International Journal of Advanced Technology and Engineering Exploration ISSN (Print): 2394-5443    ISSN (Online): 2394-7454 Volume-12 Issue-124 March-2025
  1. 4774
    Citations
  2. 2.8
    CiteScore
A comparative study of deep learning-based ransomware detection for industrial IoT

Deo Irankunda1, Khalid El Fazazy1, Tairi Hamid1 and Jamal Riffi1

Department of Computer Science,Faculty of Science Dhar El Mahraz, University of Sidi Mohamed Ben Abdellah of Fes,Morocco1
Corresponding Author : Deo Irankunda

Recieved : 05-August-2024; Revised : 19-February-2025; Accepted : 22-February-2025

Abstract

Currently, internet usage plays a crucial role in industrial development, serving as a source of knowledge and a communication channel. Each year, industries increasingly integrate digital capabilities into their daily operations. The internet of things (IoT) is an emerging technology that offers numerous advantages, including enhanced industrial processes, increased efficiency, and improved visibility. However, it also expands the attack surface for cyber-physical threats. Ransomware attacks are among the most severe malware threats in the industrial internet of things (IIoT), primarily focusing on encrypting files and restricting access to critical industrial systems. Victims often face the obligation of paying a ransom to regain access. Detecting malware and intrusions in IIoT environments requires advanced techniques, including artificial intelligence tools, to identify malicious activities and unauthorized access. This study employs a descriptive comparison method to analyze the structure, advantages, and limitations of deep learning models, including generative adversarial networks (GANs), autoencoders (AE), long short-term memory (LSTM), bidirectional long short-term memory (Bi-LSTM), and convolutional neural networks (CNNs). Additionally, opcode sequences are combined with high-order n-grams to enhance ransomware detection accuracy. This system extracts opcodes from executable files and analyzes their patterns to identify malicious code. Furthermore, a prescriptive analysis of each model’s hyperparameters is performed, and their performance is evaluated using ransomware portable executable (PE) header features and the IoT-23 dataset. The TensorFlow framework is utilized to capture temporal dependencies and mitigate vanishing gradient issues. The results demonstrate the superior performance of the LSTM and CNN models, achieving an accuracy of 96.98%, a precision of 97.10%, a recall of 97.00%, and an F1-score of 96.98%.

Keywords

Ransomware detection, Industrial internet of things (IIoT), Deep learning models, Malware analysis, Opcode sequences, Cybersecurity in IIoT.

Cite this article

Irankunda D, Fazazy KE, Hamid T, Riffi J. A comparative study of deep learning-based ransomware detection for industrial IoT. International Journal of Advanced Technology and Engineering Exploration. 2025;12(124):450-466. DOI : 10.19101/IJATEE.2024.111101413

