Realtime ransomware process detection using an advanced hybrid approach with machine learning within IoT ecosystems

Realtime ransomware process detection using an advanced hybrid approach with machine learning within IoT ecosystems

Cybersecurity faces significant challenges from malicious attacks, malware, and ransomware variants, posing serious threats to computer systems, infrastructure, data centers, web and mobile applications across diverse sectors. Conventional anti-ransomware systems struggle to keep pace with evolving...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Engineering Research Express 2025-03, Vol.7 (1), p.15211
Hauptverfasser: El Hariri, Ayyoub, Mouiti, Mohammed, Lazaar, Mohamed
Format: Artikel
Sprache:eng
Schlagworte:
data augmentation for malware detection
entropy and frequency analysis
machine learning in cybersecurity
malware detection
ransomware detection
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue 1
container_start_page 15211
container_title Engineering Research Express
container_volume 7
creator El Hariri, Ayyoub
Mouiti, Mohammed
Lazaar, Mohamed
description Cybersecurity faces significant challenges from malicious attacks, malware, and ransomware variants, posing serious threats to computer systems, infrastructure, data centers, web and mobile applications across diverse sectors. Conventional anti-ransomware systems struggle to keep pace with evolving sophisticated threats. Therefore, advanced methodologies, including both traditional and artificial intelligence based approaches, are becoming increasingly crucial in developing innovative ransomware countermeasures. This study presents a novel hybrid detection framework for ransomware, combining entropy and frequency analysis with various machine learning algorithms, including Multi-Layer Perceptron MLP, Decision Trees DT, Random Forests RF, K-Nearest Neighbor KNN, and Logistic Regression LR. We evaluate the classification performance of these models using a specialized ransomware dataset. Our approach also incorporates data augmentation techniques to enhance the detection capabilities, generating synthetic data based on the original ransomware samples. Our experiments demonstrate that the DT and RF classifiers significantly outperform other methods in terms of accuracy, F1-score, and precision. Specifically, the DT classifier achieved an accuracy of 98.89%, an F1-score of 98.81%, and a precision of 98.90%, while the RF classifier achieved an accuracy of 98.78%, an F1-score of 98.23%, and a precision of 98.99%. The integration of data augmentation further boosted the model’s performance, resulting in substantial improvements across all metrics.
doi_str_mv 10.1088/2631-8695/ada3b3
format Article
fullrecord <record><control><sourceid>iop_cross</sourceid><recordid>TN_cdi_iop_journals_10_1088_2631_8695_ada3b3</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>erxada3b3</sourcerecordid><originalsourceid>FETCH-LOGICAL-c109f-6f0b377745955caaea80d384a90493d9a36a9f130a942de16657c90375fd4b8f3</originalsourceid><addsrcrecordid>eNp1kM1LAzEUxIMoWLR3jzl5cm3S7CaboxQ_CgVB6jm8Td7aSDe7JFtr_3t3qYgHPb1hmBkeP0KuOLvlrCxncyl4VkpdzMCBqMQJmfxYp7_0OZmm5CuWS8ml4mpC0gvCtvcN0gghtc0eItIuthZTog57tL1vA90lH94oBAruA4JFRzeHKnpHoRvCYDd07_sNbQblA9ItQgxjY3R9oMt2TdG26ZB6bNIlOathm3D6fS_I68P9evGUrZ4fl4u7VWY503Uma1YJpVRe6KKwAAglc6LMQbNcC6dBSNA1Fwx0PnfIpSyU1UyoonZ5VdbigrDjro1tShFr00XfQDwYzszIzYxgzAjGHLkNletjxbedeW93MQwPGoyfRhluGC_mnJvOjds3fwT_3f0C6M9-gg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Realtime ransomware process detection using an advanced hybrid approach with machine learning within IoT ecosystems</title><source>Institute of Physics Journals</source><source>EZB-FREE-00999 freely available EZB journals</source><creator>El Hariri, Ayyoub ; Mouiti, Mohammed ; Lazaar, Mohamed</creator><creatorcontrib>El Hariri, Ayyoub ; Mouiti, Mohammed ; Lazaar, Mohamed</creatorcontrib><description>Cybersecurity faces significant challenges from malicious attacks, malware, and ransomware variants, posing serious threats to computer systems, infrastructure, data centers, web and mobile applications across diverse sectors. Conventional anti-ransomware systems struggle to keep pace with evolving sophisticated threats. Therefore, advanced methodologies, including both traditional and artificial intelligence based approaches, are becoming increasingly crucial in developing innovative ransomware countermeasures. This study presents a novel hybrid detection framework for ransomware, combining entropy and frequency analysis with various machine learning algorithms, including Multi-Layer Perceptron MLP, Decision Trees DT, Random Forests RF, K-Nearest Neighbor KNN, and Logistic Regression LR. We evaluate the classification performance of