Affiliation:
1. GAZİ ÜNİVERSİTESİ, TEKNOLOJİ FAKÜLTESİ
2. Gazi Üniversitesi
Abstract
The rapid advancement of technology brings new threats to the digital world. One of these threats is malicious ransomware attacks. Ransomware is malicious software that demands ransom from innocent users by blocking access to information systems. Since traditional methods are limited to predefined blacklists, they may be ineffective against unknown ransomware types. Deep learning methods, on the other hand, offer a sensitive defense mechanism against anomalies by learning normal behavior patterns. In this study, the Internet logs of Android devices consisting of 392,034 rows and 86 columns were studied using the Long Short-Term Memory (LSTM) model. The dataset contains 14 different Android ransomware families and harmless traffic. Data preprocessing steps include missing data management, outlier analysis, feature selection, coding operations, and data normalization/standardization. The dataset was split at 80% training - 20% test ratio, and it was determined that the 80% training - 20% test split had the highest accuracy. The developed LSTM based classification model achieved successful results with 99% accuracy rate and 0.99 F1-score.
Reference32 articles.
1. [1] Teymourlouei, H., “Preventative measures in cyber & ransomware attacks for home & small businesses’ data”, Proceedings of the International Conference on Scientific Computing (CSC), 87–93 (2018).
2. [2] Verizon. Data Breach Investigations Report. (2017).
3. [3] Ransomware Attacks on European Transportation Targets, I-HLS, (2022).
4. [4] Barry, Ellen; Perlroth, Nicole "Patients of a Vermont Hospital Are Left 'in the Dark' After a Cyberattack". New York Times, (2020).
5. [5] Masdari, Mohammad, and Hemn Khezri. "A survey and taxonomy of the fuzzy signature-based intrusion detection systems." Applied Soft Computing 92 (2020).