Explainable Ransomware Detection with Deep Learning Techniques

IF 1.5 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Journal of Computer Virology and Hacking Techniques Pub Date : 2023-09-27 DOI:10.1007/s11416-023-00501-1
Giovanni Ciaramella, Giacomo Iadarola, Fabio Martinelli, Francesco Mercaldo, Antonella Santone
{"title":"Explainable Ransomware Detection with Deep Learning Techniques","authors":"Giovanni Ciaramella, Giacomo Iadarola, Fabio Martinelli, Francesco Mercaldo, Antonella Santone","doi":"10.1007/s11416-023-00501-1","DOIUrl":null,"url":null,"abstract":"Globally, the number of internet users increases every year. As a matter of fact, we use technological devices to surf the internet, for online shopping, or just to relax and keep our relationships by spending time on social networks. By doing any of those actions, we release information that can be used in many ways, such as targeted advertising via cookies but also abused by malicious users for scams or theft. On the other hand, many detection systems have been developed with the aim to counteract malicious actions. In particular, special attention has been paid to the malware, designed to perpetrate malicious actions inside software systems and widespread through internet networks or e-mail messages. In this paper, we propose a deep learning model aimed to detect ransomware. We propose a set of experiments aimed to demonstrate that the proposed method obtains good accuracy during the training and test phases across a dataset of over 15,000 elements. Moreover, to improve our results and interpret the output obtained from the models, we have also exploited the Gradient-weighted Class Activation Mapping.","PeriodicalId":15545,"journal":{"name":"Journal of Computer Virology and Hacking Techniques","volume":null,"pages":null},"PeriodicalIF":1.5000,"publicationDate":"2023-09-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Computer Virology and Hacking Techniques","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/s11416-023-00501-1","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Globally, the number of internet users increases every year. As a matter of fact, we use technological devices to surf the internet, for online shopping, or just to relax and keep our relationships by spending time on social networks. By doing any of those actions, we release information that can be used in many ways, such as targeted advertising via cookies but also abused by malicious users for scams or theft. On the other hand, many detection systems have been developed with the aim to counteract malicious actions. In particular, special attention has been paid to the malware, designed to perpetrate malicious actions inside software systems and widespread through internet networks or e-mail messages. In this paper, we propose a deep learning model aimed to detect ransomware. We propose a set of experiments aimed to demonstrate that the proposed method obtains good accuracy during the training and test phases across a dataset of over 15,000 elements. Moreover, to improve our results and interpret the output obtained from the models, we have also exploited the Gradient-weighted Class Activation Mapping.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
基于深度学习技术的可解释勒索软件检测
从全球来看,互联网用户的数量每年都在增加。事实上,我们使用科技设备上网,网上购物,或者只是为了放松和保持我们的关系,花时间在社交网络上。通过执行这些操作,我们发布的信息可以以多种方式使用,例如通过cookie进行定向广告,但也会被恶意用户滥用,用于诈骗或盗窃。另一方面,许多检测系统都是为了对抗恶意行为而开发的。特别值得注意的是,恶意软件被设计成在软件系统内实施恶意行为,并通过互联网网络或电子邮件传播。在本文中,我们提出了一种旨在检测勒索软件的深度学习模型。我们提出了一组实验,旨在证明所提出的方法在超过15,000个元素的数据集的训练和测试阶段获得了良好的准确性。此外,为了改进我们的结果并解释从模型中获得的输出,我们还利用了梯度加权类激活映射。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Journal of Computer Virology and Hacking Techniques
Journal of Computer Virology and Hacking Techniques COMPUTER SCIENCE, INFORMATION SYSTEMS-
CiteScore
4.00
自引率
13.30%
发文量
41
期刊介绍: The field of computer virus prevention has rapidly taken an important position in our technological and information society. Viral attacks increase year after year, and antiviral efforts continually face new challenges. Beneficial applications of technologies based on scientific computer virology are still very limited. The theoretical aspects of the virus problem are only rarely considered, although many interesting and important open problems still exist. Little proactive research is focused on predicting the future of viral attacks.The Journal of Computer Virology and Hacking Techniques is an independent scientific and technical journal dedicated to viral and antiviral computer technologies. Both theoretical and experimental aspects will be considered; papers emphasizing the theoretical aspects are especially welcome. The topics covered by this journal include, but are certainly not limited to:- Mathematical aspects and theoretical fundamentals of computer virology - Algorithmics and computer virology - Computer immunology and biological models for computers - Reverse engineering (hardware and software) - Viral  and antiviral technologies - Cryptology and steganography tools and techniques - Applications in computer virology - Virology and IDS - Hardware hacking, and free and open hardware - Operating system, network, and embedded systems security - Social engineeringIn addition, since computational problems are of practical interest, papers on the computational aspects of computer virology are welcome. It is expected that the areas covered by this journal will change as new technologies, methodologies, challenges and applications develop. Hacking involves understanding technology intimately and in depth in order to use it in an operational way. Hackers are complementary to academics in that they favour the result over the methods and over the theory, while academics favour the formalization and the methods -- explaining is not operating and operating is not explaining. The aim of the journal in this respect is to build a bridge between the two communities for the benefit of technology and science.The aim of the Journal of Computer Virology and Hacking Techniques is to promote constructive research in computer virology by publishing technical and scientific results related to this research area. Submitted papers will be judged primarily by their content, their originality and their technical and scientific quality. Contributions should comprise novel and previously unpublished material.However, prior publication in conference proceedings of an abstract, summary, or other abbreviated, preliminary form of the material should not preclude publication in this journal when notice of such prior or concurrent publication is given with the submission. In addition to full-length theoretical and technical articles, short communications or notes are acceptable. Survey papers will be accepted with a prior invitation only. Special issues devoted to a single topic are also planned.The policy of the journal is to maintain strict refereeing procedures, to perform a high quality peer-review of each submitted paper, and to send notification to the author(s) with as short a delay as possible. Accepted papers will normally be published within one year of submission at the latest. The journal will be published four times a year. Note: As far as new viral techniques are concerned, the journal strongly encourages authors to consider algorithmic aspects rather than the actual source code of a particular virus. Nonetheless, papers containing viral source codes may be accepted provided that a scientific approach is maintained and that inclusion of the source code is necessary for the presentation of the research. No paper containing a viral source code will be considered or accepted unless the complete source code is communicated to the Editor-in-Chief. No publication will occur before antiviral companies receive this source code to update/upgrade their products.The final objective is, once again, proactive defence.This journal was previously known as Journal in Computer Virology. It is published by Springer France.
期刊最新文献
Next gen cybersecurity paradigm towards artificial general intelligence: Russian market challenges and future global technological trends Differences with high probability and impossible differentials for the KB-256 cipher Oblivion: an open-source system for large-scale analysis of macro-based office malware On modular (CRT-based) secret sharing Design criteria of a new code-based KEM
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1