Enhancing Cybersecurity against Ransomware Attacks Using LSTM Deep Learning Method: A Case Study on Android Devices

Öz

The rapid advancement of technology brings new threats to the digital world. One of these threats is malicious ransomware attacks. Ransomware is malicious software that demands ransom from innocent users by blocking access to information systems. Since traditional methods are limited to predefined blacklists, they may be ineffective against unknown ransomware types. Deep learning methods, on the other hand, offer a sensitive defense mechanism against anomalies by learning normal behavior patterns. In this study, the Internet logs of Android devices consisting of 392,034 rows and 86 columns were studied using the Long Short-Term Memory (LSTM) model. The dataset contains 14 different Android ransomware families and harmless traffic. Data preprocessing steps include missing data management, outlier analysis, feature selection, coding operations, and data normalization/standardization. The dataset was split at 80% training - 20% test ratio, and it was determined that the 80% training - 20% test split had the highest accuracy. The developed LSTM based classification model achieved successful results with 99% accuracy rate and 0.99 F1-score.

Anahtar Kelimeler

• Ransomware Attacks
• Deep Learning
• Android

LSTM Derin Öğrenme Yöntemi Kullanarak Fidye Yazılımı Saldırılarına Karşı Siber Güvenliğin Geliştirilmesi: Android Cihazlarda Bir Vaka Çalışması

Öz

Teknolojinin hızla ilerlemesi dijital dünyada yeni tehditleri de beraberinde getiriyor. Bu tehditlerden biri kötücül fidye yazılımı saldırılarıdır. Fidye yazılımları, bilgi sistemlerine erişimi engelleyerek masum kullanıcılardan fidye talep eden kötü amaçlı yazılımlardır. Geleneksel yöntemler önceden tanımlanmış kara listelerle sınırlı olduğundan, bilinmeyen fidye yazılımı türlerine karşı etkisiz kalabilir. Derin öğrenme yöntemleri ise normal davranış kalıplarını öğrenerek anormalliklere karşı hassas bir savunma mekanizması sunar. Bu çalışmada Uzun Kısa Süreli Bellek (LSTM) modeli kullanılarak, 392.034 satır ve 86 sütundan oluşan Android cihazların İnternet günlükleri üzerinde çalışılmıştır. Veri seti, 14 farklı Android fidye yazılımı ailesi ve zararsız trafik içermektedir. Veri ön işleme adımları arasında eksik verilerin yönetimi, aykırı değer analizi, özellik seçimi, kodlama işlemleri ve veri normalleştirme/standartlaştırma bulunmaktadır. Veri kümesi %80 eğitim - %20 test oranında bölünmüş ve %80 eğitim - %20 test ayrımının en yüksek doğruluğa sahip olduğu belirlenmiştir. Geliştirilen LSTM tabanlı sınıflandırma modeli %99 doğruluk oranı ve 0,99 F1-skoru ile başarılı sonuçlar elde etmiştir

Anahtar Kelimeler

• Fidye Yazılımı
• Derin Öğrenme
• Android

Kaynakça

1. [1] Teymourlouei, H., “Preventative measures in cyber & ransomware attacks for home & small businesses’ data”, Proceedings of the International Conference on Scientific Computing (CSC), 87–93 (2018).
2. [2] Verizon. Data Breach Investigations Report. (2017).
3. [3] Ransomware Attacks on European Transportation Targets, I-HLS, (2022).
4. [4] Barry, Ellen; Perlroth, Nicole "Patients of a Vermont Hospital Are Left 'in the Dark' After a Cyberattack". New York Times, (2020).
5. [5] Masdari, Mohammad, and Hemn Khezri. "A survey and taxonomy of the fuzzy signature-based intrusion detection systems." Applied Soft Computing 92 (2020).
6. [6] Zahoora, Umme, et al. "Zero-day ransomware attack detection using deep contractive autoencoder and voting based ensemble classifier." Applied Intelligence 52.12 (2022).
7. [7] Sgandurra, Daniele, et al. "Automated dynamic analysis of ransomware: Benefits, limitations and use for detection." arXiv preprint (2016).
8. [8] Hasan, Md Mahbub, and Md Mahbubur Rahman. "RansHunt: A support vector machines based ransomware analysis framework with integrated feature set." 2017 20th international conference of computer and information technology (ICCIT). IEEE, (2017).

