A comparative study of deep learning-based ransomware detection for industrial IoT
Deo Irankunda1, Khalid El Fazazy1, Tairi Hamid1 and Jamal Riffi1
Corresponding Author : Deo Irankunda
Recieved : 05-Aug-2024; Revised : 19-Feb-2025; Accepted : 22-Feb-2025
Abstract
Currently, internet usage plays a crucial role in industrial development, serving as a source of knowledge and a communication channel. Each year, industries increasingly integrate digital capabilities into their daily operations. The internet of things (IoT) is an emerging technology that offers numerous advantages, including enhanced industrial processes, increased efficiency, and improved visibility. However, it also expands the attack surface for cyber-physical threats. Ransomware attacks are among the most severe malware threats in the industrial internet of things (IIoT), primarily focusing on encrypting files and restricting access to critical industrial systems. Victims often face the obligation of paying a ransom to regain access. Detecting malware and intrusions in IIoT environments requires advanced techniques, including artificial intelligence tools, to identify malicious activities and unauthorized access. This study employs a descriptive comparison method to analyze the structure, advantages, and limitations of deep learning models, including generative adversarial networks (GANs), autoencoders (AE), long short-term memory (LSTM), bidirectional long short-term memory (Bi-LSTM), and convolutional neural networks (CNNs). Additionally, opcode sequences are combined with high-order n-grams to enhance ransomware detection accuracy. This system extracts opcodes from executable files and analyzes their patterns to identify malicious code. Furthermore, a prescriptive analysis of each model’s hyperparameters is performed, and their performance is evaluated using ransomware portable executable (PE) header features and the IoT-23 dataset. The TensorFlow framework is utilized to capture temporal dependencies and mitigate vanishing gradient issues. The results demonstrate the superior performance of the LSTM and CNN models, achieving an accuracy of 96.98%, a precision of 97.10%, a recall of 97.00%, and an F1-score of 96.98%.
Keywords
Ransomware detection, Industrial internet of things (IIoT), Deep learning models, Malware analysis, Opcode sequences, Cybersecurity in IIoT.
References
[1] Malik PK, Sharma R, Singh R, Gehlot A, Satapathy SC, Alnumay WS, et al. Industrial internet of things and its applications in industry 4.0: state of the art. Computer Communications. 2021; 166:125-39.
[2] Peter O, Pradhan A, Mbohwa C. Industrial internet of things (IIoT): opportunities, challenges, and requirements in manufacturing businesses in emerging economies. Procedia Computer Science. 2023; 217:856-65.
[3] Jhanjhi NZ, Humayun M, Almuayqil SN. Cyber security and privacy issues in industrial internet of things. Computer Systems Science & Engineering. 2021; 37(3):361-80.
[4] Humayun M, Jhanjhi NZ, Alsayat A, Ponnusamy V. Internet of things and ransomware: evolution, mitigation and prevention. Egyptian Informatics Journal. 2021; 22(1):105-17.
[5] Alraizza A, Algarni A. Ransomware detection using machine learning: a survey. Big Data and Cognitive Computing. 2023; 7(3):1-24.
[6] Jose J, Jose DV, Rao KS, Janz J. Impact of machine learning algorithms in intrusion detection systems for internet of things. In international conference on advances in computing and communications 2021 (pp. 1-6). IEEE.
[7] https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-250-billion-usd-by-2031/. Accessed 25 January 2025.
[8] Kalnoor G, Gowrishankar S. Markov decision process based model for performance analysis an intrusion detection system in IOT networks. Journal of Telecommunications and Information Technology. 2021; (3):42-9.
[9] Nabi AU, Ahmed M, Abro A. An overview of firewall types, technologies, and functionalities. International Journal of Computing and Related Technologies. 2022; 3(1):10-6.
[10] Al-hawawreh M, Alazab M, Ferrag MA, Hossain MS. Securing the industrial internet of things against ransomware attacks: a comprehensive analysis of the emerging threat landscape and detection mechanisms. Journal of Network and Computer Applications. 2024; 223:103809.
