Journal
2019 MILITARY COMMUNICATIONS AND INFORMATION SYSTEMS CONFERENCE (MILCIS)
Volume -, Issue -, Pages -Publisher
IEEE
DOI: 10.1109/milcis.2019.8930732
Keywords
component; ransomware; IIoT; LAN; detection; feature engineering; deep learning
Ask authors/readers for more resources
Local Area Network (LAN) workstations that operate at the edge tier of Industrial Internet of Things systems (IIoT) and have direct or indirect interaction with critical control devices could be a key vector for advanced threats against control systems, such as a ransomware threat. This indicates that there is a necessity for monitoring these workstations to detect any malicious behavior related to ransomware, and generating an alarm to prevent the ransomware from expanding its activity to more critical system entities. The efficient detection of a ransomware attack very much relies on how accurately its activities are understood and how its traits are discovered. This can help in distinguishing ransomware from legitimate system activities. In this paper, we utilize deep learning techniques to extract the latent representation of a high dimension of collected data to identify malicious behavior accurately. Specifically, the model that we propose is based on a hybrid feature engineering technique of classical and variational auto-encoders. This hybrid technique is used to reduce the dimension of data and extract a good representation of the collected system activities. Then, the new feature vector is passed to a classifier that is built based on deep neural network and batch normalization techniques. The paper concludes with experimental results demonstrating that our model performs better in detecting ransomware compared with other existing models.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available