Leveraging Deep Learning Models for Ransomware Detection in the Industrial Internet of Things Environment

• Published in: 2019 Military Communications and Information Systems Conference (MilCIS) pp. 1 - 6
• Main Authors: Al-Hawawreh, Muna, Sitnikova, Elena
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.11.2019
• Subjects: component; deep learning; detection; feature engineering; IIoT; LAN; ransomware
• DOI: 10.1109/MilCIS.2019.8930732

Local Area Network (LAN) workstations that operate at the edge tier of Industrial Internet of Things systems (IIoT) and have direct or indirect interaction with critical control devices could be a key vector for advanced threats against control systems, such as a ransomware threat. This indicates that there is a necessity for monitoring these workstations to detect any malicious behavior related to ransomware, and generating an alarm to prevent the ransomware from expanding its activity to more critical system entities. The efficient detection of a ransomware attack very much relies on how accurately its activities are understood and how its traits are discovered. This can help in distinguishing ransomware from legitimate system activities. In this paper, we utilize deep learning techniques to extract the latent representation of a high dimension of collected data to identify malicious behavior accurately. Specifically, the model that we propose is based on a hybrid feature engineering technique of classical and variational auto-encoders. This hybrid technique is used to reduce the dimension of data and extract a good representation of the collected system activities. Then, the new feature vector is passed to a classifier that is built based on deep neural network and batch normalization techniques. The paper concludes with experimental results demonstrating that our model performs better in detecting ransomware compared with other existing models.