iCNN-LSTM: A batch-based incremental ransomware detection system using Sysmon

• URL: http://arxiv.org/abs/2501.01083v1
• Date: Thu, 02 Jan 2025 05:57:41 GMT
• Title: iCNN-LSTM: A batch-based incremental ransomware detection system using Sysmon
• Authors: Jamil Ispahany, MD Rafiqul Islam, M. Arif Khan, MD Zahidul Islam,
• Abstract summary: This study presents a novel detection system that integrates Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks. By leveraging Sysmon logs, the system enables real-time analysis on Windows-based endpoints.
• Score: 1.495391051525033
• License:
• Abstract: In response to the increasing ransomware threat, this study presents a novel detection system that integrates Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks. By leveraging Sysmon logs, the system enables real-time analysis on Windows-based endpoints. Our approach overcomes the limitations of traditional models by employing batch-based incremental learning, allowing the system to continuously adapt to new ransomware variants without requiring complete retraining. The proposed model achieved an impressive average F2-score of 99.61\%, with low false positive and false negative rates of 0.17\% and 4.69\%, respectively, within a highly imbalanced dataset. This demonstrates exceptional accuracy in identifying malicious behaviour. The dynamic detection capabilities of Sysmon enhance the model's effectiveness by providing a reliable stream of security events, mitigating the vulnerabilities associated with static detection methods. Furthermore, the parallel processing of LSTM modules, combined with attention mechanisms, significantly improves training efficiency and reduces latency, making our system well-suited for real-world applications. These findings underscore the potential of our CNN-LSTM framework as a robust solution for real-time ransomware detection, ensuring adaptability and resilience in the face of evolving cyber threats.

Related papers

• Decentralized Entropy-Based Ransomware Detection Using Autonomous Feature Resonance [0.0]
  A novel approach, termed Autonomous Feature Resonance, is introduced to address the limitations of traditional ransomware detection methods. The proposed method achieves an overall detection accuracy of 97.3%, with false positive and false negative rates of 1.8% and 2.1%, respectively.
  arXiv  Detail & Related papers  (2025-02-14T00:26:10Z)
• A Sysmon Incremental Learning System for Ransomware Analysis and Detection [1.495391051525033]
  In the face of increasing cyber threats, particularly ransomware attacks, there is a pressing need for advanced detection and analysis systems. Most of these proposals leverage non-incremental learning approaches that require the underlying models to be updated from scratch to detect new ransomware. This approach is problematic because it leaves sensitive data vulnerable to attack during retraining, as newly emerging ransomware strains may go undetected until the model is updated. We present the Sysmon Incremental Learning System for Analysis and Detection (SILRAD), which enables continuous updates to the underlying model and effectively closes the training gap.
  arXiv  Detail & Related papers  (2025-01-02T06:22:58Z)
• A Temporal Convolutional Network-based Approach for Network Intrusion Detection [0.0]
  This study proposes a Temporal Convolutional Network(TCN) model featuring a residual block architecture with dilated convolutions to capture dependencies in network traffic data. The proposed model achieved an accuracy of 96.72% and a loss of 0.0688, outperforming 1D CNN, CNN-LSTM, CNN-GRU, CNN-BiLSTM, and CNN-GRU-LSTM models.
  arXiv  Detail & Related papers  (2024-12-23T10:19:29Z)
• Enhanced Convolution Neural Network with Optimized Pooling and Hyperparameter Tuning for Network Intrusion Detection [0.0]
  We propose an Enhanced Convolutional Neural Network (EnCNN) for Network Intrusion Detection Systems (NIDS) We compare EnCNN with various machine learning algorithms, including Logistic Regression, Decision Trees, Support Vector Machines (SVM), and ensemble methods like Random Forest, AdaBoost, and Voting Ensemble. The results show that EnCNN significantly improves detection accuracy, with a notable 10% increase over state-of-art approaches.
  arXiv  Detail & Related papers  (2024-09-27T11:20:20Z)
• Enhancing IoT Security with CNN and LSTM-Based Intrusion Detection Systems [0.23408308015481666]
  Our proposed model consists on a combination of convolutional neural network (CNN) and long short-term memory (LSTM) deep learning (DL) models. This fusion facilitates the detection and classification of IoT traffic into binary categories, benign and malicious activities. Our proposed model achieves an accuracy rate of 98.42%, accompanied by a minimal loss of 0.0275.
  arXiv  Detail & Related papers  (2024-05-28T22:12:15Z)
• Adaptive Robotic Arm Control with a Spiking Recurrent Neural Network on a Digital Accelerator [41.60361484397962]
  We present an overview of the system, and a Python framework to use it on a Pynq ZU platform. We show how the simulated accuracy is preserved with a peak performance of 3.8M events processed per second.
  arXiv  Detail & Related papers  (2024-05-21T14:59:39Z)
• Quantization-aware Interval Bound Propagation for Training Certifiably Robust Quantized Neural Networks [58.195261590442406]
  We study the problem of training and certifying adversarially robust quantized neural networks (QNNs) Recent work has shown that floating-point neural networks that have been verified to be robust can become vulnerable to adversarial attacks after quantization. We present quantization-aware interval bound propagation (QA-IBP), a novel method for training robust QNNs.
  arXiv  Detail & Related papers  (2022-11-29T13:32:38Z)
• Audio Anti-spoofing Using a Simple Attention Module and Joint Optimization Based on Additive Angular Margin Loss and Meta-learning [43.519717601587864]
  This study introduces a simple attention module to infer 3-dim attention weights for the feature map in a convolutional layer. We propose a joint optimization approach based on the weighted additive angular margin loss for binary classification. Our proposed approach delivers a competitive result with a pooled EER of 0.99% and min t-DCF of 0.0289.
  arXiv  Detail & Related papers  (2022-11-17T21:25:29Z)
• Signal Detection in MIMO Systems with Hardware Imperfections: Message Passing on Neural Networks [101.59367762974371]
  In this paper, we investigate signal detection in multiple-input-multiple-output (MIMO) communication systems with hardware impairments. It is difficult to train a deep neural network (DNN) with limited pilot signals, hindering its practical applications. We design an efficient message passing based Bayesian signal detector, leveraging the unitary approximate message passing (UAMP) algorithm.
  arXiv  Detail & Related papers  (2022-10-08T04:32:58Z)
• Interference-Limited Ultra-Reliable and Low-Latency Communications: Graph Neural Networks or Stochastic Geometry? [45.776476161876204]
  We build a cascaded Random Edge Graph Neural Network (REGNN) to represent the repetition scheme and train it. We analyze the violation probability using geometry in a symmetric scenario and apply a model-based Exhaustive Search (ES) method to find the optimal solution.
  arXiv  Detail & Related papers  (2022-07-11T05:49:41Z)
• Object Tracking through Residual and Dense LSTMs [67.98948222599849]
  Deep learning-based trackers based on LSTMs (Long Short-Term Memory) recurrent neural networks have emerged as a powerful alternative. DenseLSTMs outperform Residual and regular LSTM, and offer a higher resilience to nuisances. Our case study supports the adoption of residual-based RNNs for enhancing the robustness of other trackers.
  arXiv  Detail & Related papers  (2020-06-22T08:20:17Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.