City Research Online - Zero-day Ransomware Attack Detection using Deep Contractive Autoencoder and Voting based Ensemble Classifier

Zero-day Ransomware Attack Detection using Deep Contractive Autoencoder and Voting based Ensemble Classifier

Zahoora, U., Rajarajan, M. ORCID: 0000-0001-5814-9922, Pan, Z. & Khan, A. (2022). Zero-day Ransomware Attack Detection using Deep Contractive Autoencoder and Voting based Ensemble Classifier. Applied Intelligence, 52(12), pp. 13941-13960. doi: 10.1007/s10489-022-03244-6

Abstract

Ransomware attacks are hazardous cyber-attacks that use cryptographic methods to hold victims’ data until the ransom is paid. Zero-day ransomware attacks try to exploit new vulnerabilities and are considered a severe threat to existing security solutions and internet resources. In the case of zero-day attacks, training data is not available before the attack takes place. Therefore, we exploit Zero-shot Learning (ZSL) capabilities that can effectively deal with unseen classes compared to the traditional machine learning techniques. ZSL is a two-stage process comprising of: Attribute Learning (AL) and Inference Stage (IS). In this regard, this work presents a new Deep Contractive Autoencoder based Attribute Learning (DCAE-ZSL) technique as well as an IS method based on Heterogeneous Voting Ensemble (DCAE-ZSL-HVE). In the proposed DCAE-ZSL approach, Contractive Autoencoder (CAE) is employed to extract core features of known and unknown ransomware. The regularization term of CAE helps in penalizing the classifier's sensitivity against the small dissimilarities in the latent space. On the other hand, in case of the IS, four combination rules Global Majority (GM), Local Majority (LM), Cumulative Vote-against based Global Majority (CVAGM), Cumulative Vote-for based Global Majority (CVFGM) are utilized to find the final prediction. It is empirically shown that in comparison to conventional machine learning techniques, models trained on contractive embedding show reasonable performance against zero-day attacks. Furthermore, it is shown that the exploitation of these core features through the proposed voting based ensemble (DCAE-ZSL-HVE) has demonstrated significant improvement in detecting zero-day attacks (recall = 0.95) and reducing False Negative (FN = 6).

Publication Type:	Article
Additional Information:	This version of the article has been accepted for publication, after peer review (when applicable) and is subject to Springer Nature’s AM terms of use, but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record is available online at: https://doi.org/10.1007/s10489-022-03244-6
Publisher Keywords:	Zero-shot Learning, Zero-day Attack, Ransomware, Deep Learning, Autoencoder, Ensemble Classification
Subjects:	Q Science > QA Mathematics > QA75 Electronic computers. Computer science T Technology > T Technology (General)
Departments:	School of Science & Technology > Engineering
SWORD Depositor:	Symplectic Administrator

[thumbnail of Revised -Manuscript_ZSL.9-28-2021reviseddocx.pdf]

Preview

Text - Accepted Version
Download (1MB) | Preview

Export

Downloads

Downloads per month over past year

View more statistics

Metadata

Altmetric

CORE (COnnecting REpositories)

Actions (login required)

Admin Login

Creators:	Zahoora, U. Rajarajan, M. ORCID: 0000-0001-5814-9922 Pan, Z. Khan, A.
Status:	Published
Refereed:	Yes
Journal or Publication Title:	Applied Intelligence
Publisher:	Springer Science and Business Media LLC
ISSN:	0924-669X
e-ISSN:	1573-7497
URI:	https://openaccess.city.ac.uk/id/eprint/29155
Date available in CRO:	03 Nov 2022 15:31
Date deposited:	3 November 2022
Dates:	Date Event 13 January 2022 Accepted 1 March 2022 Published Online 30 September 2022 Published