An I/O Request Packet (IRP) Driven Effective Ransomware Detection Scheme using Artificial Neural Network

Md Ahsan Ayub; Andrea Continella; Ambareen Siraj

doi:10.1109/IRI49571.2020.00053

An I/O Request Packet (IRP) Driven Effective Ransomware Detection Scheme using Artificial Neural Network

Md Ahsan Ayub, Andrea Continella, Ambareen Siraj

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

19 Citations (Scopus)

218 Downloads (Pure)

Abstract

In recent times, there has been a global surge of ransomware attacks targeted at industries of various types and sizes from retail to critical infrastructure. Ransomware researchers are constantly coming across new kinds of ransomware samples every day and discovering novel ransomware families out in the wild. To mitigate this ever-growing menace, academia and industry-based security researchers have been utilizing unique ways to defend against this type of cyber-Attacks. I/O Request Packet (IRP), a low-level file system I/O log, is a newly found research paradigm for defense against ransomware that is being explored frequently. As such in this study, to learn granular level, actionable insights of ransomware behavior, we analyze the IRP logs of 272 ransomware samples belonging to 18 different ransomware families captured during individual execution. We further our analysis by building an effective Artificial Neural Network (ANN) structure for successful ransomware detection by learning the underlying patterns of the IRP logs. We evaluate the ANN model with three different experimental settings to prove the effectiveness of our approach. The model demonstrates outstanding performance in terms of accuracy, precision score, recall score, and F1 score, i.e., in the range of 99.7%±0.2%.

Original language	English
Title of host publication	Proceedings - 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science, IRI 2020
Place of Publication	Piscataway, NJ
Publisher	IEEE
Pages	319-324
Number of pages	6
ISBN (Electronic)	978-1-7281-1054-7
ISBN (Print)	978-1-7281-1055-4
DOIs	https://doi.org/10.1109/IRI49571.2020.00053
Publication status	Published - Aug 2020
Event	21st IEEE International Conference on Information Reuse and Integration for Data Science, IRI 2020 - Virtual, Las Vegas, United States Duration: 11 Aug 2020 → 13 Aug 2020 Conference number: 21

Conference

Conference	21st IEEE International Conference on Information Reuse and Integration for Data Science, IRI 2020
Abbreviated title	IRI 2020
Country/Territory	United States
City	Virtual, Las Vegas
Period	11/08/20 → 13/08/20

Keywords

2021 OA procedure
I/O Monitoring
Malware
Ransomware
Artificial Neural Network

Access to Document

10.1109/IRI49571.2020.00053

Ayub-2020-An-i-o-request-packet-irp-driven-efFinal published version, 133 KBLicence: Taverne

Cite this

@inproceedings{13de8e3513b94a4e8eb02faec1c49bc5,

title = "An I/O Request Packet (IRP) Driven Effective Ransomware Detection Scheme using Artificial Neural Network",

abstract = "In recent times, there has been a global surge of ransomware attacks targeted at industries of various types and sizes from retail to critical infrastructure. Ransomware researchers are constantly coming across new kinds of ransomware samples every day and discovering novel ransomware families out in the wild. To mitigate this ever-growing menace, academia and industry-based security researchers have been utilizing unique ways to defend against this type of cyber-Attacks. I/O Request Packet (IRP), a low-level file system I/O log, is a newly found research paradigm for defense against ransomware that is being explored frequently. As such in this study, to learn granular level, actionable insights of ransomware behavior, we analyze the IRP logs of 272 ransomware samples belonging to 18 different ransomware families captured during individual execution. We further our analysis by building an effective Artificial Neural Network (ANN) structure for successful ransomware detection by learning the underlying patterns of the IRP logs. We evaluate the ANN model with three different experimental settings to prove the effectiveness of our approach. The model demonstrates outstanding performance in terms of accuracy, precision score, recall score, and F1 score, i.e., in the range of 99.7%±0.2%. ",

keywords = "2021 OA procedure, I/O Monitoring, Malware, Ransomware, Artificial Neural Network",

author = "Ayub, {Md Ahsan} and Andrea Continella and Ambareen Siraj",

year = "2020",

month = aug,

doi = "10.1109/IRI49571.2020.00053",

language = "English",

isbn = "978-1-7281-1055-4",

pages = "319--324",

booktitle = "Proceedings - 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science, IRI 2020",

publisher = "IEEE",

address = "United States",

note = "21st IEEE International Conference on Information Reuse and Integration for Data Science, IRI 2020, IRI 2020 ; Conference date: 11-08-2020 Through 13-08-2020",