References
[1]
Malik PK, Sharma R, Singh R, Gehlot A, Satapathy SC, Alnumay WS, et al. Industrial internet of things and its applications in industry 4.0: state of the art. Computer Communications. 2021; 166:125-39.
[Crossref] [Google Scholar]
[2]
Peter O, Pradhan A, Mbohwa C. Industrial internet of things (IIoT): opportunities, challenges, and requirements in manufacturing businesses in emerging economies. Procedia Computer Science. 2023; 217:856-65.
[Crossref] [Google Scholar]
[3]
Jhanjhi NZ, Humayun M, Almuayqil SN. Cyber security and privacy issues in industrial internet of things. Computer Systems Science & Engineering. 2021; 37(3):361-80.
[Crossref] [Google Scholar]
[4]
Humayun M, Jhanjhi NZ, Alsayat A, Ponnusamy V. Internet of things and ransomware: evolution, mitigation and prevention. Egyptian Informatics Journal. 2021; 22(1):105-17.
[Crossref] [Google Scholar]
[5]
Alraizza A, Algarni A. Ransomware detection using machine learning: a survey. Big Data and Cognitive Computing. 2023; 7(3):1-24.
[Crossref] [Google Scholar]
[6]
Jose J, Jose DV, Rao KS, Janz J. Impact of machine learning algorithms in intrusion detection systems for internet of things. In international conference on advances in computing and communications 2021 (pp. 1-6). IEEE.
[Crossref] [Google Scholar]
[7]
https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-250-billion-usd-by-2031/. Accessed 25 January 2025.
[8]
Kalnoor G, Gowrishankar S. Markov decision process based model for performance analysis an intrusion detection system in IOT networks. Journal of Telecommunications and Information Technology. 2021; (3):42-9.
[Crossref] [Google Scholar]
[9]
Nabi AU, Ahmed M, Abro A. An overview of firewall types, technologies, and functionalities. International Journal of Computing and Related Technologies. 2022; 3(1):10-6.
[Google Scholar]
[10]
Al-hawawreh M, Alazab M, Ferrag MA, Hossain MS. Securing the industrial internet of things against ransomware attacks: a comprehensive analysis of the emerging threat landscape and detection mechanisms. Journal of Network and Computer Applications. 2024; 223:103809.
[Crossref] [Google Scholar]
[11]
Khalil RA, Saeed N, Masood M, Fard YM, Alouini MS, Al-naffouri TY. Deep learning in the industrial internet of things: potentials, challenges, and emerging applications. IEEE Internet of Things Journal. 2021; 8(14):11016-40.
[Crossref] [Google Scholar]
[12]
Demertzi V, Demertzis S, Demertzis K. An overview of privacy dimensions on the industrial Internet of Things (IIoT). Algorithms. 2023; 16(8):1-32.
[Crossref] [Google Scholar]
[13]
Muñoz DC, Valiente AD. A novel botnet attack detection for IoT networks based on communication graphs. Cybersecurity. 2023; 6(1):1-17.
[Crossref] [Google Scholar]
[14]
Serror M, Hack S, Henze M, Schuba M, Wehrle K. Challenges and opportunities in securing the industrial internet of things. IEEE Transactions on Industrial Informatics. 2020; 17(5):2985-96.
[Crossref] [Google Scholar]
[15]
https://www.cisa.gov/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_WannaCry_Ransomware_S508C.pdf. Accessed 25 January 2025.
[16]
Gerodimos A, Maglaras L, Ferrag MA, Ayres N, Kantzavelou I. IoT: communication protocols and security threats. Internet of Things and Cyber-Physical Systems. 2023; 3:1-13.
[Crossref] [Google Scholar]
[17]
Jaloudi S. Communication protocols of an industrial internet of things environment: a comparative study. Future Internet. 2019; 11(3):1-18.
[Crossref] [Google Scholar]
[18]
Younan M, Houssein EH, Elhoseny M, Ali AA. Challenges and recommended technologies for the industrial internet of things: a comprehensive review. Measurement. 2020; 151:107198.
[Crossref] [Google Scholar]
[19]
Chalapathi GS, Chamola V, Vaish A, Buyya R. Industrial internet of things (IIoT) applications of edge and fog computing: a review and future directions. Fog/edge Computing for Security, Privacy, and Applications. 2021: 293-325.
[Crossref] [Google Scholar]
[20]
Vehabovic A, Ghani N, Bou-harb E, Crichigno J, Yayimli A. Ransomware detection and classification strategies. In international black sea conference on communications and networking (BlackSeaCom) 2022 (pp. 316-24). IEEE.
[Crossref] [Google Scholar]
[21]
Benaddi H, Jouhari M, Ibrahimi K, Ben OJ, Amhoud EM. Anomaly detection in industrial IoT using distributional reinforcement learning and generative adversarial networks. Sensors. 2022; 22(21):1-18.
[Crossref] [Google Scholar]
[22]
Andrade ED, Viterbo J, Vasconcelos CN, Guérin J, Bernardini FC. A model based on LSTM neural networks to identify five different types of malware. Procedia Computer Science. 2019; 159:182-91.
[Crossref] [Google Scholar]
[23]
Zahoora U, Khan A, Rajarajan M, Khan SH, Asam M, Jamal T. Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive pareto ensemble classifier. Scientific Reports. 2022; 12(1):1-15.
[Crossref] [Google Scholar]
[24]
Khan F, Ncube C, Ramasamy LK, Kadry S, Nam Y. A digital DNA sequencing engine for ransomware detection using machine learning. IEEE Access. 2020; 8:119710-9.
[Crossref] [Google Scholar]
[25]
Riaz S, Latif S, Usman SM, Ullah SS, Algarni AD, Yasin A, et al. Malware detection in internet of things (IoT) devices using deep learning. Sensors. 2022; 22(23):1-22.
[Crossref] [Google Scholar]
[26]
Khan SH, Alahmadi TJ, Ullah W, Iqbal J, Rahim A, Alkahtani HK, et al. A new deep boosted CNN and ensemble learning based IoT malware detection. Computers & Security. 2023; 133:1-14.
