Ransomware triage using deep learning

Twitter as a case study

V. Vinayakumar, Mamoun Alazab, Alireza Jolfaei, Soman Kp, Prabaharan Poornachandran

Research output: Chapter in Book/Report/Conference proceedingConference Paper published in ProceedingsResearchpeer-review

Abstract

The increasing number of cyberattacks in recent years has expedited development of innovative tools to quickly detect new threats. A recent approach to this problem is to analyze the content of online social networks to discover the rising of ransomware attacks. Twitter is a popular micro-blogging platform which allows millions of users to share their opinions on what happens all over the world. The subscribers can tweet messages of maximum 280 characters to share general information with URLs and hash tags. In this paper, we analysed 25 families of ransomware over a period of 7 years, from 2010 to 2017. We proposed a deep learning architecture to categorize ransomware tweets to their corresponding family. The proposed method can continuously monitor the online posts in social media data and thus is able to provide early warnings about ransomware spreads. This helps the incident management to better prioritize resources and procedures to mitigate the malicious activities. Tests have been performed to evaluate the performance of the proposed method and results show the effectiveness of our implementation.

Original languageEnglish
Title of host publicationProceedings - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages67-73
Number of pages7
ISBN (Electronic)9781728126005
DOIs
Publication statusPublished - 1 May 2019
Event2019 Cybersecurity and Cyberforensics Conference, CCC 2019 - Melbourne, Australia
Duration: 7 May 20198 May 2019

Publication series

NameProceedings - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019

Conference

Conference2019 Cybersecurity and Cyberforensics Conference, CCC 2019
CountryAustralia
CityMelbourne
Period7/05/198/05/19

Fingerprint

twitter
social media
learning
incident
social network
threat
management
resources
performance
Websites
Malware
Deep learning

Cite this

Vinayakumar, V., Alazab, M., Jolfaei, A., Kp, S., & Poornachandran, P. (2019). Ransomware triage using deep learning: Twitter as a case study. In Proceedings - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019 (pp. 67-73). [8854532] (Proceedings - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019). IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/CCC.2019.000-7
Vinayakumar, V. ; Alazab, Mamoun ; Jolfaei, Alireza ; Kp, Soman ; Poornachandran, Prabaharan. / Ransomware triage using deep learning : Twitter as a case study. Proceedings - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019. IEEE, Institute of Electrical and Electronics Engineers, 2019. pp. 67-73 (Proceedings - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019).
@inproceedings{bf864fa5db0f4cffb81ea557ee81e292,
title = "Ransomware triage using deep learning: Twitter as a case study",
abstract = "The increasing number of cyberattacks in recent years has expedited development of innovative tools to quickly detect new threats. A recent approach to this problem is to analyze the content of online social networks to discover the rising of ransomware attacks. Twitter is a popular micro-blogging platform which allows millions of users to share their opinions on what happens all over the world. The subscribers can tweet messages of maximum 280 characters to share general information with URLs and hash tags. In this paper, we analysed 25 families of ransomware over a period of 7 years, from 2010 to 2017. We proposed a deep learning architecture to categorize ransomware tweets to their corresponding family. The proposed method can continuously monitor the online posts in social media data and thus is able to provide early warnings about ransomware spreads. This helps the incident management to better prioritize resources and procedures to mitigate the malicious activities. Tests have been performed to evaluate the performance of the proposed method and results show the effectiveness of our implementation.",
keywords = "Cyber security, Deep learning, Ransomware, Triage, Twitter",
author = "V. Vinayakumar and Mamoun Alazab and Alireza Jolfaei and Soman Kp and Prabaharan Poornachandran",
year = "2019",
month = "5",
day = "1",
doi = "10.1109/CCC.2019.000-7",
language = "English",
series = "Proceedings - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019",
publisher = "IEEE, Institute of Electrical and Electronics Engineers",
pages = "67--73",
booktitle = "Proceedings - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019",
address = "United States",

}

Vinayakumar, V, Alazab, M, Jolfaei, A, Kp, S & Poornachandran, P 2019, Ransomware triage using deep learning: Twitter as a case study. in Proceedings - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019., 8854532, Proceedings - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019, IEEE, Institute of Electrical and Electronics Engineers, pp. 67-73, 2019 Cybersecurity and Cyberforensics Conference, CCC 2019, Melbourne, Australia, 7/05/19. https://doi.org/10.1109/CCC.2019.000-7

Ransomware triage using deep learning : Twitter as a case study. / Vinayakumar, V.; Alazab, Mamoun; Jolfaei, Alireza; Kp, Soman; Poornachandran, Prabaharan.

Proceedings - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019. IEEE, Institute of Electrical and Electronics Engineers, 2019. p. 67-73 8854532 (Proceedings - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019).

Research output: Chapter in Book/Report/Conference proceedingConference Paper published in ProceedingsResearchpeer-review

TY - GEN

T1 - Ransomware triage using deep learning

T2 - Twitter as a case study

AU - Vinayakumar, V.

AU - Alazab, Mamoun

AU - Jolfaei, Alireza

AU - Kp, Soman

AU - Poornachandran, Prabaharan

PY - 2019/5/1

Y1 - 2019/5/1

N2 - The increasing number of cyberattacks in recent years has expedited development of innovative tools to quickly detect new threats. A recent approach to this problem is to analyze the content of online social networks to discover the rising of ransomware attacks. Twitter is a popular micro-blogging platform which allows millions of users to share their opinions on what happens all over the world. The subscribers can tweet messages of maximum 280 characters to share general information with URLs and hash tags. In this paper, we analysed 25 families of ransomware over a period of 7 years, from 2010 to 2017. We proposed a deep learning architecture to categorize ransomware tweets to their corresponding family. The proposed method can continuously monitor the online posts in social media data and thus is able to provide early warnings about ransomware spreads. This helps the incident management to better prioritize resources and procedures to mitigate the malicious activities. Tests have been performed to evaluate the performance of the proposed method and results show the effectiveness of our implementation.

AB - The increasing number of cyberattacks in recent years has expedited development of innovative tools to quickly detect new threats. A recent approach to this problem is to analyze the content of online social networks to discover the rising of ransomware attacks. Twitter is a popular micro-blogging platform which allows millions of users to share their opinions on what happens all over the world. The subscribers can tweet messages of maximum 280 characters to share general information with URLs and hash tags. In this paper, we analysed 25 families of ransomware over a period of 7 years, from 2010 to 2017. We proposed a deep learning architecture to categorize ransomware tweets to their corresponding family. The proposed method can continuously monitor the online posts in social media data and thus is able to provide early warnings about ransomware spreads. This helps the incident management to better prioritize resources and procedures to mitigate the malicious activities. Tests have been performed to evaluate the performance of the proposed method and results show the effectiveness of our implementation.

KW - Cyber security

KW - Deep learning

KW - Ransomware

KW - Triage

KW - Twitter

UR - http://www.scopus.com/inward/record.url?scp=85073874471&partnerID=8YFLogxK

U2 - 10.1109/CCC.2019.000-7

DO - 10.1109/CCC.2019.000-7

M3 - Conference Paper published in Proceedings

T3 - Proceedings - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019

SP - 67

EP - 73

BT - Proceedings - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019

PB - IEEE, Institute of Electrical and Electronics Engineers

ER -

Vinayakumar V, Alazab M, Jolfaei A, Kp S, Poornachandran P. Ransomware triage using deep learning: Twitter as a case study. In Proceedings - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019. IEEE, Institute of Electrical and Electronics Engineers. 2019. p. 67-73. 8854532. (Proceedings - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019). https://doi.org/10.1109/CCC.2019.000-7