Abstract
Industrial Internet of Thing (IIoT) systems are considered attractive ransomware targets because they operate critical services that affect human lives and have substantial operational costs. The major concern is with brownfield IIoT systems since they have legacy edge systems that are not fully prepared to integrate with IoT technologies. Various existing security solutions can detect and mitigate such attacks but are often ineffective due to the heterogeneous and distributed nature of the IIoT systems and their interoperability demands. Consequently, developing new detection solutions is essential. Therefore, this paper proposes a novel targeted ransomware detection model tailored for IIoT edge systems. It uses Asynchronous Peer-to-Peer Federated Learning (AP2PFL) and Deep Learning (DL) techniques as a targeted ransomware detection algorithm. The proposed model consists of two modules: 1) Data Purifying Module (DPM) aims to refine and reconstruct a valuable and robust representation of data based on Contractive Denoising Auto-Encoder (CDAE), and 2) Diagnostic and Decision Module (DDM) is used to identify targeted ransomware and its stages based on Deep Neural Network (DNN) and Batch Normalization (BN). The main strengths of this proposed model include: 1) each edge gateway’s modules work cooperatively with its neighbors in an asynchronous manner and without a third party, 2) it deals with both homogeneous and heterogeneous data, and 3) it is robust against evasion attacks. An exhaustive set of experiments on three datasets prove the high effectiveness of the proposed model in detecting targeted ransomware (known and unknown attacks) in brownfield IIoT and the superiority over the state-of-the-art models.
Highlights
W ITH the emergence of the Internet of Things (IoT), digitization has increasingly become more prevalent in the industrial space
We propose a new model for detecting targeted ransomware attacks against the edge gateways of brownfield Industrial IoT (IIoT) systems
1) We propose the first-of-its-kind targeted ransomware detection model tailored for IIoT edge gateways
Summary
W ITH the emergence of the Internet of Things (IoT), digitization has increasingly become more prevalent in the industrial space. We propose a new model for detecting targeted ransomware attacks against the edge gateways of brownfield IIoT systems. It is based on Federated Learning (FL) and Deep Learning (DL) techniques. As most FL-based detection models follow client-server and synchronous communication approaches, they are not suitable for the edge gateways of brownfield IIoT systems This is because these gateways are designed to operate time-sensitive processes and provide less communication with cloud servers to reduce bandwidth and network latency [17, 18, 19, 20]. 2) We propose and design new Deep Learning (DL)-based model for revealing targeted ransomware in IIoT edge gateway It consists of a Data Purifying Module (DPM) and Diagnosis and Decision Module (DDM).
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
