Multi-classification of imbalance worm ransomware in the IoMT system

Worm-like ransomware strains spread quickly to critical systems such as IoMT without human interaction. Therefore, detecting different worm-like ransomware attacks during their spread is vital. Nevertheless, the low detection rate due to the imbalanced ransomware data and the detection systems'...

Full description

Saved in:
Bibliographic Details
Main Authors: Hameed, Shilan S., Selamat, Ali, Abdul Latiff, Liza, A. Razak, Shukor, Krejcar, Ondrej
Format: Conference or Workshop Item
Published: 2022
Subjects:
Online Access:http://eprints.utm.my/id/eprint/100554/
http://dx.doi.org/10.3233/FAIA220282
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.utm.100554
record_format eprints
spelling my.utm.1005542023-04-17T06:53:48Z http://eprints.utm.my/id/eprint/100554/ Multi-classification of imbalance worm ransomware in the IoMT system Hameed, Shilan S. Selamat, Ali Abdul Latiff, Liza A. Razak, Shukor Krejcar, Ondrej QA76 Computer software Worm-like ransomware strains spread quickly to critical systems such as IoMT without human interaction. Therefore, detecting different worm-like ransomware attacks during their spread is vital. Nevertheless, the low detection rate due to the imbalanced ransomware data and the detection systems' disability for multiclass simultaneous detection are two apparent problems. In this work, we proposed a new approach for multi-classifying ransomware using preprocessing, resampling, and different classifiers. The proposed system uses network traffic NetFlow data, which is privacy-friendly and not heavy. In the first phase, preprocessing techniques were used on the collected and aggregated ransomware traffic, and then an optimized Synthetic Minority Oversampling Technique (SMOTE) was used for resampling the low-class samples. After that, four classifiers were applied, namely, Bayes Net, Hoeffding Tree, K-Nearest Neighbor, and a lightweight Multi-Layered Perceptron (MLP). The experimental results showed that the efficient preprocessing ensured accurate and simultaneous ransomware detection while the resampling technique improved the detection rate, F1, and PRC curve. 2022 Conference or Workshop Item PeerReviewed Hameed, Shilan S. and Selamat, Ali and Abdul Latiff, Liza and A. Razak, Shukor and Krejcar, Ondrej (2022) Multi-classification of imbalance worm ransomware in the IoMT system. In: 21st International Conference on New Trends in Intelligent Software Methodologies, Tools and Techniques, SoMeT 2022, 20 - 22 September 2022, Kitakyushu, Japan. http://dx.doi.org/10.3233/FAIA220282
institution Universiti Teknologi Malaysia
building UTM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Malaysia
content_source UTM Institutional Repository
url_provider http://eprints.utm.my/
topic QA76 Computer software
spellingShingle QA76 Computer software
Hameed, Shilan S.
Selamat, Ali
Abdul Latiff, Liza
A. Razak, Shukor
Krejcar, Ondrej
Multi-classification of imbalance worm ransomware in the IoMT system
description Worm-like ransomware strains spread quickly to critical systems such as IoMT without human interaction. Therefore, detecting different worm-like ransomware attacks during their spread is vital. Nevertheless, the low detection rate due to the imbalanced ransomware data and the detection systems' disability for multiclass simultaneous detection are two apparent problems. In this work, we proposed a new approach for multi-classifying ransomware using preprocessing, resampling, and different classifiers. The proposed system uses network traffic NetFlow data, which is privacy-friendly and not heavy. In the first phase, preprocessing techniques were used on the collected and aggregated ransomware traffic, and then an optimized Synthetic Minority Oversampling Technique (SMOTE) was used for resampling the low-class samples. After that, four classifiers were applied, namely, Bayes Net, Hoeffding Tree, K-Nearest Neighbor, and a lightweight Multi-Layered Perceptron (MLP). The experimental results showed that the efficient preprocessing ensured accurate and simultaneous ransomware detection while the resampling technique improved the detection rate, F1, and PRC curve.
format Conference or Workshop Item
author Hameed, Shilan S.
Selamat, Ali
Abdul Latiff, Liza
A. Razak, Shukor
Krejcar, Ondrej
author_facet Hameed, Shilan S.
Selamat, Ali
Abdul Latiff, Liza
A. Razak, Shukor
Krejcar, Ondrej
author_sort Hameed, Shilan S.
title Multi-classification of imbalance worm ransomware in the IoMT system
title_short Multi-classification of imbalance worm ransomware in the IoMT system
title_full Multi-classification of imbalance worm ransomware in the IoMT system
title_fullStr Multi-classification of imbalance worm ransomware in the IoMT system
title_full_unstemmed Multi-classification of imbalance worm ransomware in the IoMT system
title_sort multi-classification of imbalance worm ransomware in the iomt system
publishDate 2022
url http://eprints.utm.my/id/eprint/100554/
http://dx.doi.org/10.3233/FAIA220282
_version_ 1765296670478696448
score 13.211869