IDEAS home Printed from https://ideas.repec.org/a/gam/jsusta/v14y2022i3p1231-d730442.html
   My bibliography  Save this article

A Weighted Minimum Redundancy Maximum Relevance Technique for Ransomware Early Detection in Industrial IoT

Author

Listed:
  • Yahye Abukar Ahmed

    (Faculty of Computing, SIMAD University, Mogadishu 801, Somalia)

  • Shamsul Huda

    (School of Information Technology, Deakin University, Burwood, Melbourne 3125, Australia)

  • Bander Ali Saleh Al-rimy

    (School of Computing, Faculty of Engineering, Universiti Teknologi Malaysia (UTM), Johor Bahru 81310, Malaysia)

  • Nouf Alharbi

    (College of Computer Science and Engineering, Taibah University, Al-Madinah P.O. Box 344, Saudi Arabia)

  • Faisal Saeed

    (DAAI Research Group, Department of Computing and Data Science, School of Computing and Digital Technology, Birmingham City University, Birmingham B4 7XG, UK)

  • Fuad A. Ghaleb

    (School of Computing, Faculty of Engineering, Universiti Teknologi Malaysia (UTM), Johor Bahru 81310, Malaysia)

  • Ismail Mohamed Ali

    (Faculty of Computing, SIMAD University, Mogadishu 801, Somalia)

Abstract

Ransomware attacks against Industrial Internet of Things (IIoT) have catastrophic consequences not only to the targeted infrastructure, but also the services provided to the public. By encrypting the operational data, the ransomware attacks can disrupt the normal operations, which represents a serious problem for industrial systems. Ransomware employs several avoidance techniques, such as packing, obfuscation, noise insertion, irrelevant and redundant system call injection, to deceive the security measures and make both static and dynamic analysis more difficult. In this paper, a Weighted minimum Redundancy maximum Relevance (WmRmR) technique was proposed for better feature significance estimation in the data captured during the early stages of ransomware attacks. The technique combines an enhanced mRMR (EmRmR) with the Term Frequency-Inverse Document Frequency (TF-IDF) so that it can filter out the runtime noisy behavior based on the weights calculated by the TF-IDF. The proposed technique has the capability to assess whether a feature in the relevant set is important or not. It has low-dimensional complexity and a smaller number of evaluations compared to the original mRmR method. The TF-IDF was used to evaluate the weights of the features generated by the EmRmR algorithm. Then, an inclusive entropy-based refinement method was used to decrease the size of the extracted data by identifying the system calls with strong behavioral indication. After extensive experimentation, the proposed technique has shown to be effective for ransomware early detection with low-complexity and few false-positive rates. To evaluate the proposed technique, we compared it with existing behavioral detection methods.

Suggested Citation

  • Yahye Abukar Ahmed & Shamsul Huda & Bander Ali Saleh Al-rimy & Nouf Alharbi & Faisal Saeed & Fuad A. Ghaleb & Ismail Mohamed Ali, 2022. "A Weighted Minimum Redundancy Maximum Relevance Technique for Ransomware Early Detection in Industrial IoT," Sustainability, MDPI, vol. 14(3), pages 1-15, January.
  • Handle: RePEc:gam:jsusta:v:14:y:2022:i:3:p:1231-:d:730442
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2071-1050/14/3/1231/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/2071-1050/14/3/1231/
    Download Restriction: no
    ---><---

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Mazen Gazzan & Frederick T. Sheldon, 2023. "An Enhanced Minimax Loss Function Technique in Generative Adversarial Network for Ransomware Behavior Prediction," Future Internet, MDPI, vol. 15(10), pages 1-18, September.
    2. Mazen Gazzan & Frederick T. Sheldon, 2023. "Opportunities for Early Detection and Prediction of Ransomware Attacks against Industrial Control Systems," Future Internet, MDPI, vol. 15(4), pages 1-18, April.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jsusta:v:14:y:2022:i:3:p:1231-:d:730442. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.