Ransomware Detection and Classification Using Random Forest: A Case Study with the UGRansome2024 Dataset

• URL: http://arxiv.org/abs/2404.12855v1
• Date: Fri, 19 Apr 2024 12:50:03 GMT
• Title: Ransomware Detection and Classification Using Random Forest: A Case Study with the UGRansome2024 Dataset
• Authors: Peace Azugo, Hein Venter, Mike Wa Nkongolo,
• Abstract summary: We introduce UGRansome2024, an optimised dataset for ransomware detection in network traffic. This dataset is derived from the UGRansome data using an intuitionistic feature engineering approach. The study presents an analysis of ransomware detection using the UGRansome2024 dataset and the Random Forest algorithm.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Cybersecurity faces challenges in identifying and mitigating ransomware, which is important for protecting critical infrastructures. The absence of datasets for distinguishing normal versus abnormal network behaviour hinders the development of proactive detection strategies against ransomware. An obstacle in proactive prevention methods is the absence of comprehensive datasets for contrasting normal versus abnormal network behaviours. The dataset enabling such contrasts would significantly expedite threat anomaly mitigation. In this study, we introduce UGRansome2024, an optimised dataset for ransomware detection in network traffic. This dataset is derived from the UGRansome data using an intuitionistic feature engineering approach that considers only relevant patterns in network behaviour analysis. The study presents an analysis of ransomware detection using the UGRansome2024 dataset and the Random Forest algorithm. Through encoding and feature relevance determination, the Random Forest achieved a classification accuracy of 96% and effectively identified unusual ransomware transactions. Findings indicate that certain ransomware variants, such as those utilising Encrypt Decrypt Algorithms (EDA) and Globe ransomware, have the highest financial impact. These insights have significant implications for real-world cybersecurity practices, highlighting the importance of machine learning in ransomware detection and mitigation. Further research is recommended to expand datasets, explore alternative detection methods, and address limitations in current approaches.

Related papers

• Hierarchical Pattern Decryption Methodology for Ransomware Detection Using Probabilistic Cryptographic Footprints [0.0]
  The framework combines advanced clustering algorithms with machine learning to isolate ransomware-induced anomalies. It effectively distinguishes malicious encryption operations from benign activities while maintaining low false positive rates. The inclusion of real-time anomaly evaluation ensures rapid response capabilities, addressing critical latency challenges in ransomware detection.
  arXiv  Detail & Related papers  (2025-01-25T05:26:17Z)
• siForest: Detecting Network Anomalies with Set-Structured Isolation Forest [0.0]
  Modern cybersecurity systems face the challenge of analyzing billions of daily network interactions to identify potential threats. This paper investigates the use of variations of the Isolation Forest (iForest) machine learning algorithm for detecting anomalies in internet scan data. In particular, it presents the Set-Partitioned Isolation Forest (siForest), a novel extension of the iForest method to detect anomalies in set-structured data.
  arXiv  Detail & Related papers  (2024-12-08T18:18:40Z)
• KiNETGAN: Enabling Distributed Network Intrusion Detection through Knowledge-Infused Synthetic Data Generation [0.0]
  We propose a knowledge-infused Generative Adversarial Network for generating synthetic network activity data (KiNETGAN) Our approach enhances the resilience of distributed intrusion detection while addressing privacy concerns.
  arXiv  Detail & Related papers  (2024-05-26T08:02:02Z)
• Assessing Cyclostationary Malware Detection via Feature Selection and Classification [0.0]
  This research focuses on identifying cyclostationary malware behavior and its detection. Main goal is to pinpoint essential cyclostationary features used in NIDSs. Analysis identifies the internet protocol as the most noticeable cyclostationary feature pattern used by malware.
  arXiv  Detail & Related papers  (2023-08-29T11:52:31Z)
• Radial Spike and Slab Bayesian Neural Networks for Sparse Data in Ransomware Attacks [7.599718568619666]
  We propose a new type of Bayesian Neural network that includes a new form of the approximate posterior distribution. We demonstrate the performance of our model on a real dataset of ransomware attacks and show improvement over a large number of baselines. In addition, we propose to represent low-level events as MITRE ATT&CK tactics, techniques, and procedures (TTPs) which allows the model to better generalize to unseen ransomware attacks.
  arXiv  Detail & Related papers  (2022-05-29T20:18:14Z)
• Exploring Robustness of Unsupervised Domain Adaptation in Semantic Segmentation [74.05906222376608]
  We propose adversarial self-supervision UDA (or ASSUDA) that maximizes the agreement between clean images and their adversarial examples by a contrastive loss in the output space. This paper is rooted in two observations: (i) the robustness of UDA methods in semantic segmentation remains unexplored, which pose a security concern in this field; and (ii) although commonly used self-supervision (e.g., rotation and jigsaw) benefits image tasks such as classification and recognition, they fail to provide the critical supervision signals that could learn discriminative representation for segmentation tasks.
  arXiv  Detail & Related papers  (2021-05-23T01:50:44Z)
• Few-shot Network Anomaly Detection via Cross-network Meta-learning [45.8111239825361]
  We propose a new family of graph neural networks -- Graph Deviation Networks (GDN) GDN can leverage a small number of labeled anomalies for enforcing statistically significant deviations between abnormal and normal nodes on a network. We equip the proposed GDN with a new cross-network meta-learning algorithm to realize few-shot network anomaly detection.
  arXiv  Detail & Related papers  (2021-02-22T16:42:37Z)
• Increasing the Confidence of Deep Neural Networks by Coverage Analysis [71.57324258813674]
  This paper presents a lightweight monitoring architecture based on coverage paradigms to enhance the model against different unsafe inputs. Experimental results show that the proposed approach is effective in detecting both powerful adversarial examples and out-of-distribution inputs.
  arXiv  Detail & Related papers  (2021-01-28T16:38:26Z)
• Bayesian Optimization with Machine Learning Algorithms Towards Anomaly Detection [66.05992706105224]
  In this paper, an effective anomaly detection framework is proposed utilizing Bayesian Optimization technique. The performance of the considered algorithms is evaluated using the ISCX 2012 dataset. Experimental results show the effectiveness of the proposed framework in term of accuracy rate, precision, low-false alarm rate, and recall.
  arXiv  Detail & Related papers  (2020-08-05T19:29:35Z)
• Graph Backdoor [53.70971502299977]
  We present GTA, the first backdoor attack on graph neural networks (GNNs) GTA departs in significant ways: it defines triggers as specific subgraphs, including both topological structures and descriptive features. It can be instantiated for both transductive (e.g., node classification) and inductive (e.g., graph classification) tasks.
  arXiv  Detail & Related papers  (2020-06-21T19:45:30Z)
• Survey of Network Intrusion Detection Methods from the Perspective of the Knowledge Discovery in Databases Process [63.75363908696257]
  We review the methods that have been applied to network data with the purpose of developing an intrusion detector. We discuss the techniques used for the capture, preparation and transformation of the data, as well as, the data mining and evaluation methods. As a result of this literature review, we investigate some open issues which will need to be considered for further research in the area of network security.
  arXiv  Detail & Related papers  (2020-01-27T11:21:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.