A Review of Anomaly Intrusion Detection Systems in IoT using Deep Learning Techniques

Alsoufi, Muaadh A.; Razak, Shukor Abd; Siraj, Maheyzah Md; Al‐rimy, Bander Ali Saleh; Ali, Abdulalem; Nasser, Maged; Abdo, Salah

doi:10.1142/s2424922x21430014

Cited by 3 publications

(2 citation statements)

References 62 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Such data represent the behavioral aspect of the malicious software, hence can be used to detect the attacks [34,44]. Like static data, dynamic data can be introspected, and malicious patterns can be extracted [45]. Due to its efficacy for countering the sophisticated ransomware families that employ polymorphic techniques to deceive detection, the dynamic analysis gained popularity in the research community [23,41,42,[46][47][48][49][50].…”

Section: Related Workmentioning

confidence: 99%

A Weighted Minimum Redundancy Maximum Relevance Technique for Ransomware Early Detection in Industrial IoT

et al. 2022

View full text Add to dashboard Cite

Ransomware attacks against Industrial Internet of Things (IIoT) have catastrophic consequences not only to the targeted infrastructure, but also the services provided to the public. By encrypting the operational data, the ransomware attacks can disrupt the normal operations, which represents a serious problem for industrial systems. Ransomware employs several avoidance techniques, such as packing, obfuscation, noise insertion, irrelevant and redundant system call injection, to deceive the security measures and make both static and dynamic analysis more difficult. In this paper, a Weighted minimum Redundancy maximum Relevance (WmRmR) technique was proposed for better feature significance estimation in the data captured during the early stages of ransomware attacks. The technique combines an enhanced mRMR (EmRmR) with the Term Frequency-Inverse Document Frequency (TF-IDF) so that it can filter out the runtime noisy behavior based on the weights calculated by the TF-IDF. The proposed technique has the capability to assess whether a feature in the relevant set is important or not. It has low-dimensional complexity and a smaller number of evaluations compared to the original mRmR method. The TF-IDF was used to evaluate the weights of the features generated by the EmRmR algorithm. Then, an inclusive entropy-based refinement method was used to decrease the size of the extracted data by identifying the system calls with strong behavioral indication. After extensive experimentation, the proposed technique has shown to be effective for ransomware early detection with low-complexity and few false-positive rates. To evaluate the proposed technique, we compared it with existing behavioral detection methods.

show abstract

Section: Related Workmentioning

confidence: 99%

A Weighted Minimum Redundancy Maximum Relevance Technique for Ransomware Early Detection in Industrial IoT

et al. 2022

View full text Add to dashboard Cite

show abstract

“…Ransomware uses the operating system's own cryptographic libraries to encrypt the files on a victim's device [1]. It can target several environments and platforms including cloud-based systems, Internet of Things, wireless sensor networks, power grid SCADA (Supervisory Control and Data Acquisition (SCADA)), and intelligent transportation systems [2][3][4][5][6]. Although the nature of the ransomware infection process is similar to other malware categories, the employment of cryptographic means makes the effect of an attack irreversible if the decryption key is not available [7].…”

Section: Introductionmentioning

confidence: 99%

Temporal Data Correlation Providing Enhanced Dynamic Crypto-Ransomware Pre-Encryption Boundary Delineation

Alqahtani

Sheldon

2023

Sensors

View full text Add to dashboard Cite

Ransomware is a type of malware that employs encryption to target user files, rendering them inaccessible without a decryption key. To combat ransomware, researchers have developed early detection models that seek to identify threats before encryption takes place, often by monitoring the initial calls to cryptographic APIs. However, because encryption is a standard computational activity involved in processes, such as packing, unpacking, and polymorphism, the presence of cryptographic APIs does not necessarily indicate an imminent ransomware attack. Hence, relying solely on cryptographic APIs is insufficient for accurately determining a ransomware pre-encryption boundary. To this end, this paper is devoted to addressing this issue by proposing a Temporal Data Correlation method that associates cryptographic APIs with the I/O Request Packets (IRPs) based on the timestamp for pre-encryption boundary delineation. The process extracts the various features from the pre-encryption dataset for use in early detection model training. Several machine and deep learning classifiers are used to evaluate the accuracy of the proposed solution. Preliminary results show that this newly proposed approach can achieve higher detection accuracy compared to those reported elsewhere.

show abstract

Feature Reduction for Molecular Similarity Searching Based on Autoencoder Deep Learning

et al. 2022

View full text Add to dashboard Cite

The concept of molecular similarity has been commonly used in rational drug design, where structurally similar molecules are examined in molecular databases to retrieve functionally similar molecules. The most used conventional similarity methods used two-dimensional (2D) fingerprints to evaluate the similarity of molecules towards a target query. However, these descriptors include redundant and irrelevant features that might impact the performance of similarity searching methods. Thus, this study proposed a new approach for identifying the important features of molecules in chemical datasets based on the representation of the molecular features using Autoencoder (AE), with the aim of removing irrelevant and redundant features. The proposed approach experimented using the MDL Data Drug Report standard dataset (MDDR). Based on experimental findings, the proposed approach performed better than several existing benchmark similarity methods such as Tanimoto Similarity Method (TAN), Adapted Similarity Measure of Text Processing (ASMTP), and Quantum-Based Similarity Method (SQB). The results demonstrated that the performance achieved by the proposed approach has proven to be superior, particularly with the use of structurally heterogeneous datasets, where it yielded improved results compared to other previously used methods with the similar goal of improving molecular similarity searching.

show abstract

A Review of Anomaly Intrusion Detection Systems in IoT using Deep Learning Techniques

Cited by 3 publications

References 62 publications

A Weighted Minimum Redundancy Maximum Relevance Technique for Ransomware Early Detection in Industrial IoT

A Weighted Minimum Redundancy Maximum Relevance Technique for Ransomware Early Detection in Industrial IoT

Temporal Data Correlation Providing Enhanced Dynamic Crypto-Ransomware Pre-Encryption Boundary Delineation

Feature Reduction for Molecular Similarity Searching Based on Autoencoder Deep Learning

Contact Info

Product

Resources

About