Deep dive into ransomware threat hunting and intelligence at fog layer

Homayoun, S, Dehghantanha, A ORCID:, Ahmadzadeh, M, Hashemi, M, Khayami, R, Choo, KKR and Newton, DE 2018, 'Deep dive into ransomware threat hunting and intelligence at fog layer' , Future Generation Computer Systems, 90 (Jan 19) , pp. 94-104.

PDF - Accepted Version
Download (923kB) | Preview
[img] PDF (Author pre-print) - Submitted Version
Restricted to Repository staff only

Download (1MB) | Request a copy


Ransomware, a malware designed to encrypt data for ransom payments, is a potential threat to fog layer nodes as such nodes typically contain considerably amount of sensitive data. The capability to efficiently hunt abnormalities relating to ransomware activities is crucial in the timely detection of ransomware. In this paper, we present our Deep Ransomware Threat Hunting and Intelligence System (DRTHIS) to distinguish ransomware from goodware and identify their families. Specifically, DRTHIS utilizes Long Short-Term Memory (LSTM) and Convolutional Neural Network (CNN), two deep learning techniques, for classification using the softmax algorithm. We then use 220 Locky, 220 Cerber and 220 TeslaCrypt ransomware samples, and 219 goodware samples, to train DRTHIS. In our evaluations, DRTHIS achieves an F-measure of 99.6% with a true positive rate of 97.2% in the classification of ransomware instances. Additionally, we demonstrate that DRTHIS is capable of detecting previously unseen ransomware samples from new ransomware families in a timely and accurate manner using ransomware from the CryptoWall, TorrentLocker and Sage families. The findings show that 99% of CryptoWall samples, 75% of TorrentLocker samples and 92% of Sage samples are correctly classified.

Item Type: Article
Schools: Schools > School of Computing, Science and Engineering > Salford Innovation Research Centre
Journal or Publication Title: Future Generation Computer Systems
Publisher: Elsevier
ISSN: 0167-739X
Related URLs:
Depositing User: DE Newton
Date Deposited: 29 Mar 2019 09:01
Last Modified: 16 Feb 2022 01:21

Actions (login required)

Edit record (repository staff only) Edit record (repository staff only)


Downloads per month over past year