Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive Pareto Ensemble classifier
Abstract Ransomware attacks pose a serious threat to Internet resources due to their far-reaching effects. It’s Zero-day variants are even more hazardous, as less is known about them. In this regard, when used for ransomware attack detection, conventional machine learning approaches may become data-...
Main Authors: | , , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Nature Portfolio
2022-09-01
|
Series: | Scientific Reports |
Online Access: | https://doi.org/10.1038/s41598-022-19443-7 |
_version_ | 1798001391453601792 |
---|---|
author | Umme Zahoora Asifullah Khan Muttukrishnan Rajarajan Saddam Hussain Khan Muhammad Asam Tauseef Jamal |
author_facet | Umme Zahoora Asifullah Khan Muttukrishnan Rajarajan Saddam Hussain Khan Muhammad Asam Tauseef Jamal |
author_sort | Umme Zahoora |
collection | DOAJ |
description | Abstract Ransomware attacks pose a serious threat to Internet resources due to their far-reaching effects. It’s Zero-day variants are even more hazardous, as less is known about them. In this regard, when used for ransomware attack detection, conventional machine learning approaches may become data-dependent, insensitive to error cost, and thus may not tackle zero-day ransomware attacks. Zero-day ransomware have normally unseen underlying data distribution. This paper presents a Cost-Sensitive Pareto Ensemble strategy, CSPE-R to detect novel Ransomware attacks. Initially, the proposed framework exploits the unsupervised deep Contractive Auto Encoder (CAE) to transform the underlying varying feature space to a more uniform and core semantic feature space. To learn the robust features, the proposed CSPE-R ensemble technique explores different semantic spaces at various levels of detail. Heterogeneous base estimators are then trained over these extracted subspaces to find the core relevance between the various families of the ransomware attacks. Then, a novel Pareto Ensemble-based estimator selection strategy is implemented to achieve a cost-sensitive compromise between false positives and false negatives. Finally, the decision of selected estimators are aggregated to improve the detection against unknown ransomware attacks. The experimental results show that the proposed CSPE-R framework performs well against zero-day ransomware attacks. |
first_indexed | 2024-04-11T11:35:32Z |
format | Article |
id | doaj.art-33a1345e7ad94ef0a6e8577cc7a6c9c2 |
institution | Directory Open Access Journal |
issn | 2045-2322 |
language | English |
last_indexed | 2024-04-11T11:35:32Z |
publishDate | 2022-09-01 |
publisher | Nature Portfolio |
record_format | Article |
series | Scientific Reports |
spelling | doaj.art-33a1345e7ad94ef0a6e8577cc7a6c9c22022-12-22T04:25:58ZengNature PortfolioScientific Reports2045-23222022-09-0112111510.1038/s41598-022-19443-7Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive Pareto Ensemble classifierUmme Zahoora0Asifullah Khan1Muttukrishnan Rajarajan2Saddam Hussain Khan3Muhammad Asam4Tauseef Jamal5Department of Computer and Information Sciences, Pakistan Institute of Engineering and Applied SciencesDepartment of Computer and Information Sciences, Pakistan Institute of Engineering and Applied SciencesSchool of Mathematics, Computer Science and Engineering, City University of LondonDepartment of Computer and Information Sciences, Pakistan Institute of Engineering and Applied SciencesDepartment of Computer and Information Sciences, Pakistan Institute of Engineering and Applied SciencesDepartment of Computer and Information Sciences, Pakistan Institute of Engineering and Applied SciencesAbstract Ransomware attacks pose a serious threat to Internet resources due to their far-reaching effects. It’s Zero-day variants are even more hazardous, as less is known about them. In this regard, when used for ransomware attack detection, conventional machine learning approaches may become data-dependent, insensitive to error cost, and thus may not tackle zero-day ransomware attacks. Zero-day ransomware have normally unseen underlying data distribution. This paper presents a Cost-Sensitive Pareto Ensemble strategy, CSPE-R to detect novel Ransomware attacks. Initially, the proposed framework exploits the unsupervised deep Contractive Auto Encoder (CAE) to transform the underlying varying feature space to a more uniform and core semantic feature space. To learn the robust features, the proposed CSPE-R ensemble technique explores different semantic spaces at various levels of detail. Heterogeneous base estimators are then trained over these extracted subspaces to find the core relevance between the various families of the ransomware attacks. Then, a novel Pareto Ensemble-based estimator selection strategy is implemented to achieve a cost-sensitive compromise between false positives and false negatives. Finally, the decision of selected estimators are aggregated to improve the detection against unknown ransomware attacks. The experimental results show that the proposed CSPE-R framework performs well against zero-day ransomware attacks.https://doi.org/10.1038/s41598-022-19443-7 |
spellingShingle | Umme Zahoora Asifullah Khan Muttukrishnan Rajarajan Saddam Hussain Khan Muhammad Asam Tauseef Jamal Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive Pareto Ensemble classifier Scientific Reports |
title | Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive Pareto Ensemble classifier |
title_full | Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive Pareto Ensemble classifier |
title_fullStr | Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive Pareto Ensemble classifier |
title_full_unstemmed | Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive Pareto Ensemble classifier |
title_short | Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive Pareto Ensemble classifier |
title_sort | ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive pareto ensemble classifier |
url | https://doi.org/10.1038/s41598-022-19443-7 |
work_keys_str_mv | AT ummezahoora ransomwaredetectionusingdeeplearningbasedunsupervisedfeatureextractionandacostsensitiveparetoensembleclassifier AT asifullahkhan ransomwaredetectionusingdeeplearningbasedunsupervisedfeatureextractionandacostsensitiveparetoensembleclassifier AT muttukrishnanrajarajan ransomwaredetectionusingdeeplearningbasedunsupervisedfeatureextractionandacostsensitiveparetoensembleclassifier AT saddamhussainkhan ransomwaredetectionusingdeeplearningbasedunsupervisedfeatureextractionandacostsensitiveparetoensembleclassifier AT muhammadasam ransomwaredetectionusingdeeplearningbasedunsupervisedfeatureextractionandacostsensitiveparetoensembleclassifier AT tauseefjamal ransomwaredetectionusingdeeplearningbasedunsupervisedfeatureextractionandacostsensitiveparetoensembleclassifier |