[Crossref] [Google Scholar]
[27]
Pavithra J, Selvakumara SS. A comparative study on detection of malware and benign on the internet using machine learning classifiers. Mathematical Problems in Engineering. 2022; 2022(1):1-8.
[Crossref] [Google Scholar]
[28]
Saran N, Kesswani N. A comparative study of supervised machine learning classifiers for intrusion detection in internet of things. Procedia Computer Science. 2023; 218:2049-57.
[Crossref] [Google Scholar]
[29]
Barros PH, Chagas ET, Oliveira LB, Queiroz F, Ramos HS. Malware‐SMELL: a zero‐shot learning strategy for detecting zero‐day vulnerabilities. Computers & Security. 2022; 120:102785.
[Crossref] [Google Scholar]
[30]
Khalid AH, Mahmood K, Khalid M, Othman M, Al DM, Osman AE, et al. Optimal graph convolutional neural network-based ransomware detection for cybersecurity in IoT environment. Applied Sciences. 2023; 13(8):1-17.
[Crossref] [Google Scholar]
[31]
Torabi H, Mirtaheri SL, Greco S. Practical autoencoder based anomaly detection by using vector reconstruction error. Cybersecurity. 2023; 6(1):1-13.
[Crossref] [Google Scholar]
[32]
Moreira CC, Moreira DC, De SJCD. Improving ransomware detection based on portable executable header using xception convolutional neural network. Computers & Security. 2023; 130:103265.
[Crossref] [Google Scholar]
[33]
Nkongolo MN, Tokmak M. Ransomware detection using stacked autoencoder for feature selection. Indonesian Journal of Electrical Engineering and Informatics. 2024; 12(1):142-70.
[Crossref] [Google Scholar]
[34]
Cen M, Deng X, Jiang F, Doss R. Zero-ran sniff: a zero-day ransomware early detection method based on zero-shot learning. Computers & Security. 2024; 142:1-14.
[Crossref] [Google Scholar]
[35]
Bennmarker G. Exploring GANs to generate attack-variations in IoT networks. Thesis, Uppsala University. 2023.
[Google Scholar]
[36]
Kc B, Sapkota S, Adhikari A. Generative adversarial networks in anomaly detection and malware detection: a comprehensive survey. Advances in Artificial Intelligence Research. 2024; 4(1):18-35.
[Crossref] [Google Scholar]
[37]
Alqahtani H, Kavakli-thorne M, Kumar G. Applications of generative adversarial networks (GANs): an updated review. Archives of Computational Methods in Engineering. 2021; 28:525-52.
[Crossref] [Google Scholar]
[38]
Goodfellow I, Pouget-abadie J, Mirza M, Xu B, Warde-farley D, Ozair S, et al. Generative adversarial networks. Communications of the ACM. 2020; 63(11):139-44.
[Crossref] [Google Scholar]
[39]
Pinaya WH, Vieira S, Garcia-dias R, Mechelli A. Autoencoders. In machine learning 2020 (pp. 193-208). Academic Press.
[Crossref] [Google Scholar]
[40]
Maniath S, Ashok A, Poornachandran P, Sujadevi VG, AU PS, Jan S. Deep learning LSTM based ransomware detection. In recent developments in control, automation & power engineering 2017 (pp. 442-6). IEEE.
[Crossref] [Google Scholar]
[41]
Kumar A, Bhatia A, Kashyap A, Kumar M. LSTM network: a deep learning approach and applications. In advanced applications of NLP and deep learning in social media data 2023 (pp. 130-50). IGI Global.
[Crossref] [Google Scholar]
[42]
Altunay HC, Albayrak Z. A hybrid CNN+ LSTM-based intrusion detection system for industrial IoT networks. Engineering Science and Technology, an International Journal. 2023 1; 38:1-13.
[Crossref] [Google Scholar]
[43]
Aslan Ö, Yilmaz AA. A new malware classification framework based on deep learning algorithms. IEEE Access. 2021; 9:87936-51.
[Crossref] [Google Scholar]
[44]
Avci C, Tekinerdogan B, Catal C. Analyzing the performance of long short‐term memory architectures for malware detection models. Concurrency and Computation: Practice and Experience. 2023; 35(6):1-15.
[Crossref] [Google Scholar]
[45]
Roy KC, Chen Q. Deepran: attention-based bilstm and CRF for ransomware early detection and classification. Information Systems Frontiers. 2021; 23:299-315.
[Crossref] [Google Scholar]
[46]
Alassafi MO, Hasan SH, Badri S, Hasan SH. Optimized Bi-LSTM: a novel approach for attack detection in industrial IoT. Signal, Image and Video Processing. 2024; 18(5):4903-13.
[Crossref] [Google Scholar]
[47]
Vakalopoulou M, Christodoulidis S, Burgos N, Colliot O, Lepetit V. Deep learning: basics and convolutional neural networks (CNNs). Machine Learning for Brain Disorders. 2023: 77-115.
[Crossref] [Google Scholar]
[48]
Liu C, Cheng F. A survey of image classification algorithms based on graph neural networks. In 3D imaging technologies-multi-dimensional signal processing and deep learning: mathematical approaches and applications, 2021 (pp. 203-12). Springer Singapore.
[Crossref] [Google Scholar]
[49]
Ajit A, Acharya K, Samanta A. A review of convolutional neural networks. In international conference on emerging trends in information technology and engineering (ic-ETITE) 2020 (pp. 1-5). IEEE.
[Crossref] [Google Scholar]
[50]
Alzubaidi L, Zhang J, Humaidi AJ, Al-dujaili A, Duan Y, Al-shamma O, et al. Review of deep learning: concepts, CNN architectures, challenges, applications, future directions. Journal of Big Data. 2021; 8:1-74.
[Crossref] [Google Scholar]
[51]
Rezaei T, Manavi F, Hamzeh A. A PE header-based method for malware detection using clustering and deep embedding techniques. Journal of Information Security and Applications. 2021; 60:102876.
[Crossref] [Google Scholar]