Ransomware attack detection in Internet of Things (IoT) using IOTPOT platform with Ensemble Learning (EL)

Abstract

Internet of Things (IoT) has dramatically revolutionized in various purposes of humans in
their past decade. It is a vast network device that may sense and store confidential data about its
clients. The major issue faced by the clients using IoT platforms is security flaws that have mainly
happened through small IoT devices. The latest ransomware attacks are TeslaCrypt,
SimpleLocker, NotPetya, and WannaCry have broken the myth of protecting the digital data
backup of organizations and it gets hacked by the intruder. In the IoT world, ransomware collides
with each other; initiating cybercriminal activities more simpler. These activities are loading IoT
devices with malware that generates an exact fire of cybersecurity arms race. The IoT platform
has a large larceny view to the ransomware and intruder. However, it is highly dangerous that
damages the complete security range services that result in the breach of sensitive information
and life risks. Therefore, the robust Ransomware Attack Detection Honeypot (RADH) has been
proposed with IoTPOT as a honeypot agent. It has addressed the challengeable security problems
that consist of honeypot agents as a honey folder using IOTPOT. It is a decoy folder specifically
to get intruded and perform as an earlier alrm system to signal the client at an apprehensive file
actions. AuditWatch process act as an entropy module that certifies the files and folder entropy.
CEP engine is assisted with Ensemble Learning (EL) has utilized for accumulating data from
dissimilar security methods to train and test the behavior of ransomware, attack pattern, and
immediately respond by confirming the ransomware attacks. Thus, the proposed RADH is trained
with different samples from the dataset and tested experimentally with existing security attacks.
Moreover, the outcome of the proposed RADH is comparatively produces better accuracy,
precision, and recall in detecting ransomware attacks from the existing ransomware detection
model. The organization of the paper is as follows. Section 1 a brief introduction on ransomware
and its types; Section 2 presents a literature survey based on the various technique of Ransomware
attack detection; Section 3 describes a proposed methodology for RADH architecture as a novel
honeypot with IoTPOT and EL in the CEP engine; Section 4 describes the experimental setup
followed by Section 5 that describes performance analysis based on detection of Ransomeware
activities, accuracy, recall, and precision and Section 6 ends with the conclusion.