Asynchronous Peer-to-Peer Federated Capability-Based Targeted Ransomware Detection Model for Industrial IoT
Industrial Internet of Thing (IIoT) systems are considered attractive ransomware targets because they operate critical services that affect human lives and have substantial operational costs. The major concern is with brownfield IIoT systems since they have legacy edge systems that are not fully pre...
Guardado en:
| Autores principales: | , , |
|---|---|
| Formato: | article |
| Lenguaje: | EN |
| Publicado: |
IEEE
2021
|
| Materias: | |
| Acceso en línea: | https://doaj.org/article/b5658ba2736b4870bccb5aaf6ef33e42 |
| Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| id |
oai:doaj.org-article:b5658ba2736b4870bccb5aaf6ef33e42 |
|---|---|
| record_format |
dspace |
| spelling |
oai:doaj.org-article:b5658ba2736b4870bccb5aaf6ef33e422021-11-18T00:08:04ZAsynchronous Peer-to-Peer Federated Capability-Based Targeted Ransomware Detection Model for Industrial IoT2169-353610.1109/ACCESS.2021.3124634https://doaj.org/article/b5658ba2736b4870bccb5aaf6ef33e422021-01-01T00:00:00Zhttps://ieeexplore.ieee.org/document/9597509/https://doaj.org/toc/2169-3536Industrial Internet of Thing (IIoT) systems are considered attractive ransomware targets because they operate critical services that affect human lives and have substantial operational costs. The major concern is with brownfield IIoT systems since they have legacy edge systems that are not fully prepared to integrate with IoT technologies. Various existing security solutions can detect and mitigate such attacks but are often ineffective due to the heterogeneous and distributed nature of the IIoT systems and their interoperability demands. Consequently, developing new detection solutions is essential. Therefore, this paper proposes a novel targeted ransomware detection model tailored for IIoT edge systems. It uses Asynchronous Peer-to-Peer Federated Learning (AP2PFL) and Deep Learning (DL) techniques as a targeted ransomware detection algorithm. The proposed model consists of two modules: 1) Data Purifying Module (DPM) aims to refine and reconstruct a valuable and robust representation of data based on Contractive Denoising Auto-Encoder (CDAE), and 2) Diagnostic and Decision Module (DDM) is used to identify targeted ransomware and its stages based on Deep Neural Network (DNN) and Batch Normalization (BN). The main strengths of this proposed model include: 1) each edge gateway’s modules work cooperatively with its neighbors in an asynchronous manner and without a third party, 2) it deals with both homogeneous and heterogeneous data, and 3) it is robust against evasion attacks. An exhaustive set of experiments on three datasets prove the high effectiveness of the proposed model in detecting targeted ransomware (known and unknown attacks) in brownfield IIoT and the superiority over the state-of-the-art models.Muna Al-HawawrehElena SitnikovaNeda AboutorabIEEEarticleEdge systemIIoTfederated learningdetectiontargeted ransomwareElectrical engineering. Electronics. Nuclear engineeringTK1-9971ENIEEE Access, Vol 9, Pp 148738-148755 (2021) |
| institution |
DOAJ |
| collection |
DOAJ |
| language |
EN |
| topic |
Edge system IIoT federated learning detection targeted ransomware Electrical engineering. Electronics. Nuclear engineering TK1-9971 |
| spellingShingle |
Edge system IIoT federated learning detection targeted ransomware Electrical engineering. Electronics. Nuclear engineering TK1-9971 Muna Al-Hawawreh Elena Sitnikova Neda Aboutorab Asynchronous Peer-to-Peer Federated Capability-Based Targeted Ransomware Detection Model for Industrial IoT |
| description |
Industrial Internet of Thing (IIoT) systems are considered attractive ransomware targets because they operate critical services that affect human lives and have substantial operational costs. The major concern is with brownfield IIoT systems since they have legacy edge systems that are not fully prepared to integrate with IoT technologies. Various existing security solutions can detect and mitigate such attacks but are often ineffective due to the heterogeneous and distributed nature of the IIoT systems and their interoperability demands. Consequently, developing new detection solutions is essential. Therefore, this paper proposes a novel targeted ransomware detection model tailored for IIoT edge systems. It uses Asynchronous Peer-to-Peer Federated Learning (AP2PFL) and Deep Learning (DL) techniques as a targeted ransomware detection algorithm. The proposed model consists of two modules: 1) Data Purifying Module (DPM) aims to refine and reconstruct a valuable and robust representation of data based on Contractive Denoising Auto-Encoder (CDAE), and 2) Diagnostic and Decision Module (DDM) is used to identify targeted ransomware and its stages based on Deep Neural Network (DNN) and Batch Normalization (BN). The main strengths of this proposed model include: 1) each edge gateway’s modules work cooperatively with its neighbors in an asynchronous manner and without a third party, 2) it deals with both homogeneous and heterogeneous data, and 3) it is robust against evasion attacks. An exhaustive set of experiments on three datasets prove the high effectiveness of the proposed model in detecting targeted ransomware (known and unknown attacks) in brownfield IIoT and the superiority over the state-of-the-art models. |
| format |
article |
| author |
Muna Al-Hawawreh Elena Sitnikova Neda Aboutorab |
| author_facet |
Muna Al-Hawawreh Elena Sitnikova Neda Aboutorab |
| author_sort |
Muna Al-Hawawreh |
| title |
Asynchronous Peer-to-Peer Federated Capability-Based Targeted Ransomware Detection Model for Industrial IoT |
| title_short |
Asynchronous Peer-to-Peer Federated Capability-Based Targeted Ransomware Detection Model for Industrial IoT |
| title_full |
Asynchronous Peer-to-Peer Federated Capability-Based Targeted Ransomware Detection Model for Industrial IoT |
| title_fullStr |
Asynchronous Peer-to-Peer Federated Capability-Based Targeted Ransomware Detection Model for Industrial IoT |
| title_full_unstemmed |
Asynchronous Peer-to-Peer Federated Capability-Based Targeted Ransomware Detection Model for Industrial IoT |
| title_sort |
asynchronous peer-to-peer federated capability-based targeted ransomware detection model for industrial iot |
| publisher |
IEEE |
| publishDate |
2021 |
| url |
https://doaj.org/article/b5658ba2736b4870bccb5aaf6ef33e42 |
| work_keys_str_mv |
AT munaalhawawreh asynchronouspeertopeerfederatedcapabilitybasedtargetedransomwaredetectionmodelforindustrialiot AT elenasitnikova asynchronouspeertopeerfederatedcapabilitybasedtargetedransomwaredetectionmodelforindustrialiot AT nedaaboutorab asynchronouspeertopeerfederatedcapabilitybasedtargetedransomwaredetectionmodelforindustrialiot |
| _version_ |
1718425246686511104 |