RATAFIA: Ransomware Analysis using Time And Frequency Informed Autoencoders

Alam, Manaar; Bhattacharya, Sarani; Dutta, Swastika; Sinha, Sayan; Mukhopadhyay, Debdeep; Chattopadhyay, Anupam

doi:10.1109/hst.2019.8740837

Cited by 30 publications

(34 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(2016) ; Sgandurra et al. (2016) ; Shaukat and Ribeiro (2018) Machine Learning (HPC Values) Alam, Bhattacharya, Dutta, Sinha, Mukhopadhyay, Chattopadhyay, 2019 , Alam, Sinha, Bhattacharya, Dutta, Mukhopadhyay, Chattopadhyay, 2020 Machine Learning (Log Files) Silva and Hernandez-Alvarez (2017) Machine Learning (Network Traffic) Alhawi et al. (2018) ; Almashhadani et al.…”

Section: Literature Reviewmentioning

confidence: 99%

“…(2018) 4951 — — 3025 — 81.44% —

Cohen and Nissim (2018) 500 5

500

— —

Al-rimy et al. (2019) 8152 15 98.97% 1000 1.85% 97.89% 98.16%

Alam et al. (2019) 100 4 — — — — —

Almashhadani et al.…”

Section: Literature Reviewmentioning

confidence: 99%

“…(2018) Linear Regression, Decision trees APIs/system calls Cohen and Nissim (2018) Decision trees, Random Forest, Naïve Bayes, Bayesian networks, Logistic Regression, LogitBoost, Bagging, AdaBoost Volatile memory dump features Al-rimy et al. (2019) Linear Regression APIs/system calls Alam et al. (2019) ANN (LSTM) HPC values Silva and Hernandez-Alvarez (2017) None (proof of concept) Log files Almashhadani et al.…”

Section: Literature Reviewmentioning

confidence: 99%

See 2 more Smart Citations

Ransomware: Recent advances, analysis, challenges and future research directions

Beaman

Barkworth

Akande

et al. 2021

Computers & Security

129

View full text Add to dashboard Cite

The COVID-19 pandemic has witnessed a huge surge in the number of ransomware attacks. Different institutions such as healthcare, financial, and government have been targeted. There can be numerous reasons for such a sudden rise in attacks, but it appears working remotely in home-based environments (which is less secure compared to traditional institutional networks) could be one of the reasons. Cybercriminals are constantly exploring different approaches like social engineering attacks, such as phishing attacks, to spread ransomware. Hence, in this paper, we explored recent advances in ransomware prevention and detection and highlighted future research challenges and directions. We also carried out an analysis of a few popular ransomware samples and developed our own experimental ransomware, AESthetic, that was able to evade detection against eight popular antivirus programs.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

“…(2018) 4951 — — 3025 — 81.44% —

Cohen and Nissim (2018) 500 5

500

— —

Al-rimy et al. (2019) 8152 15 98.97% 1000 1.85% 97.89% 98.16%

Alam et al. (2019) 100 4 — — — — —

Almashhadani et al.…”

Section: Literature Reviewmentioning

confidence: 99%

Section: Literature Reviewmentioning

confidence: 99%

See 1 more Smart Citation

Ransomware: Recent advances, analysis, challenges and future research directions

Beaman

Barkworth

Akande

et al. 2021

Computers & Security

129

View full text Add to dashboard Cite

show abstract

“…Unsupervised k-means clustering was used in the learning and online phases, and the classification was based on supervised SVM. RATAFIA [14] was an unsupervised ransomware detection framework using DNN and Fast Fourier Transformation (FFT). It was claimed as an accurate, fast and reliable solution to detect ransomware based on hardware signatures collected from HPCs.…”

Section: Detecting Malware Through Hardware Signaturesmentioning

confidence: 99%

Two Sides of the Same Coin: Boons and Banes of Machine Learning in Hardware Security

Liu

Chang

Wang

et al. 2021

IEEE J. Emerg. Sel. Topics Circuits Syst.

View full text Add to dashboard Cite

The last decade has witnessed remarkable research advances at the intersection of machine learning (ML) and hardware security. The confluence of the two technologies has created many interesting and unique opportunities, but also left some issues in their wake. ML schemes have been extensively used to enhance the security and trust of embedded systems like hardware Trojans and malware detection. On the other hand, ML-based approaches have also been adopted by adversaries to assist side-channel attacks, reverse engineer integrated circuits and break hardware security primitives like Physically Unclonable Functions (PUFs). Deep learning is a subfield of ML. It can continuously learn from a large amount of labeled data with a layered structure. Despite the impressive outcomes demonstrated by deep learning in many application scenarios, the dark side of it has not been fully exposed yet. The inability to fully understand and explain what has been done within the super-intelligence can turn an inherently benevolent system into malevolent. Recent research has revealed that the outputs of Deep Neural Networks (DNNs) can be easily corrupted by imperceptibly small input perturbations. As computations are brought nearer to the source of data creation, the attack surface of DNN has also been extended from the input data to the edge devices. Accordingly, due to the opportunities of MLassisted security and the vulnerabilities of ML implementation, in this paper, we will survey the applications, vulnerabilities and fortification of ML from the perspective of hardware security. We will discuss the possible future research directions, and thereby, sharing a roadmap for the hardware security community in general.

show abstract

“…Using the KDDCUP99 dataset, they were able achieve a 99.2% accuracy, compared to a 95.2% accuracy from shallow learning algorithms. Alam et al (2019) [54], developed a ransomware detection system, RATAFIA, using LSTM-based autoencoders trained on normal program behaviours. They analysed the hardware changes made by an executable, obtained from the Hard-ware Performance Counter (HPC) statistics.…”

Section: E Autoencodersmentioning

confidence: 99%

Deep Learning Applications in Cyber Security: A Comprehensive Review, Challenges and Prospects

Sharma¹,

Mangrulkar²

2019

IJEAST

View full text Add to dashboard Cite

Deep Learning applications are starting to pervade every commercial and technological sector. This paper surveys deep learning (DL) methods for cyber security applications, highlights the security considerations when using deep learning networks and presents possible malicious uses of such models. Initially, a brief description of the architectures studied and presented in this paper is provided. In the next section, the security applications are indicated for different models including CNNs, RNNs and GANs. Lastly, security is-sues are divided into two sections: attacks on various deep learning net-works, and attacks on a network using Deep Learning models themselves.

show abstract

RATAFIA: Ransomware Analysis using Time And Frequency Informed Autoencoders

Cited by 30 publications

References 14 publications

Ransomware: Recent advances, analysis, challenges and future research directions

Ransomware: Recent advances, analysis, challenges and future research directions

Two Sides of the Same Coin: Boons and Banes of Machine Learning in Hardware Security

Deep Learning Applications in Cyber Security: A Comprehensive Review, Challenges and Prospects

Contact Info

Product

Resources

About