Zero-day attack and ransomware detection

• URL: http://arxiv.org/abs/2408.05244v1
• Date: Thu, 8 Aug 2024 02:23:42 GMT
• Title: Zero-day attack and ransomware detection
• Authors: Steven Jabulani Nhlapo, Mike Nkongolo Wa Nkongolo,
• Abstract summary: This study uses the UGRansome dataset to train various Machine Learning models for zero-day and ransomware attacks detection. The finding demonstrates that Random Forest (RFC), XGBoost, and Ensemble Methods achieved perfect scores in accuracy, precision, recall, and F1-score.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Zero-day and ransomware attacks continue to challenge traditional Network Intrusion Detection Systems (NIDS), revealing their limitations in timely threat classification. Despite efforts to reduce false positives and negatives, significant attacks persist, highlighting the need for advanced solutions. Machine Learning (ML) models show promise in enhancing NIDS. This study uses the UGRansome dataset to train various ML models for zero-day and ransomware attacks detection. The finding demonstrates that Random Forest Classifier (RFC), XGBoost, and Ensemble Methods achieved perfect scores in accuracy, precision, recall, and F1-score. In contrast, Support Vector Machine (SVM) and Naive Bayes (NB) models performed poorly. Comparison with other studies shows Decision Trees and Ensemble Methods improvements, with accuracy around 99.4% and 97.7%, respectively. Future research should explore Synthetic Minority Over-sampling Techniques (SMOTEs) and diverse or versatile datasets to improve real-time recognition of zero-day and ransomware attacks.

Related papers

• Unlearn and Burn: Adversarial Machine Unlearning Requests Destroy Model Accuracy [65.80757820884476]
  We expose a critical yet underexplored vulnerability in the deployment of unlearning systems. We present a threat model where an attacker can degrade model accuracy by submitting adversarial unlearning requests for data not present in the training set. We evaluate various verification mechanisms to detect the legitimacy of unlearning requests and reveal the challenges in verification.
  arXiv  Detail & Related papers  (2024-10-12T16:47:04Z)
• Challenging Machine Learning Algorithms in Predicting Vulnerable JavaScript Functions [2.243674903279612]
  State-of-the-art machine learning techniques can predict functions with possible security vulnerabilities in JavaScript programs. Best performing algorithm was KNN, which created a model for the prediction of vulnerable functions with an F-measure of 0.76. Deep learning, tree and forest based classifiers, and SVM were competitive with F-measures over 0.70.
  arXiv  Detail & Related papers  (2024-05-12T08:23:42Z)
• SIRST-5K: Exploring Massive Negatives Synthesis with Self-supervised Learning for Robust Infrared Small Target Detection [53.19618419772467]
  Single-frame infrared small target (SIRST) detection aims to recognize small targets from clutter backgrounds. With the development of Transformer, the scale of SIRST models is constantly increasing. With a rich diversity of infrared small target data, our algorithm significantly improves the model performance and convergence speed.
  arXiv  Detail & Related papers  (2024-03-08T16:14:54Z)
• Ransomware detection using stacked autoencoder for feature selection [0.0]
  The study meticulously analyzes the autoencoder's learned weights and activations to identify essential features for distinguishing ransomware families from other malware. The proposed model achieves an exceptional 99% accuracy in ransomware classification, surpassing the Extreme Gradient Boosting (XGBoost) algorithm.
  arXiv  Detail & Related papers  (2024-02-17T17:31:48Z)
• Small Effect Sizes in Malware Detection? Make Harder Train/Test Splits! [51.668411293817464]
  Industry practitioners care about small improvements in malware detection accuracy because their models are deployed to hundreds of millions of machines. Academic research is often restrained to public datasets on the order of ten thousand samples. We devise an approach to generate a benchmark of difficulty from a pool of available samples.
  arXiv  Detail & Related papers  (2023-12-25T21:25:55Z)
• Unleashing Mask: Explore the Intrinsic Out-of-Distribution Detection Capability [70.72426887518517]
  Out-of-distribution (OOD) detection is an indispensable aspect of secure AI when deploying machine learning models in real-world applications. We propose a novel method, Unleashing Mask, which aims to restore the OOD discriminative capabilities of the well-trained model with ID data. Our method utilizes a mask to figure out the memorized atypical samples, and then finetune the model or prune it with the introduced mask to forget them.
  arXiv  Detail & Related papers  (2023-06-06T14:23:34Z)
• A Dependable Hybrid Machine Learning Model for Network Intrusion Detection [1.222622290392729]
  We propose a new hybrid model that combines machine learning and deep learning to increase detection rates while securing dependability. Our method produces excellent results when tested on two datasets, KDDCUP'99 and CIC-MalMem-2022.
  arXiv  Detail & Related papers  (2022-12-08T20:19:27Z)
• From Zero-Shot Machine Learning to Zero-Day Attack Detection [3.6704226968275258]
  In certain applications such as Network Intrusion Detection Systems, it is challenging to obtain data samples for all attack classes that the model will most likely observe in production. In this paper, a zero-shot learning methodology has been proposed to evaluate the ML model performance in the detection of zero-day attack scenarios.
  arXiv  Detail & Related papers  (2021-09-30T06:23:00Z)
• Leveraging Uncertainty for Improved Static Malware Detection Under Extreme False Positive Constraints [21.241478970181912]
  We show how ensembling and Bayesian treatments of machine learning methods for static malware detection allow for improved identification of model errors. In particular, we improve the true positive rate (TPR) at an actual realized FPR of 1e-5 from an expected 0.69 for previous methods to 0.80 on the best performing model class on the Sophos industry scale dataset.
  arXiv  Detail & Related papers  (2021-08-09T14:30:23Z)
• How Robust are Randomized Smoothing based Defenses to Data Poisoning? [66.80663779176979]
  We present a previously unrecognized threat to robust machine learning models that highlights the importance of training-data quality. We propose a novel bilevel optimization-based data poisoning attack that degrades the robustness guarantees of certifiably robust classifiers. Our attack is effective even when the victim trains the models from scratch using state-of-the-art robust training methods.
  arXiv  Detail & Related papers  (2020-12-02T15:30:21Z)
• Adversarial Self-Supervised Contrastive Learning [62.17538130778111]
  Existing adversarial learning approaches mostly use class labels to generate adversarial samples that lead to incorrect predictions. We propose a novel adversarial attack for unlabeled data, which makes the model confuse the instance-level identities of the perturbed data samples. We present a self-supervised contrastive learning framework to adversarially train a robust neural network without labeled data.
  arXiv  Detail & Related papers  (2020-06-13T08:24:33Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.