Ransomware Detection Dynamics: Insights and Implications
- URL: http://arxiv.org/abs/2402.04594v1
- Date: Wed, 7 Feb 2024 05:36:06 GMT
- Title: Ransomware Detection Dynamics: Insights and Implications
- Authors: Mike Nkongolo
- Abstract summary: This research investigates the utilization of a feature selection algorithm for distinguishing ransomware-related and benign transactions in Bitcoin (BTC) and United States Dollar (USD)
We propose a set of novel features designed to capture the distinct characteristics of ransomware activity within the cryptocurrency ecosystem.
Through rigorous experimentation and evaluation, we demonstrate the effectiveness of our feature set in accurately extracting BTC and USD transactions.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The rise of ransomware attacks has necessitated the development of effective
strategies for identifying and mitigating these threats. This research
investigates the utilization of a feature selection algorithm for
distinguishing ransomware-related and benign transactions in both Bitcoin (BTC)
and United States Dollar (USD). Leveraging the UGRansome dataset, a
comprehensive repository of ransomware related BTC and USD transactions, we
propose a set of novel features designed to capture the distinct
characteristics of ransomware activity within the cryptocurrency ecosystem.
These features encompass transaction metadata, ransom analysis, and behavioral
patterns, offering a multifaceted view of ransomware-related financial
transactions. Through rigorous experimentation and evaluation, we demonstrate
the effectiveness of our feature set in accurately extracting BTC and USD
transactions, thereby aiding in the early detection and prevention of
ransomware-related financial flows. We introduce a Ransomware Feature Selection
Algorithm (RFSA) based on Gini Impurity and Mutual Information (MI) for
selecting crucial ransomware features from the UGRansome dataset. Insights from
the visualization highlight the potential of Gini Impurity and MI-based feature
selection to enhance ransomware detection systems by effectively discriminating
between ransomware classes. The analysis reveals that approximately 68% of
ransomware incidents involve BTC transactions within the range of 1.46 to 2.56,
with an average of 2.01 BTC transactions per attack. The findings emphasize the
dynamic and adaptable nature of ransomware demands, suggesting that there is no
fixed amount for specific cyberattacks, highlighting the evolving landscape of
ransomware threats.
Related papers
- Blockchain security for ransomware detection [0.0]
This study uses the Lazy Predict library to automate machine learning (ML) on the UGRansome dataset.
Key features such as timestamps, protocols, and financial data are used to predict anomalies as zero-day threats.
Results demonstrate that ML can significantly improve cybersecurity in blockchain environments.
arXiv Detail & Related papers (2024-07-23T22:04:41Z) - Understanding crypter-as-a-service in a popular underground marketplace [51.328567400947435]
Crypters are pieces of software whose main goal is to transform a target binary so it can avoid detection from Anti Viruses (AVs) applications.
The crypter-as-a-service model has gained popularity, in response to the increased sophistication of detection mechanisms.
This paper provides the first study on an online underground market dedicated to crypter-as-a-service.
arXiv Detail & Related papers (2024-05-20T08:35:39Z) - Detection of ransomware attacks using federated learning based on the CNN model [3.183529890105507]
This paper offers a ransomware attack modeling technique that targets the disrupted operation of a digital substation.
Experiments demonstrate that the suggested technique detects ransomware with a high accuracy rate.
arXiv Detail & Related papers (2024-05-01T09:57:34Z) - Ransomware Detection and Classification Using Random Forest: A Case Study with the UGRansome2024 Dataset [0.0]
We introduce UGRansome2024, an optimised dataset for ransomware detection in network traffic.
This dataset is derived from the UGRansome data using an intuitionistic feature engineering approach.
The study presents an analysis of ransomware detection using the UGRansome2024 dataset and the Random Forest algorithm.
arXiv Detail & Related papers (2024-04-19T12:50:03Z) - Ransomware Detection and Classification using Machine Learning [7.573297026523597]
This study uses the XGBoost and Random Forest (RF) algorithms to detect and classify ransomware attacks.
The models are evaluated on a dataset of ransomware attacks and demonstrate their effectiveness in accurately detecting and classifying ransomware.
arXiv Detail & Related papers (2023-11-05T18:16:53Z) - Transaction Fraud Detection via an Adaptive Graph Neural Network [64.9428588496749]
We propose an Adaptive Sampling and Aggregation-based Graph Neural Network (ASA-GNN) that learns discriminative representations to improve the performance of transaction fraud detection.
A neighbor sampling strategy is performed to filter noisy nodes and supplement information for fraudulent nodes.
Experiments on three real financial datasets demonstrate that the proposed method ASA-GNN outperforms state-of-the-art ones.
arXiv Detail & Related papers (2023-07-11T07:48:39Z) - Blockchain Large Language Models [65.7726590159576]
This paper presents a dynamic, real-time approach to detecting anomalous blockchain transactions.
The proposed tool, BlockGPT, generates tracing representations of blockchain activity and trains from scratch a large language model to act as a real-time Intrusion Detection System.
arXiv Detail & Related papers (2023-04-25T11:56:18Z) - DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified
Robustness [58.23214712926585]
We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection.
Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables.
We are the first to offer certified robustness in the realm of static detection of malware executables.
arXiv Detail & Related papers (2023-03-20T17:25:22Z) - Minerva: A File-Based Ransomware Detector [2.139756658997758]
This paper presents Minerva, a novel robust approach to ransomware detection.
Minerva is engineered to be robust by design against evasion attacks, with architectural and feature selection choices informed by their resilience to adversarial manipulation.
Our evaluation showcases the ability of Minerva to accurately identify ransomware, generalize to unseen threats, and withstand evasion attacks.
arXiv Detail & Related papers (2023-01-26T11:47:10Z) - Mate! Are You Really Aware? An Explainability-Guided Testing Framework
for Robustness of Malware Detectors [49.34155921877441]
We propose an explainability-guided and model-agnostic testing framework for robustness of malware detectors.
We then use this framework to test several state-of-the-art malware detectors' abilities to detect manipulated malware.
Our findings shed light on the limitations of current malware detectors, as well as how they can be improved.
arXiv Detail & Related papers (2021-11-19T08:02:38Z) - Being Single Has Benefits. Instance Poisoning to Deceive Malware
Classifiers [47.828297621738265]
We show how an attacker can launch a sophisticated and efficient poisoning attack targeting the dataset used to train a malware classifier.
As opposed to other poisoning attacks in the malware detection domain, our attack does not focus on malware families but rather on specific malware instances that contain an implanted trigger.
We propose a comprehensive detection approach that could serve as a future sophisticated defense against this newly discovered severe threat.
arXiv Detail & Related papers (2020-10-30T15:27:44Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.