in BDIOT 2019 - 3rd International Conference on Big Data and Internet of Things. ACM International Conference Proceeding Series, Association for Computing Machinery, pp. 126-130, 3rd International Conference on Big Data and Internet of Things, BDIOT 2019, Melbourne, Australia, 22/08/19. https://doi.org/10.1145/3361758.3361763

Industrial internet of things based ransomware detection using stacked variational neural network. / AL-Hawawreh, Muna; Sitnikova, Elena.
BDIOT 2019 - 3rd International Conference on Big Data and Internet of Things. Association for Computing Machinery, 2019. p. 126-130 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Industrial internet of things based ransomware detection using stacked variational neural network

AU - AL-Hawawreh, Muna

AU - Sitnikova, Elena

PY - 2019/8/22

Y1 - 2019/8/22

N2 - To protect the Industrial Internet of Things (IIoT) systems against ransomware attacks, their host machines systems activities need to be efficiently monitored by an efficient detection model that is able to accurately detect ransomware behavior and trigger an alarm before its impact extends to the critical control systems. However, the detection models for these hosts' machines encounter significant challenges in dealing with a high dimension data, few numbers of trained observations, and the dynamic behavior of ransomware. Therefore, there is a need for an efficient detection model that can address these challenges. In this paper, we propose a detection model based on the stacked Variational Auto-Encoder (VAE) with a fully connected neural network that is able to learn the latent structure of system activities and reveal the ransomware behavior. Further, we also come up with a data augmentation method based on VAE for generating new data that can be used in training a fully connected network in order to improve the generalized capabilities of the proposed detection model. The results showed that our proposed model achieved considerable performance in detecting ransomware activities.

AB - To protect the Industrial Internet of Things (IIoT) systems against ransomware attacks, their host machines systems activities need to be efficiently monitored by an efficient detection model that is able to accurately detect ransomware behavior and trigger an alarm before its impact extends to the critical control systems. However, the detection models for these hosts' machines encounter significant challenges in dealing with a high dimension data, few numbers of trained observations, and the dynamic behavior of ransomware. Therefore, there is a need for an efficient detection model that can address these challenges. In this paper, we propose a detection model based on the stacked Variational Auto-Encoder (VAE) with a fully connected neural network that is able to learn the latent structure of system activities and reveal the ransomware behavior. Further, we also come up with a data augmentation method based on VAE for generating new data that can be used in training a fully connected network in order to improve the generalized capabilities of the proposed detection model. The results showed that our proposed model achieved considerable performance in detecting ransomware activities.

KW - API

KW - Deep learning

KW - Detection

KW - IIoT

KW - LAN

KW - Ransomware

KW - Windows

UR - http://www.scopus.com/inward/record.url?scp=85076592067&partnerID=8YFLogxK

U2 - 10.1145/3361758.3361763

DO - 10.1145/3361758.3361763

M3 - Conference contribution

AN - SCOPUS:85076592067

T3 - ACM International Conference Proceeding Series

SP - 126

EP - 130

BT - BDIOT 2019 - 3rd International Conference on Big Data and Internet of Things

PB - Association for Computing Machinery

T2 - 3rd International Conference on Big Data and Internet of Things, BDIOT 2019

Y2 - 22 August 2019 through 24 August 2019

ER -

Industrial internet of things based ransomware detection using stacked variational neural network

Abstract

Publication series

Conference

UN SDGs

Keywords

Access to Document

Other files and links

Fingerprint

Cite this