9. [9] AbdulsalamYa'u, Gital, et al. "Deep learning for detecting ransomware in edge computing devices based on autoencoder classifier." 2019 4th International Conference on Electrical, Electronics, Communication, Computer Technologies and Optimization Techniques (ICEECCOT). IEEE, (2019).
10. [10] Chen, C.-Q., Cuo, C., Shen, G.-W.: “A ransomware classification method based on visualization”, Netinfo Security. 20(4), 31–39, (2020).
11. [11] Moreira, Caio C., Davi C. Moreira, and Claudomiro de S. de Sales Jr. "Improving ransomware detection based on portable executable header using xception convolutional neural network." Computers & Security 130, 103265, (2023).
12. [12] Manavi, Farnoush, and Ali Hamzeh. "Static detection of ransomware using LSTM network and PE header." 2021 26th international computer conference, Computer Society of Iran (CSICC). IEEE, (2021).
13. [13] Gharib, Amirhossein, and Ali Ghorbani. "Dna-droid: A real-time android ransomware detection framework." Network and System Security: 11th International Conference, NSS 2017, Helsinki, Finland, August 21–23, 2017, Proceedings 11. Springer International Publishing, (2017).
14. [14] Bae, Seong Il, Gyu Bin Lee, and Eul Gyu Im. "Ransomware detection using machine learning algorithms." Concurrency and Computation: Practice and Experience 32.18 (2020).
15. [15] Mansyur, M., Indra Budi, and Yova Ruldeviyani. "Utilization of Data Mining Classification Technique for Civil Servant Mutation Pattern: A Case Study of Pangkajene and Kepulauan District Government." 2018 International Conference on Applied Information Technology and Innovation (ICAITI). IEEE, (2018).
16. [16] Internet: “Android Ransomware Detection”, https://www.kaggle.com/datasets/subhajournal/android-ransomware-detection, (2024).
17. [17] Agarwal, V., “Research on data preprocessing and categorization technique for smartphone review analysis”, International Journal of Computer Applications, 131(4), 30-36, (2015).
18. [18] Modi, Krishna, and Bhavesh Oza. "Outlier analysis approaches in data mining." International Journal of Innovative Research in Technology, 3(7), 6-12, (2016).
19. [19] Liu, J., Cao, Y., Li, Y., Guo, Y., & Deng, W., “Analysis and prediction of power distribution network loss based on machine learning”, International Journal of Numerical Modelling: Electronic Networks, Devices and Fields, 36(4), (2023).
20. [20] Singh, N., & Oorkavalan, U. (2018). “Triple Threshold Statistical Detection filter for removing high density random-valued impulse noise in images”, EURASIP Journal on Image and Video Processing, 1-16, (2018).
21. [21] Perez, H., & Tah, J. H. M. “Improving the Accuracy of Convolutional Neural Networks by Identifying and Removing Outlier Images in Datasets Using t-SNE”, Mathematics, 8, 662, (2020).
22. [22] Whaley III, “Dewey Lonzo. The interquartile range: Theory and estimation”, MS thesis. East Tennessee State University, (2005).
23. [23] Anggoro, D. A., & Supriyanti, W., “Improving accuracy by applying Z-score normalization in linear regression and polynomial regression model for real estate data”, International Journal of Emerging Trends in Engineering Research, 7(11), 549-555, (2019).
24. [24] Nurnoby, M. Faisal, and El-Sayed M. El-Alfy. "Overview and Case Study for Ransomware Classification Using Deep Neural Network." 2019 2nd IEEE Middle East and North Africa COMMunications Conference (MENACOMM). IEEE, (2019).
25. [25] Li, Zhida, Ana Laura Gonzalez Rios, and Ljiljana Trajković. "Machine learning for detecting the WestRock ransomware attack using BGP routing records." IEEE Communications Magazine, 61(3), 20-26, (2022).
26. [26] Anusha, Peruri Venkata, et al. "Detecting outliers in high dimensional data sets using Z-score methodology", International Journal of Innovative Technology and Exploring Engineering 9.1, 48-53, (2019).
27. [27] Singh, Amardeep, et al. "Enhancing ransomware attack detection using transfer learning and deep learning ensemble models on cloud-encrypted data." Electronics, 12.18, 3899, (2023).
28. [28] Kahloot, Khalid M., and Peter Ekler. "Algorithmic splitting: A method for dataset preparation." IEEE Access, 9, 125229-125237, (2021).
29. [29] Homayoun, Sajad, et al. "DRTHIS: Deep ransomware threat hunting and intelligence system at the fog layer." Future Generation Computer Systems, 90, 94-104, (2019).
30. [30] Saxena, Shipra. "Introduction to long short term memory (LSTM)." Analytics Vidhya (2021).
31. [31] Ciaramella, Giovanni, et al. "Explainable ransomware detection with deep learning techniques." Journal of Computer Virology and Hacking Techniques 20(2), 317-330, (2024).
32. [32] Almomani, I., Alkhayer, A., & El-Shafai, W., “E2E-RDS: Efficient End-to-End ransomware detection system based on Static-Based ML and Vision-Based DL approaches”. Sensors, 23(9), 4467, (2023).