TY - GEN
T1 - Apt Detection of Ransomware - An Approach to Detect Advanced Persistent Threats Using System Call Information
AU - Baksi, Rudra Prasad
AU - Nalka, Vishwas
AU - Upadhyaya, Shambhu
N1 - Publisher Copyright: © 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Ransomware of the Advanced Persistent Threat (APT) type are very sophisticated and often have a contingency plan of attack in case they are discovered while the attack is in progress. Due to the ever-changing trait of such APT-type ransomware, an intelligent and robust intrusion detection system (IDS) is the need of the hour and in this paper, we put forward machine learning (ML) and natural language processing (NLP) based intrusion detection systems. We utilize a commercial simulator to run different real-world ransomware attacks to create, for the first time, a dataset for APT-type ransomware research. Then, we develop multiple IDSes by training ML models like support vector machine (SVM), logistic regression (LR), gradient boosting (GB) decision trees, random forest (RF), naive Bayes classifier (NBC), and an NLP model called BERT, on this dataset. With our intelligent IDS, we could precisely distinguish the system calls of processes spawned by ransomware from legitimate system calls. We compare the different intrusion detection systems developed using the six aforementioned models. The IDS using the NLP BERT model achieves the best accuracy of 99.98%, and the IDS using the Naive Bayes Classifier achieves an accuracy of 98.55%. Furthermore, we discuss the tradeoffs of these models for designing an intelligent IDS. The advancement in cyber attacks, especially ransomware-based attacks, necessitates this upgrade in IDS which is essential for a strong defense.
AB - Ransomware of the Advanced Persistent Threat (APT) type are very sophisticated and often have a contingency plan of attack in case they are discovered while the attack is in progress. Due to the ever-changing trait of such APT-type ransomware, an intelligent and robust intrusion detection system (IDS) is the need of the hour and in this paper, we put forward machine learning (ML) and natural language processing (NLP) based intrusion detection systems. We utilize a commercial simulator to run different real-world ransomware attacks to create, for the first time, a dataset for APT-type ransomware research. Then, we develop multiple IDSes by training ML models like support vector machine (SVM), logistic regression (LR), gradient boosting (GB) decision trees, random forest (RF), naive Bayes classifier (NBC), and an NLP model called BERT, on this dataset. With our intelligent IDS, we could precisely distinguish the system calls of processes spawned by ransomware from legitimate system calls. We compare the different intrusion detection systems developed using the six aforementioned models. The IDS using the NLP BERT model achieves the best accuracy of 99.98%, and the IDS using the Naive Bayes Classifier achieves an accuracy of 98.55%. Furthermore, we discuss the tradeoffs of these models for designing an intelligent IDS. The advancement in cyber attacks, especially ransomware-based attacks, necessitates this upgrade in IDS which is essential for a strong defense.
KW - Advanced Persistent Threats (APT)
KW - Artificial Intelligence (AI)
KW - Cybersecurity
KW - Intrusion Detection System (IDS)
KW - Machine Learning (ML)
KW - Natural Language Processing (NLP)
KW - Ransomware
UR - https://www.scopus.com/pages/publications/85195495709
U2 - 10.1109/TrustCom60117.2023.00221
DO - 10.1109/TrustCom60117.2023.00221
M3 - Conference contribution
T3 - Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023
SP - 1621
EP - 1630
BT - Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023
A2 - Hu, Jia
A2 - Min, Geyong
A2 - Wang, Guojun
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2023
Y2 - 1 November 2023 through 3 November 2023
ER -