Repository home
- Search
- Browse
  - Author
  - Division
  - Year
  - Funder
  - Journal
- Login
- - Repository Statistics
- Contact us
- Find out more

Deep dive into ransomware threat hunting and intelligence at fog layer

Homayoun, S, Dehghantanha, A ORCID: https://orcid.org/0000-0002-9294-7554, Ahmadzadeh, M, Hashemi, M, Khayami, R, Choo, KKR and Newton, DE 2018, 'Deep dive into ransomware threat hunting and intelligence at fog layer' , Future Generation Computer Systems, 90 (Jan 19) , pp. 94-104.

Preview

PDF - Accepted Version
Download (923kB) | Preview

PDF (Author pre-print) - Submitted Version
Restricted to Repository staff only
Download (1MB) | Request a copy

Official URL: https://doi.org/10.1016/j.future.2018.07.045

Abstract

Ransomware, a malware designed to encrypt data for ransom payments, is a potential threat to fog layer nodes as such nodes typically contain considerably amount of sensitive data. The capability to efficiently hunt abnormalities relating to ransomware activities is crucial in the timely detection of ransomware. In this paper, we present our Deep Ransomware Threat Hunting and Intelligence System (DRTHIS) to distinguish ransomware from goodware and identify their families. Specifically, DRTHIS utilizes Long Short-Term Memory (LSTM) and Convolutional Neural Network (CNN), two deep learning techniques, for classification using the softmax algorithm. We then use 220 Locky, 220 Cerber and 220 TeslaCrypt ransomware samples, and 219 goodware samples, to train DRTHIS. In our evaluations, DRTHIS achieves an F-measure of 99.6% with a true positive rate of 97.2% in the classification of ransomware instances. Additionally, we demonstrate that DRTHIS is capable of detecting previously unseen ransomware samples from new ransomware families in a timely and accurate manner using ransomware from the CryptoWall, TorrentLocker and Sage families. The findings show that 99% of CryptoWall samples, 75% of TorrentLocker samples and 92% of Sage samples are correctly classified.

Item Type:	Article
Schools:	Schools > School of Computing, Science and Engineering > Salford Innovation Research Centre
Journal or Publication Title:	Future Generation Computer Systems
Publisher:	Elsevier
ISSN:	0167-739X
Related URLs:	Publisher
Depositing User:	DE Newton
Date Deposited:	29 Mar 2019 09:01
Last Modified:	31 Jul 2019 02:30
URI:	http://usir.salford.ac.uk/id/eprint/50636

Actions (login required)

Edit record (repository staff only)

Tools

Altmetric

Statistics

Downloads

Downloads per month over past year

CORE (COnnecting REpositories) related articles