Marzieh Ahmadzadeh scite author profile

Abstract-Emergence of crypto-ransomware has significantly changed the cyber threat landscape. A crypto ransomware removes data custodian access by encrypting valuable data on victims' computers and requests a ransom payment to reinstantiate custodian access by decrypting data. Timely detection of ransomware very much depends on how quickly and accurately system logs can be mined to hunt abnormalities and stop the evil. In this paper we first setup an environment to collect activity logs of 517 Locky ransomware samples, 535 Cerber ransomware samples and 572 samples of TeslaCrypt ransomware. We utilize Sequential Pattern Mining to find Maximal Frequent Patterns (MFP) of activities within different ransomware families as candidate features for classification using J48, Random Forest, Bagging and MLP algorithms. We could achieve 99% accuracy in detecting ransomware instances from goodware samples and 96.5% accuracy in detecting family of a given ransomware sample. Our results indicate usefulness and practicality of applying pattern mining techniques in detection of good features for ransomware hunting. Moreover, we showed existence of distinctive frequent patterns within different ransomware families which can be used for identification of a ransomware sample family for building intelligence about threat actors and threat profile of a given target.

show abstract

DRTHIS: Deep ransomware threat hunting and intelligence system at the fog layer

Homayoun

Dehghantanha

Ahmadzadeh

et al. 2019

Future Generation Computer Systems

120

View full text Add to dashboard Cite

Ransomware, a malware designed to encrypt data for ransom payments, is a threat to fog layer nodes as such nodes typically contain considerably amount of sensitive data. The capability to efficiently hunt abnormalities relating to ransomware activities is crucial in timely detection of ransomware. In this paper, we present our Deep Ransomware Threat Hunting and Intelligence System (DRTHIS) to distinguish ransomware from goodware and identify their families. Specifically, DRTHIS utilizes Long Short-Term Memory (LSTM) and Convolutional Neural Network (CNN), two deep learning techniques, for classification using the softmax algorithm. We then use 220 Locky, 220 Cerber and 220 TeslaCrypt ransomware samples, and 219 goodware samples, to train DRTHIS. Findings from our evaluations demonstrate that the proposed system achieves an F-measure of 99.6% with a true positive rate of 97.2% in the classification of ransomware instances. Additionally, we demonstrate that DRTHIS is capable of detecting previously unseen ransomware samples from new ransomware families in a timely and accurate manner using ransomware from the CryptoWall, TorrentLocker and Sage families. The findings show that 99% of CryptoWall samples, 75% of TorrentLocker samples and 92% of Sage samples are correctly classified.

show abstract

An analysis of patterns of debugging among novice computer science students

Ahmadzadeh

Elliman

Higgins

2005

View full text Add to dashboard Cite

BoTShark: A Deep Learning Approach for Botnet Traffic Detection

Homayoun

Ahmadzadeh

Hashemi

et al. 2018

View full text Add to dashboard Cite

JavaMarker: A Marking System for Java Programs

Ahmadzadeh¹,

Namvar²,

Soltani³

2011

IJCA

View full text Add to dashboard Cite

In this paper a marking system for Java programming is presented which has been developed as a plug-in for a widely used editor, Eclipse. This system runs student submitted programs against previously defined test cases. Depending on the percentage of correct running code, a proper mark is awarded. Since this program was implemented in order to be used in a principles of programming course, we require students to practice coding with a correct style. Therefore, this system checks the style of the code and produces messages when a better style is expected. In some cases penalty marks are considered for improper code style. For this system to play an educational role, we allow students to submit more than once. With this we aim to help them learn from their mistakes. The number of submissions differs from one exercise to another and is defined dynamically by our system administration.We call this system JavaMarker.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.