[11] Khalil RA, Saeed N, Masood M, Fard YM, Alouini MS, Al-naffouri TY. Deep learning in the industrial internet of things: potentials, challenges, and emerging applications. IEEE Internet of Things Journal. 2021; 8(14):11016-40.
[12] Demertzi V, Demertzis S, Demertzis K. An overview of privacy dimensions on the industrial Internet of Things (IIoT). Algorithms. 2023; 16(8):1-32.
[13] Muñoz DC, Valiente AD. A novel botnet attack detection for IoT networks based on communication graphs. Cybersecurity. 2023; 6(1):1-17.
[14] Serror M, Hack S, Henze M, Schuba M, Wehrle K. Challenges and opportunities in securing the industrial internet of things. IEEE Transactions on Industrial Informatics. 2020; 17(5):2985-96.
[15] https://www.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_WannaCry_Ransomware_S508C.pdf. Accessed 25 January 2025.
[16] Gerodimos A, Maglaras L, Ferrag MA, Ayres N, Kantzavelou I. IoT: communication protocols and security threats. Internet of Things and Cyber-Physical Systems. 2023; 3:1-13.
[17] Jaloudi S. Communication protocols of an industrial internet of things environment: a comparative study. Future Internet. 2019; 11(3):1-18.
[18] Younan M, Houssein EH, Elhoseny M, Ali AA. Challenges and recommended technologies for the industrial internet of things: a comprehensive review. Measurement. 2020; 151:107198.
[19] Chalapathi GS, Chamola V, Vaish A, Buyya R. Industrial internet of things (IIoT) applications of edge and fog computing: a review and future directions. Fog/edge Computing for Security, Privacy, and Applications. 2021: 293-325.
[20] Vehabovic A, Ghani N, Bou-harb E, Crichigno J, Yayimli A. Ransomware detection and classification strategies. In international black sea conference on communications and networking (BlackSeaCom) 2022 (pp. 316-24). IEEE.
[21] Benaddi H, Jouhari M, Ibrahimi K, Ben OJ, Amhoud EM. Anomaly detection in industrial IoT using distributional reinforcement learning and generative adversarial networks. Sensors. 2022; 22(21):1-18.
[22] Andrade ED, Viterbo J, Vasconcelos CN, Guérin J, Bernardini FC. A model based on LSTM neural networks to identify five different types of malware. Procedia Computer Science. 2019; 159:182-91.
[23] Zahoora U, Khan A, Rajarajan M, Khan SH, Asam M, Jamal T. Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive pareto ensemble classifier. Scientific Reports. 2022; 12(1):1-15.
[24] Khan F, Ncube C, Ramasamy LK, Kadry S, Nam Y. A digital DNA sequencing engine for ransomware detection using machine learning. IEEE Access. 2020; 8:119710-9.
[25] Riaz S, Latif S, Usman SM, Ullah SS, Algarni AD, Yasin A, et al. Malware detection in internet of things (IoT) devices using deep learning. Sensors. 2022; 22(23):1-22.
[26] Khan SH, Alahmadi TJ, Ullah W, Iqbal J, Rahim A, Alkahtani HK, et al. A new deep boosted CNN and ensemble learning based IoT malware detection. Computers & Security. 2023; 133:1-14.
[27] Pavithra J, Selvakumara SS. A comparative study on detection of malware and benign on the internet using machine learning classifiers. Mathematical Problems in Engineering. 2022; 2022(1):1-8.
[28] Saran N, Kesswani N. A comparative study of supervised machine learning classifiers for intrusion detection in internet of things. Procedia Computer Science. 2023; 218:2049-57.
[29] Barros PH, Chagas ET, Oliveira LB, Queiroz F, Ramos HS. Malware‐SMELL: a zero‐shot learning strategy for detecting zero‐day vulnerabilities. Computers & Security. 2022; 120:102785.
[30] Khalid AH, Mahmood K, Khalid M, Othman M, Al DM, Osman AE, et al. Optimal graph convolutional neural network-based ransomware detection for cybersecurity in IoT environment. Applied Sciences. 2023; 13(8):1-17.
