IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v15y2023i10p318-d1245754.html
   My bibliography  Save this article

An Enhanced Minimax Loss Function Technique in Generative Adversarial Network for Ransomware Behavior Prediction

Author

Listed:
  • Mazen Gazzan

    (Department of Computer Science, College of Engineering, University of Idaho, Moscow, ID 83844, USA
    College of Computer Science and Information Systems, Najran University, Najran P.O. Box 1988, Saudi Arabia)

  • Frederick T. Sheldon

    (Department of Computer Science, College of Engineering, University of Idaho, Moscow, ID 83844, USA)

Abstract

Recent ransomware attacks threaten not only personal files but also critical infrastructure like smart grids, necessitating early detection before encryption occurs. Current methods, reliant on pre-encryption data, suffer from insufficient and rapidly outdated attack patterns, despite efforts to focus on select features. Such an approach assumes that the same features remain unchanged. This approach proves ineffective due to the polymorphic and metamorphic characteristics of ransomware, which generate unique attack patterns for each new target, particularly in the pre-encryption phase where evasiveness is prioritized. As a result, the selected features quickly become obsolete. Therefore, this study proposes an enhanced Bi-Gradual Minimax (BGM) loss function for the Generative Adversarial Network (GAN) Algorithm that compensates for the attack patterns insufficiency to represents the polymorphic behavior at the earlier phases of the ransomware lifecycle. Unlike existing GAN-based models, the BGM-GAN gradually minimizes the maximum loss of the generator and discriminator in the network. This allows the generator to create artificial patterns that resemble the pre-encryption data distribution. The generator is used to craft evasive adversarial patterns and add them to the original data. Then, the generator and discriminator compete to optimize their weights during the training phase such that the generator produces realistic attack patterns, while the discriminator endeavors to distinguish between the real and crafted patterns. The experimental results show that the proposed BGM-GAN reached maximum accuracy of 0.98, recall (0.96), and a minimum false positive rate (0.14) which all outperform those obtained by the existing works. The application of BGM-GAN can be extended to early detect malware and other types of attacks.

Suggested Citation

  • Mazen Gazzan & Frederick T. Sheldon, 2023. "An Enhanced Minimax Loss Function Technique in Generative Adversarial Network for Ransomware Behavior Prediction," Future Internet, MDPI, vol. 15(10), pages 1-18, September.
    • Handle: RePEc:gam:jftint:v:15:y:2023:i:10:p:318-:d:1245754
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/15/10/318/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/15/10/318/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Yahye Abukar Ahmed & Shamsul Huda & Bander Ali Saleh Al-rimy & Nouf Alharbi & Faisal Saeed & Fuad A. Ghaleb & Ismail Mohamed Ali, 2022. "A Weighted Minimum Redundancy Maximum Relevance Technique for Ransomware Early Detection in Industrial IoT," Sustainability, MDPI, vol. 14(3), pages 1-15, January.
    2. Mazen Gazzan & Frederick T. Sheldon, 2023. "Opportunities for Early Detection and Prediction of Ransomware Attacks against Industrial Control Systems," Future Internet, MDPI, vol. 15(4), pages 1-18, April.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Mazen Gazzan & Frederick T. Sheldon, 2023. "Opportunities for Early Detection and Prediction of Ransomware Attacks against Industrial Control Systems," Future Internet, MDPI, vol. 15(4), pages 1-18, April.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:15:y:2023:i:10:p:318-:d:1245754. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.