these models using a specialized ransomware dataset. Our approach also incorporates data augmentation techniques to enhance the detection capabilities, generating synthetic data based on the original ransomware samples. Our experiments demonstrate that the DT and RF classifiers significantly outperform other methods in terms of accuracy, F1-score, and precision. Specifically, the DT classifier achieved an accuracy of 98.89%, an F1-score of 98.81%, and a precision of 98.90%, while the RF classifier achieved an accuracy of 98.78%, an F1-score of 98.23%, and a precision of 98.99%. The integration of data augmentation further boosted the model’s performance, resulting in substantial improvements across all metrics.</description><identifier>ISSN: 2631-8695</identifier><identifier>EISSN: 2631-8695</identifier><identifier>DOI: 10.1088/2631-8695/ada3b3</identifier><identifier>CODEN: ERENBL</identifier><language>eng</language><publisher>IOP Publishing</publisher><subject>data augmentation for malware detection ; entropy and frequency analysis ; machine learning in cybersecurity ; malware detection ; ransomware detection</subject><ispartof>Engineering Research Express, 2025-03, Vol.7 (1), p.15211</ispartof><rights>2025 IOP Publishing Ltd. All rights, including for text and data mining, AI training, and similar technologies, are reserved.</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c109f-6f0b377745955caaea80d384a90493d9a36a9f130a942de16657c90375fd4b8f3</cites><orcidid>0009-0008-8523-4653 ; 0009-0007-4244-0644</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://iopscience.iop.org/article/10.1088/2631-8695/ada3b3/pdf$$EPDF$$P50$$Giop$$Hfree_for_read</linktopdf><link.rule.ids>314,776,780,27901,27902,53821</link.rule.ids></links><search><creatorcontrib>El Hariri, Ayyoub</creatorcontrib><creatorcontrib>Mouiti, Mohammed</creatorcontrib><creatorcontrib>Lazaar, Mohamed</creatorcontrib><title>Realtime ransomware process detection using an advanced hybrid approach with machine learning within IoT ecosystems</title><title>Engineering Research Express</title><addtitle>ERX</addtitle><addtitle>Eng. Res. Express</addtitle><description>Cybersecurity faces significant challenges from malicious attacks, malware, and ransomware variants, posing serious threats to computer systems, infrastructure, data centers, web and mobile applications across diverse sectors. Conventional anti-ransomware systems struggle to keep pace with evolving sophisticated threats. Therefore, advanced methodologies, including both traditional and artificial intelligence based approaches, are becoming increasingly crucial in developing innovative ransomware countermeasures. This study presents a novel hybrid detection framework for ransomware, combining entropy and frequency analysis with various machine learning algorithms, including Multi-Layer Perceptron MLP, Decision Trees DT, Random Forests RF, K-Nearest Neighbor KNN, and Logistic Regression LR. We evaluate the classification performance of these models using a specialized ransomware dataset. Our approach also incorporates data augmentation techniques to enhance the detection capabilities, generating synthetic data based on the original ransomware samples. Our experiments demonstrate that the DT and RF classifiers significantly outperform other methods in terms of accuracy, F1-score, and precision. Specifically, the DT classifier achieved an accuracy of 98.89%, an F1-score of 98.81%, and a precision of 98.90%, while the RF classifier achieved an accuracy of 98.78%, an F1-score of 98.23%, and a precision of 98.99%. The integration of data augmentation further boosted the model’s performance, resulting in substantial improvements across all metrics.</description><subject>data augmentation for malware detection</subject><subject>entropy and frequency analysis</subject><subject>machine learning in cybersecurity</subject><subject>malware detection</subject><subject>ransomware detection</subject><issn>2631-8695</issn><issn>2631-8695</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2025</creationdate><recordtype>article</recordtype><sourceid>O3W</sourceid><recordid>eNp1kM1LAzEUxIMoWLR3jzl5cm3S7CaboxQ_CgVB6jm8Td7aSDe7JFtr_3t3qYgHPb1hmBkeP0KuOLvlrCxncyl4VkpdzMCBqMQJmfxYp7_0OZmm5CuWS8ml4mpC0gvCtvcN0gghtc0eItIuthZTog57tL1vA90lH94oBAruA4JFRzeHKnpHoRvCYDd07_sNbQblA9ItQgxjY3R9oMt2TdG26ZB6bNIlOathm3D6fS_I68P9evGUrZ4fl4u7VWY503Uma1YJpVRe6KKwAAglc6LMQbNcC6dBSNA1Fwx0PnfIpSyU1UyoonZ5VdbigrDjro1tShFr00XfQDwYzszIzYxgzAjGHLkNletjxbedeW93MQwPGoyfRhluGC_mnJvOjds3fwT_3f0C6M9-gg</recordid><startdate>20250331</startdate><enddate>20250331</enddate><creator>El Hariri, Ayyoub</creator><creator>Mouiti, Mohammed</creator><creator>Lazaar, Mohamed</creator><general>IOP