The Application of Cyclostationary Malware Detection Using Boruta and PCA

Nkongolo, Mike; Deventer, J. P. van; Kasongo, Sydney Mambwe

doi:10.1007/978-981-19-3035-5_41

Cited by 8 publications

(5 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While Poudyal et al [8] focuses on code-level analysis, the proposed RFSA stands out for its specialized feature selection approach which showcases superior performance and comprehensive insights into ransomware dynamics within cryptocurrency ecosystems. Zahoora et al [10] present a Cost-Sensitive Pareto Ensemble strategy (CSPE-R) to address the critical challenge posed by zero-day ransomware attacks [11]. They emphasized the transformation of feature spaces using an unsupervised deep Contractive Auto Encoder (CAE) model.…”

Section: Related Workmentioning

confidence: 99%

RFSA: A Ransomware Feature Selection Algorithm for Multivariate Analysis of Malware Behavior in Cryptocurrency

Nkongolo Wa Nkongolo

2024

IJCDS

View full text Add to dashboard Cite

This research introduces innovative features tailored to capture distinctive characteristics of ransomware activity within the cryptocurrency ecosystem. The study employs a multifaceted analysis to delve into ransomware-related data encompassing transaction metadata, ransom analysis, behavioral patterns, and financial aspects. A feature selection algorithm is explored to discern ransomware transactions in Bitcoin (BTC) and the United States Dollar (USD) using the UGRansome dataset. This comprehensive dataset of ransomware-related transactions facilitates the proposal of novel features designed to capture the unique traits of ransomware activity. The correlation matrix and temporal analysis of these features contribute to a nuanced understanding of the dynamic nature of ransomware threats. The research presents the Ransomware Feature Selection Algorithm (RFSA) based on Gini Impurity and Mutual Information (MI) to effectively select crucial ransomware features. Evaluation metrics such as precision, recall, accuracy, and F1 score highlight the effectiveness of the RFSA. The analysis reveals that approximately 68% of ransomware incidents involve BTC transactions ranging from 1.46 to 2.56, with an average of 2.01 BTC transactions per attack. Moreover, ransomware causes financial damages ranging from 4.38 to 172.36 USD, with an average damage of 88.37 USD. The RFSA identifies 17 ransomware types and their associated malware to shed light on their characteristics. The study investigates the pricing of ransomware and reveals that TowerWeb is associated with the highest fee, amounting to 135.26 BTC, while CryptoLocker has the lowest fee, recorded at 10.51 BTC. Additionally, the impact of ransomware duration on financial gains and network flow is investigated, disclosing a correlation between extended duration and higher financial gains. The research achieves outstanding performance metrics, including an MI score of 95%, accuracy of 93%, recall of 92%, and precision of 89%. These results showcase the superiority of the proposed approach over existing studies, emphasizing the dynamic and adaptable nature of ransomware demands. The findings suggest that there is no fixed amount for specific cyberattacks. This underscores the importance of adapting to the evolving landscape of ransomware threats.

show abstract

Section: Related Workmentioning

confidence: 99%

RFSA: A Ransomware Feature Selection Algorithm for Multivariate Analysis of Malware Behavior in Cryptocurrency

Nkongolo Wa Nkongolo

2024

IJCDS

View full text Add to dashboard Cite

show abstract

“…To address this limitation, our study uses the UGRansome dataset, a publicly accessible dataset created in [9]. This dataset was specifically designed to classify and understand ransomware [10][11][12][13]. In the age of big data, one crucial aspect of modern data analysis and machine learning implementation is the extraction of meaningful and representative features from complex or high-dimensional datasets [9,14].…”

Section: Notpetyamentioning

confidence: 99%

“…Precision assesses the accuracy of positive predictions among the instances that are predicted as positive [12]. It is defined as in (13):…”

