Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence
read more
Citations
A systematic literature review of blockchain cyber security
A deep Recurrent Neural Network based approach for Internet of Things malware threat hunting
Fuzzy Pattern Tree for Edge Malware Detection and Categorization in IoT
Leveraging machine learning techniques for Windows ransomware network traffic detection
DRTHIS: Deep ransomware threat hunting and intelligence system at the fog layer
References
Mining sequential patterns
Evaluation: from Precision, Recall and F-measure to ROC, Informedness, Markedness and Correlation
Comparison of the predicted and observed secondary structure of T4 phage lysozyme.
A systematic analysis of performance measures for classification tasks
Related Papers (5)
Robust Malware Detection for Internet of (Battlefield) Things Devices Using Deep Eigenspace Learning
Frequently Asked Questions (13)
Q2. What are the future works mentioned in the paper "Know abnormal, find evil: frequent pattern mining for ransomware threat hunting and intelligence" ?
Applying other classification techniques such as fuzzy classification can be considered as a future work of this study.
Q3. What is the common method of detection of ransomware?
Most ransomwares detection solutions are relying on filesystem [28]–[30] and registry events [31] to identify malicious behaviors.
Q4. How many features did the authors detect in the SV DD?
The authors achieved F-Measure of more than 0.98 with FPR of less than 0.007 in detection of a given ransomware family using 13 selected features detected in this study.
Q5. What happens when the sample is successfully transferred?
When the sample is successfully transferred, the Controller notifies the Launcher app to run the ProcessMonitor application and executes a given sample.
Q6. How many ransomware samples were downloaded from virustotal.com?
The authors have downloaded 1624 Windows Portable Executable (PE32) ransomware samples from virustotal.com which were active in the period of February 2016 to March 2017 as reported by RansomwareTracker.abuse.ch.
Q7. What is the significance of the study?
utilization of Stream Data Mining techniques to reduce ransomware detection time is another interesting extension of this study.
Q8. What happens when the VM is successfully reverted?
When the log file is successfully stored on the host machine, the Controller application reverts the VM back to its original copy and passes the next sample.
Q9. What is the main reason for the rise of ransomware?
recent adoption of eCurrencies such as BitCoin provided many new opportunities for attackers including receiving a ransom payment for decrypting users data [21].
Q10. What are the two main types of sequential pattern mining algorithms?
Members of a MC are in format of (P, sup P ) where P is a MSP and sup P shows the frequency of occurrence of P in a given dataset D.There are two major types of sequential pattern mining algorithms to extract MSPs namely Apriori-based and frequent pattern growth.
Q11. How is the MCC of the classifiers?
The MCC value of all classifiers is more than 0.96 while Random Forest and Bagging achieved MCC of almost +1 which is very close to a perfect prediction.
Q12. What is the significance of the features in the classifiers?
MCC values of more than 0.95 for all classifiers also indicate quality of their features in enabling classifiers to provide an almost perfect prediction.
Q13. What is the main reason for the popularity of ransomware?
Timely detection of a ransomware upon its execution is very crucial and systems that fail to detect ransomware in less than 10 seconds are not considered effective [5].