Publishing</general><scope>O3W</scope><scope>TSCCA</scope><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0009-0008-8523-4653</orcidid><orcidid>https://orcid.org/0009-0007-4244-0644</orcidid></search><sort><creationdate>20250331</creationdate><title>Realtime ransomware process detection using an advanced hybrid approach with machine learning within IoT ecosystems</title><author>El Hariri, Ayyoub ; Mouiti, Mohammed ; Lazaar, Mohamed</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c109f-6f0b377745955caaea80d384a90493d9a36a9f130a942de16657c90375fd4b8f3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2025</creationdate><topic>data augmentation for malware detection</topic><topic>entropy and frequency analysis</topic><topic>machine learning in cybersecurity</topic><topic>malware detection</topic><topic>ransomware detection</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>El Hariri, Ayyoub</creatorcontrib><creatorcontrib>Mouiti, Mohammed</creatorcontrib><creatorcontrib>Lazaar, Mohamed</creatorcontrib><collection>IOP Publishing Free Content</collection><collection>IOPscience (Open Access)</collection><collection>CrossRef</collection><jtitle>Engineering Research Express</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>El Hariri, Ayyoub</au><au>Mouiti, Mohammed</au><au>Lazaar, Mohamed</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Realtime ransomware process detection using an advanced hybrid approach with machine learning within IoT ecosystems</atitle><jtitle>Engineering Research Express</jtitle><stitle>ERX</stitle><addtitle>Eng. Res. Express</addtitle><date>2025-03-31</date><risdate>2025</risdate><volume>7</volume><issue>1</issue><spage>15211</spage><pages>15211-</pages><issn>2631-8695</issn><eissn>2631-8695</eissn><coden>ERENBL</coden><abstract>Cybersecurity faces significant challenges from malicious attacks, malware, and ransomware variants, posing serious threats to computer systems, infrastructure, data centers, web and mobile applications across diverse sectors. Conventional anti-ransomware systems struggle to keep pace with evolving sophisticated threats. Therefore, advanced methodologies, including both traditional and artificial intelligence based approaches, are becoming increasingly crucial in developing innovative ransomware countermeasures. This study presents a novel hybrid detection framework for ransomware, combining entropy and frequency analysis with various machine learning algorithms, including Multi-Layer Perceptron MLP, Decision Trees DT, Random Forests RF, K-Nearest Neighbor KNN, and Logistic Regression LR. We evaluate the classification performance of these models using a specialized ransomware dataset. Our approach also incorporates data augmentation techniques to enhance the detection capabilities, generating synthetic data based on the original ransomware samples. Our experiments demonstrate that the DT and RF classifiers significantly outperform other methods in terms of accuracy, F1-score, and precision. Specifically, the DT classifier achieved an accuracy of 98.89%, an F1-score of 98.81%, and a precision of 98.90%, while the RF classifier achieved an accuracy of 98.78%, an F1-score of 98.23%, and a precision of 98.99%. The integration of data augmentation further boosted the model’s performance, resulting in substantial improvements across all metrics.</abstract><pub>IOP Publishing</pub><doi>10.1088/2631-8695/ada3b3</doi><tpages>24</tpages><orcidid>https://orcid.org/0009-0008-8523-4653</orcidid><orcidid>https://orcid.org/0009-0007-4244-0644</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2631-8695
ispartof Engineering Research Express, 2025-03, Vol.7 (1), p.15211
issn 2631-8695
2631-8695
language eng
recordid cdi_iop_journals_10_1088_2631_8695_ada3b3
source Institute of Physics Journals; EZB-FREE-00999 freely available EZB journals
subjects data augmentation for malware detection
entropy and frequency analysis
machine learning in cybersecurity
malware detection
ransomware detection
title Realtime ransomware process detection using an advanced hybrid approach with machine learning within IoT ecosystems
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-28T23%3A01%3A39IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-iop_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Realtime%20ransomware%20process%20detection%20using%20an%20advanced%20hybrid%20approach%20with%20machine%20learning%20within%20IoT%20ecosystems&rft.jtitle=Engineering%20Research%20Express&rft.au=El%20Hariri,%20Ayyoub&rft.date=2025-03-31&rft.volume=7&rft.issue=1&rft.spage=15211&rft.pages=15211-&rft.issn=2631-8695&rft.eissn=2631-8695&rft.coden=ERENBL&rft_id=info:doi/10.1088/2631-8695/ada3b3&rft_dat=%3Ciop_cross%3Eerxada3b3%3C/iop_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true