Section: Performance Evaluationmentioning

confidence: 99%

Ransomware Detection Using Stacked Autoencoder for Feature Selection

Wa Nkongolo,

Tokmak

2024

IJEEI

View full text Add to dashboard Cite

In response to the escalating malware threats, we propose an advanced ransomware detection and classification method. Our approach combines a stacked autoencoder for precise feature selection with a Long Short-Term Memory classifier which significantly enhances ransomware stratification accuracy. The process involves thorough preprocessing of the UGRansome dataset, training an unsupervised stacked autoencoder for optimal feature selection, and fine-tuning via supervised learning to elevate the Long Short-Term Memory model's classification capabilities. We meticulously analysed the autoencoder's learned weights and activations to pinpoint essential features for distinguishing 17 ransomware families from other malware and created a streamlined feature set for precise classification. Our results demonstrate the exceptional performance of the stacked autoencoder-based Long Short-Term Memory model across the 17 ransomware families. This model exhibits high precision, recall, and F1 score values. Furthermore, balanced average scores affirm its ability to generalize effectively across various malware types. To optimise the proposed model, we conducted extensive experiments, including up to 400 epochs, and varying learning rates and achieved an exceptional 98.5% accuracy in ransomware classification. These results surpass traditional machine learning classifiers. Moreover, the proposed model surpasses the Extreme Gradient Boosting (XGBoost) algorithm, primarily due to its effective stacked autoencoder feature selection mechanism and demonstrates outstanding performance in identifying signature attacks with a 98.5% accuracy rate. This result outperforms the XGBoost model, which achieved a 95.5% accuracy rate in the same task. In addition, a prediction of the ransomware financial impact using the proposed model reveals that while Locky, SamSam, and WannaCry still incur substantial cumulative costs, their attacks may not be as financially damaging as those of NoobCrypt, DMALocker, and EDA2.

show abstract

“…In the experiments, precision (P), accuracy (A), F1 score (F), and recall (R) [52,53] are used as evaluation metrics. Precision represents the number of true predicted classes that belong to the accurate class.…”

Section: Evaluation Metricsmentioning

confidence: 99%

News Classification and Categorization with Smart Function Sentiment Analysis

Nkongolo Wa Nkongolo

2023

International Journal of Intelligent Systems

View full text Add to dashboard Cite

Search engines are tools used to find information on the Internet. Since the web has a plethora of websites, the engine queries the majority of active sites and builds a database organized according to keywords utilized in the search. Because of this, when a user types a few descriptive words on the home page of the search engine, the search function lists websites corresponding to these keywords. However, there are some problems with this search approach. For instance, if a user wants information about the word Jaguar, most search results are animals and cars. This is a polysemic problem that forces search engines to always provide the most popular but not the most relevant results. This article presents a study of using sentiment technology to help news classification and categorization and improve the classification accuracy. We have introduced a smart search function embedded into a search engine to tackle polysemic issues and record relevant results to determine their sentimentality. Therefore, this study presents a topic that involves several aspects of natural language processing (NLP) and sentiment analysis for news categorization and classification. A web crawler was used to collect British Broadcasting Corporation (BBC) news across the Internet, carried out preprocessing of text by using NLP, and applied sentiment analysis methods to determine the polarity of the processed text data. The sentimentality represents negative, positive, or neutral polarities assigned by the sentiment analysis algorithms. The research utilized the BBC news site to collect different information using a web crawler and a database to explore the sentimentality of BBC news. The natural language toolkit (NLTK) and BM25 indexed and preprocessed patterns in the database. The experimental results depict the proposed search function surpassing normal search with an accuracy rate of 85%. Moreover, the results show a negative polarity of BBC news using the Sentistrength algorithm. Furthermore, the Valence Aware Dictionary and sEntiment Reasoner (VADER) was the best-performing sentiment analysis model for news classification. This model obtained an accuracy of 85% using data collected with the proposed smart function.

show abstract

The Application of Cyclostationary Malware Detection Using Boruta and PCA

Cited by 8 publications

References 21 publications

RFSA: A Ransomware Feature Selection Algorithm for Multivariate Analysis of Malware Behavior in Cryptocurrency

RFSA: A Ransomware Feature Selection Algorithm for Multivariate Analysis of Malware Behavior in Cryptocurrency

Ransomware Detection Using Stacked Autoencoder for Feature Selection

News Classification and Categorization with Smart Function Sentiment Analysis

Contact Info

Product

Resources

About