•  Home
  • Library
  • DRO home
Submit research Contact DRO

DRO

Openly accessible

A Weighted Minimum Redundancy Maximum Relevance Technique for Ransomware Early Detection in Industrial IoT

Ahmed, YA, Huda, Shamsul, Al-Rimy, BAS, Alharbi, N, Saeed, F, Ghaleb, FA and Ali, IM 2022, A Weighted Minimum Redundancy Maximum Relevance Technique for Ransomware Early Detection in Industrial IoT, Sustainability, vol. 14, no. 3, pp. 1-15, doi: 10.3390/su14031231.

Attached Files
Name Description MIMEType Size Downloads

Title A Weighted Minimum Redundancy Maximum Relevance Technique for Ransomware Early Detection in Industrial IoT
Author(s) Ahmed, YA
Huda, ShamsulORCID iD for Huda, Shamsul orcid.org/0000-0001-7848-0508
Al-Rimy, BAS
Alharbi, N
Saeed, F
Ghaleb, FA
Ali, IM
Journal name Sustainability
Volume number 14
Issue number 3
Article ID 1231
Start page 1
End page 15
Total pages 15
Publisher MDPI
Place of publication Basel, Switzerland
Publication date 2022
ISSN 2071-1050
2071-1050
Keyword(s) Science & Technology
Life Sciences & Biomedicine
Green & Sustainable Science & Technology
Environmental Sciences
Environmental Studies
Science & Technology - Other Topics
Environmental Sciences & Ecology
crypto-ransomware
Industrial Internet of Things
enhanced maximum Relevance and minimum Redundancy
TF-IDF
supervised approach
DYNAMIC-ANALYSIS
CYBER THREAT
SYSTEM
FEATURES
MODEL
Summary Ransomware attacks against Industrial Internet of Things (IIoT) have catastrophic consequences not only to the targeted infrastructure, but also the services provided to the public. By encrypting the operational data, the ransomware attacks can disrupt the normal operations, which represents a serious problem for industrial systems. Ransomware employs several avoidance techniques, such as packing, obfuscation, noise insertion, irrelevant and redundant system call injection, to deceive the security measures and make both static and dynamic analysis more difficult. In this paper, a Weighted minimum Redundancy maximum Relevance (WmRmR) technique was proposed for better feature significance estimation in the data captured during the early stages of ransomware attacks. The technique combines an enhanced mRMR (EmRmR) with the Term FrequencyInverse Document Frequency (TF-IDF) so that it can filter out the runtime noisy behavior based on the weights calculated by the TF-IDF. The proposed technique has the capability to assess whether a feature in the relevant set is important or not. It has low-dimensional complexity and a smaller number of evaluations compared to the original mRmR method. The TF-IDF was used to evaluate the weights of the features generated by the EmRmR algorithm. Then, an inclusive entropy-based refinement method was used to decrease the size of the extracted data by identifying the system calls with strong behavioral indication. After extensive experimentation, the proposed technique has shown to be effective for ransomware early detection with low-complexity and few false-positive rates. To evaluate the proposed technique, we compared it with existing behavioral detection methods.
Language eng
DOI 10.3390/su14031231
Field of Research 12 Built Environment and Design
HERDC Research category C1 Refereed article in a scholarly journal
Free to Read? Yes
Persistent URL http://hdl.handle.net/10536/DRO/DU:30162292

Document type: Journal Article
Collections: Faculty of Science, Engineering and Built Environment
School of Information Technology
Open Access Collection
Related Links
Link Description
Link to full-text (open access)  
Connect to Elements publication management system
Go to link with your DU access privileges
 
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.

Versions
Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 1 times in TR Web of Science
Scopus Citation Count Cited 1 times in Scopus Google Scholar Search Google Scholar
Access Statistics: 9 Abstract Views, 1 File Downloads  -  Detailed Statistics
Created: Wed, 09 Feb 2022, 12:41:26 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.