Description
Dear Colleagues,I am pleased to invite you to our next DSERU/SOCME seminar on Wednesday, the 18th of October 2023, from 12:00 PM to 1:00 PM.
Please confirm your participation by accepting this invitation.
Speaker: Jannatul Ferdous
Topic: A novel hybrid approach for ransomware detection using advanced ML technique
----------
Abstract: The frequency and sophistication of ransomware attacks have expanded their reach to both individuals and organisations, causing significant disruptions and financial losses, thereby necessitating immediate attention to improving detection mechanisms. Despite advances in cyber-defence mechanisms, traditional detection solutions are increasingly falling short of countering the evolving tactics and adversarial learning techniques employed in ransomware attacks. Additionally, conventional machine learning requires manual feature selection for malware detection. To address these problems, this proposal aims to build an innovative hybrid approach for ransomware detection by leveraging static and dynamic analyses along with advanced deep learning methods. The proposal states that static analysis will be used to extract file attributes, API call sequences, and network-related indicators, which are fast and reliable techniques but not resilient to code obfuscation. On the other hand, dynamic analysis is more resilient to obfuscation and investigates the program's behaviour while running but requires more memory and processing power. Our hybrid approach will benefit from both methods by combining static and dynamic features into a large and diverse dataset to train the model because a large, varied dataset is crucial for creating an effective model that generalises well and detects new ransomware. Diversity encompasses a variety of ransomware families with varying behaviours and malicious features. In the proposed study, we employed a deep learning framework to extract features automatically from ransomware samples. We will use a neural network framework that has demonstrated superior performance in previous studies compared to traditional machine learning algorithms. This will allow us to explore various architectural configurations and training strategies to optimise the feature extraction process. By automating feature selection through deep learning, we expect our model to be more robust, efficient, and accurate in detecting ransomware and compare it with traditional models, focusing on the influence of dataset size and diversity on detection efficiency. To address the challenge of the resource-intensive nature of deep learning, this study will also explore the potential of different feature selection methods such as Correlation-based Feature Selection (CFS), Mutual Information Criterion (MIC), Term Frequency-Inverse Document Frequency (TF-IDF), to optimise our model's performance, and PCA to minimise the feature set without compromising detection efficacy. These techniques reduce the dimensionality of the feature space and improve the efficiency of the model training and deployment. For an effective ransomware detection model, it is essential to test its resilience against advanced ransomware attacks or adversarial inputs because of its constant evolution. Adversarial learning techniques involve attacks that exploit the weaknesses of the machine learning model. Attackers can alter the input data to mislead the model and harm it. To evaluate the resilience of the proposed hybrid model against adversarial learning attacks, we will implement incremental learning and test the model's performance on adversarial samples. Some well-known techniques in the literature such as the Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD) will be investigated for creating adversarial examples. We will assess the model's accuracy, detection, and false positives on these examples and update the model accordingly to enhance its robustness while maintaining high detection accuracy. This research proposal presents a comprehensive plan for advancing ransomware detection. The findings of this study are expected to significantly contribute to the development of more efficient and resilient ransomware detection systems, thereby enhancing cybersecurity measures.
Short Bio: Jannatul Ferdous is a PhD candidate at Charles Sturt University (CSU), Australia. She currently works on ransomware detection and mitigation using machine-learning methods. She received a bachelor’s degree in computing from the School of Computing, Mathematics & Engineering, Charles Sturt University, Australia, with Class A & received faculty awards for her outstanding performance. She received her master’s degree in applied physics—Electronics and Communication Engineering from Islamic University, Kushtia, Bangladesh. Her research interests include malware analysis and classification, ransomware, and machine-learning techniques, and she has published quite a few research papers in reputed journals.
----------
Looking forward to seeing you in this interesting session.
With kind regards
Rafiqul
You have been invited to a meeting by Rafiqul Islam
How to join the video conference:
Rafiqul Islam is inviting you to a scheduled Zoom meeting.
Join Zoom Meeting
https://charlessturt.zoom.us/j/3203002020?pwd=RjVvLzRRSmcwV1ZMS1NNTkxsQnZFQT09
Meeting ID: 320 300 2020
Passcode: 320300
One tap mobile
+61280156011,,3203002020# Australia
+61370182005,,3203002020# Australia
Dial by your location
+61 2 8015 6011 Australia
+61 3 7018 2005 Australia
+61 7 3185 3730 Australia
+61 8 6119 3900 Australia
+61 8 7150 1149 Australia
Meeting ID: 320 300 2020
Find your local number: https://charlessturt.zoom.us/u/eeqZVZfOrw
Join by SIP
[email protected]
Join by H.323
zmau.us
Meeting ID: 320 300 2020
Passcode: 320300
Join by Skype for Business
https://charlessturt.zoom.us/skype/3203002020
| Period | 18 Oct 2023 |
|---|---|
| Event type | Seminar |
| Location | Online, Australia, New South WalesShow on map |
| Degree of Recognition | Regional |