Multi-classification of imbalance worm ransomware in the IoMT system
Worm-like ransomware strains spread quickly to critical systems such as IoMT without human interaction. Therefore, detecting different worm-like ransomware attacks during their spread is vital. Nevertheless, the low detection rate due to the imbalanced ransomware data and the detection systems'...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Conference or Workshop Item |
| Published: |
2022
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/100554/ http://dx.doi.org/10.3233/FAIA220282 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.utm.100554 |
|---|---|
| record_format |
eprints |
| spelling |
my.utm.1005542023-04-17T06:53:48Z http://eprints.utm.my/id/eprint/100554/ Multi-classification of imbalance worm ransomware in the IoMT system Hameed, Shilan S. Selamat, Ali Abdul Latiff, Liza A. Razak, Shukor Krejcar, Ondrej QA76 Computer software Worm-like ransomware strains spread quickly to critical systems such as IoMT without human interaction. Therefore, detecting different worm-like ransomware attacks during their spread is vital. Nevertheless, the low detection rate due to the imbalanced ransomware data and the detection systems' disability for multiclass simultaneous detection are two apparent problems. In this work, we proposed a new approach for multi-classifying ransomware using preprocessing, resampling, and different classifiers. The proposed system uses network traffic NetFlow data, which is privacy-friendly and not heavy. In the first phase, preprocessing techniques were used on the collected and aggregated ransomware traffic, and then an optimized Synthetic Minority Oversampling Technique (SMOTE) was used for resampling the low-class samples. After that, four classifiers were applied, namely, Bayes Net, Hoeffding Tree, K-Nearest Neighbor, and a lightweight Multi-Layered Perceptron (MLP). The experimental results showed that the efficient preprocessing ensured accurate and simultaneous ransomware detection while the resampling technique improved the detection rate, F1, and PRC curve. 2022 Conference or Workshop Item PeerReviewed Hameed, Shilan S. and Selamat, Ali and Abdul Latiff, Liza and A. Razak, Shukor and Krejcar, Ondrej (2022) Multi-classification of imbalance worm ransomware in the IoMT system. In: 21st International Conference on New Trends in Intelligent Software Methodologies, Tools and Techniques, SoMeT 2022, 20 - 22 September 2022, Kitakyushu, Japan. http://dx.doi.org/10.3233/FAIA220282 |
| institution |
Universiti Teknologi Malaysia |
| building |
UTM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknologi Malaysia |
| content_source |
UTM Institutional Repository |
| url_provider |
http://eprints.utm.my/ |
| topic |
QA76 Computer software |
| spellingShingle |
QA76 Computer software Hameed, Shilan S. Selamat, Ali Abdul Latiff, Liza A. Razak, Shukor Krejcar, Ondrej Multi-classification of imbalance worm ransomware in the IoMT system |
| description |
Worm-like ransomware strains spread quickly to critical systems such as IoMT without human interaction. Therefore, detecting different worm-like ransomware attacks during their spread is vital. Nevertheless, the low detection rate due to the imbalanced ransomware data and the detection systems' disability for multiclass simultaneous detection are two apparent problems. In this work, we proposed a new approach for multi-classifying ransomware using preprocessing, resampling, and different classifiers. The proposed system uses network traffic NetFlow data, which is privacy-friendly and not heavy. In the first phase, preprocessing techniques were used on the collected and aggregated ransomware traffic, and then an optimized Synthetic Minority Oversampling Technique (SMOTE) was used for resampling the low-class samples. After that, four classifiers were applied, namely, Bayes Net, Hoeffding Tree, K-Nearest Neighbor, and a lightweight Multi-Layered Perceptron (MLP). The experimental results showed that the efficient preprocessing ensured accurate and simultaneous ransomware detection while the resampling technique improved the detection rate, F1, and PRC curve. |
| format |
Conference or Workshop Item |
| author |
Hameed, Shilan S. Selamat, Ali Abdul Latiff, Liza A. Razak, Shukor Krejcar, Ondrej |
| author_facet |
Hameed, Shilan S. Selamat, Ali Abdul Latiff, Liza A. Razak, Shukor Krejcar, Ondrej |
| author_sort |
Hameed, Shilan S. |
| title |
Multi-classification of imbalance worm ransomware in the IoMT system |
| title_short |
Multi-classification of imbalance worm ransomware in the IoMT system |
| title_full |
Multi-classification of imbalance worm ransomware in the IoMT system |
| title_fullStr |
Multi-classification of imbalance worm ransomware in the IoMT system |
| title_full_unstemmed |
Multi-classification of imbalance worm ransomware in the IoMT system |
| title_sort |
multi-classification of imbalance worm ransomware in the iomt system |
| publishDate |
2022 |
| url |
http://eprints.utm.my/id/eprint/100554/ http://dx.doi.org/10.3233/FAIA220282 |
| _version_ |
1765296670478696448 |
| score |
13.154949 |