Enhancing Cybersecurity: Ransomware Detection - A Proof of Concept Study

Authors

  • Madihah Mohd Saudi Cyber Security and Systems (CSS) Research Unit, Faculty of Science and Technology (FST), University Sains Islam Malaysia (USIM),71800 Nilai, Negeri Sembilan, Malaysia
  • Tamara Nusairat Faculty of Science and Engineering (FSE), Department of Computer Science and Engineering (CSE), Irbid National University, Road International Road 35, Irbid, Jordan
  • Azuan Ahmad Cyber Security and Systems (CSS) Research Unit, Faculty of Science and Technology (FST), University Sains Islam Malaysia (USIM),71800 Nilai, Negeri Sembilan, Malaysia
  • Muji Setiyo Center of Energy for Society and Industry (CESI), Universitas Muhammadiyah Magelang, Jl. Bambang Sugeng km.05 Mertoyudan Magelang, 56172, Indonesia

DOI:

https://doi.org/10.37934/araset.54.2.252268

Keywords:

Ransomware attacks, Hybrid analysis, IoMT, Ransomware detection

Abstract

Presently, our digital landscape faces a pervasive onslaught of diverse cyber threats, encompassing distributed denial of service (DDoS), phishing, ransomware, and smishing, all orchestrated with malicious intent. Counteracting these malicious incursions poses a formidable challenge, particularly in devising efficacious detection solutions. Ransomware incidents are on the ascent, particularly within critical sectors such as healthcare, finance, and telecommunications. Consequently, this paper introduces a proof of concept (POC) aimed at detecting ransomware activities targeting Internet of Medical Things (IoMT) devices. The primary objective of this paper revolves around the identification and evaluation of factors correlating with ransomware attacks on IoMT and then developing a ransomware detector. The experimental framework involves the utilization of a simulated environment mirroring real-world IoMT devices and networks. The methodology integrates diverse approaches, encompassing data collection from IoMT devices, analysis of ransomware behaviour through the study of encryption patterns, and anomaly detection. The POC assesses the efficacy of these methodologies in detecting and responding to ransomware threats, with the experimentation conducted through hybrid analysis within a controlled laboratory setting. The dataset consists of 13 families with a total malware of 9251 taken from GitHub. For POC, a total of 3459 ransomware dataset samples have been selected. As a result of the experiment, thirteen (13) distinct features have been identified as trigger factors for ransomware attacks. These features are obtained by capturing of the processes initiated by the ransomware samples using a process monitor (procmon). A temporal pattern of the processes which include the file system, API, and access based on their frequency of occurrence were used to develop a ransomware detection model. The proposed approach achieved an accuracy of 99.2% and an error rate of 0.8 %, when evaluated on temporal pattern dataset and by using an enhanced artificial neural network (EANN).

Downloads

Download data is not yet available.

Author Biographies

Madihah Mohd Saudi, Cyber Security and Systems (CSS) Research Unit, Faculty of Science and Technology (FST), University Sains Islam Malaysia (USIM),71800 Nilai, Negeri Sembilan, Malaysia

madihah@usim.edu.my

Tamara Nusairat, Faculty of Science and Engineering (FSE), Department of Computer Science and Engineering (CSE), Irbid National University, Road International Road 35, Irbid, Jordan

tamara_nusair@yahoo.com

Azuan Ahmad, Cyber Security and Systems (CSS) Research Unit, Faculty of Science and Technology (FST), University Sains Islam Malaysia (USIM),71800 Nilai, Negeri Sembilan, Malaysia

azuan@usim.edu.my

Muji Setiyo, Center of Energy for Society and Industry (CESI), Universitas Muhammadiyah Magelang, Jl. Bambang Sugeng km.05 Mertoyudan Magelang, 56172, Indonesia

setiyo.muji@ummgl.ac.id

Downloads

Published

2024-10-04

Issue

Section

Articles

Most read articles by the same author(s)