}

Ayub, MA, Continella, A & Siraj, A 2020, An I/O Request Packet (IRP) Driven Effective Ransomware Detection Scheme using Artificial Neural Network. in Proceedings - 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science, IRI 2020., 9191509, IEEE, Piscataway, NJ, pp. 319-324, 21st IEEE International Conference on Information Reuse and Integration for Data Science, IRI 2020, Virtual, Las Vegas, United States, 11/08/20. https://doi.org/10.1109/IRI49571.2020.00053

An I/O Request Packet (IRP) Driven Effective Ransomware Detection Scheme using Artificial Neural Network. / Ayub, Md Ahsan; Continella, Andrea; Siraj, Ambareen.
Proceedings - 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science, IRI 2020. Piscataway, NJ: IEEE, 2020. p. 319-324 9191509.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - An I/O Request Packet (IRP) Driven Effective Ransomware Detection Scheme using Artificial Neural Network

AU - Ayub, Md Ahsan

AU - Continella, Andrea

AU - Siraj, Ambareen

N1 - Conference code: 21

PY - 2020/8

Y1 - 2020/8

N2 - In recent times, there has been a global surge of ransomware attacks targeted at industries of various types and sizes from retail to critical infrastructure. Ransomware researchers are constantly coming across new kinds of ransomware samples every day and discovering novel ransomware families out in the wild. To mitigate this ever-growing menace, academia and industry-based security researchers have been utilizing unique ways to defend against this type of cyber-Attacks. I/O Request Packet (IRP), a low-level file system I/O log, is a newly found research paradigm for defense against ransomware that is being explored frequently. As such in this study, to learn granular level, actionable insights of ransomware behavior, we analyze the IRP logs of 272 ransomware samples belonging to 18 different ransomware families captured during individual execution. We further our analysis by building an effective Artificial Neural Network (ANN) structure for successful ransomware detection by learning the underlying patterns of the IRP logs. We evaluate the ANN model with three different experimental settings to prove the effectiveness of our approach. The model demonstrates outstanding performance in terms of accuracy, precision score, recall score, and F1 score, i.e., in the range of 99.7%±0.2%.

AB - In recent times, there has been a global surge of ransomware attacks targeted at industries of various types and sizes from retail to critical infrastructure. Ransomware researchers are constantly coming across new kinds of ransomware samples every day and discovering novel ransomware families out in the wild. To mitigate this ever-growing menace, academia and industry-based security researchers have been utilizing unique ways to defend against this type of cyber-Attacks. I/O Request Packet (IRP), a low-level file system I/O log, is a newly found research paradigm for defense against ransomware that is being explored frequently. As such in this study, to learn granular level, actionable insights of ransomware behavior, we analyze the IRP logs of 272 ransomware samples belonging to 18 different ransomware families captured during individual execution. We further our analysis by building an effective Artificial Neural Network (ANN) structure for successful ransomware detection by learning the underlying patterns of the IRP logs. We evaluate the ANN model with three different experimental settings to prove the effectiveness of our approach. The model demonstrates outstanding performance in terms of accuracy, precision score, recall score, and F1 score, i.e., in the range of 99.7%±0.2%.

KW - 2021 OA procedure

KW - I/O Monitoring

KW - Malware

KW - Ransomware

KW - Artificial Neural Network

UR - http://www.scopus.com/inward/record.url?scp=85092206106&partnerID=8YFLogxK

U2 - 10.1109/IRI49571.2020.00053

DO - 10.1109/IRI49571.2020.00053

M3 - Conference contribution

AN - SCOPUS:85092206106

SN - 978-1-7281-1055-4

SP - 319

EP - 324

BT - Proceedings - 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science, IRI 2020

PB - IEEE

CY - Piscataway, NJ

T2 - 21st IEEE International Conference on Information Reuse and Integration for Data Science, IRI 2020

Y2 - 11 August 2020 through 13 August 2020

ER -

An I/O Request Packet (IRP) Driven Effective Ransomware Detection Scheme using Artificial Neural Network

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this