[31] Torabi H, Mirtaheri SL, Greco S. Practical autoencoder based anomaly detection by using vector reconstruction error. Cybersecurity. 2023; 6(1):1-13.
[32] Moreira CC, Moreira DC, De SJCD. Improving ransomware detection based on portable executable header using xception convolutional neural network. Computers & Security. 2023; 130:103265.
[33] Nkongolo MN, Tokmak M. Ransomware detection using stacked autoencoder for feature selection. Indonesian Journal of Electrical Engineering and Informatics. 2024; 12(1):142-70.
[34] Cen M, Deng X, Jiang F, Doss R. Zero-ran sniff: a zero-day ransomware early detection method based on zero-shot learning. Computers & Security. 2024; 142:1-14.
[35] Bennmarker G. Exploring GANs to generate attack-variations in IoT networks. Thesis, Uppsala University. 2023.
[36] Kc B, Sapkota S, Adhikari A. Generative adversarial networks in anomaly detection and malware detection: a comprehensive survey. Advances in Artificial Intelligence Research. 2024; 4(1):18-35.
[37] Alqahtani H, Kavakli-thorne M, Kumar G. Applications of generative adversarial networks (GANs): an updated review. Archives of Computational Methods in Engineering. 2021; 28:525-52.
[38] Goodfellow I, Pouget-abadie J, Mirza M, Xu B, Warde-farley D, Ozair S, et al. Generative adversarial networks. Communications of the ACM. 2020; 63(11):139-44.
[39] Pinaya WH, Vieira S, Garcia-dias R, Mechelli A. Autoencoders. In machine learning 2020 (pp. 193-208). Academic Press.
[40] Maniath S, Ashok A, Poornachandran P, Sujadevi VG, AU PS, Jan S. Deep learning LSTM based ransomware detection. In recent developments in control, automation & power engineering 2017 (pp. 442-6). IEEE.
[41] Kumar A, Bhatia A, Kashyap A, Kumar M. LSTM network: a deep learning approach and applications. In advanced applications of NLP and deep learning in social media data 2023 (pp. 130-50). IGI Global.
[42] Altunay HC, Albayrak Z. A hybrid CNN+ LSTM-based intrusion detection system for industrial IoT networks. Engineering Science and Technology, an International Journal. 2023 1; 38:1-13.
[43] Aslan Ö, Yilmaz AA. A new malware classification framework based on deep learning algorithms. IEEE Access. 2021; 9:87936-51.
[44] Avci C, Tekinerdogan B, Catal C. Analyzing the performance of long short‐term memory architectures for malware detection models. Concurrency and Computation: Practice and Experience. 2023; 35(6):1-15.
[45] Roy KC, Chen Q. Deepran: attention-based bilstm and CRF for ransomware early detection and classification. Information Systems Frontiers. 2021; 23:299-315.
[46] Alassafi MO, Hasan SH, Badri S, Hasan SH. Optimized Bi-LSTM: a novel approach for attack detection in industrial IoT. Signal, Image and Video Processing. 2024; 18(5):4903-13.
[47] Vakalopoulou M, Christodoulidis S, Burgos N, Colliot O, Lepetit V. Deep learning: basics and convolutional neural networks (CNNs). Machine Learning for Brain Disorders. 2023: 77-115.
[48] Liu C, Cheng F. A survey of image classification algorithms based on graph neural networks. In 3D imaging technologies-multi-dimensional signal processing and deep learning: mathematical approaches and applications, 2021 (pp. 203-12). Springer Singapore.
[49] Ajit A, Acharya K, Samanta A. A review of convolutional neural networks. In international conference on emerging trends in information technology and engineering (ic-ETITE) 2020 (pp. 1-5). IEEE.
[50] Alzubaidi L, Zhang J, Humaidi AJ, Al-dujaili A, Duan Y, Al-shamma O, et al. Review of deep learning: concepts, CNN architectures, challenges, applications, future directions. Journal of Big Data. 2021; 8:1-74.
[51] Rezaei T, Manavi F, Hamzeh A. A PE header-based method for malware detection using clustering and deep embedding techniques. Journal of Information Security and Applications. 2021; 60:102876.