Keyvan Ansari

Ransomware poses a major threat by encrypting files and demanding ransom for decryption. This paper introduces a lightweight hybrid model for detecting ransomware by analyzing file system events. By combining XGBoost and Long Short-Term Memory (LSTM) networks, the approach identifies and predicts malicious behaviors with high accuracy and low computational cost. A File System Monitor Watchdog was developed to track file activities, collecting a dataset from 20 ransomware families. XGBoost is used for initial pattern detection, and LSTM networks for sequential analysis. The model achieved 97.12% detection accuracy, outperforming traditional methods in accuracy and efficiency, while reducing computational costs.

This study introduces the Digital Immunity Module (DIM), a novel pass-through file system gateway, positioned strategically between storage and endpoints to enhance the security of files accessed via network protocols such as NFS and SMB on SharePoint. DIM serves as a protective layer against ransomware, designed with dual objectives: (1) detecting statistical anomalies that may indicate potential encryption within the network file system, and (2) proactively expanding under-attack files using a reverse source-coding algorithm to deprive ransomware of the resources it needs to operate. For practical deployment, we have developed a proxy gateway that connects endpoints to Azure storage using the SMB protocol. This setup effectively differentiates between benign and malicious activities without needing to identify specific processes at the endpoints, i.e., a critical advantage in combating fileless ransomware, which often eludes conventional security mechanisms such as behavioral analysis. Upon detecting malicious encryption, DIM reacts by expanding the size of buffer blocks, preventing ransomware from accessing subsequent files and frequently causing the ransomware to self-terminate. Our comprehensive evaluation, involving a benign dataset of 11,928 files against 75 ransomware families, including fileless types, demonstrates that DIM significantly impedes and often terminates ransomware operations early in the attack life cycle. This confirms the practicality and effectiveness of this pass-through defence strategy.

Artificial Intelligence (AI) is one of the disruptive technologies that is shaping the future. It has growing applications for data-driven decisions in major smart city solutions, including transportation, education, healthcare, public governance, and power systems. At the same time, it is gaining popularity in protecting critical cyber infrastructure from cyber threats, attacks, damages, or unauthorized access. However, one of the significant issues of those traditional AI technologies (e.g., deep learning) is that the rapid progress in complexity and sophistication propelled and turned out to be uninterpretable black boxes. On many occasions, it is very challenging to understand the decision and bias to control and trust systems’ unexpected or seemingly unpredictable outputs. It is acknowledged that the loss of control over interpretability of decision-making becomes a critical issue for many data-driven automated applications. But how may it affect the system’s security and trustworthiness? This chapter conducts a comprehensive study of machine learning applications in cybersecurity to indicate the need for explainability to address this question. While doing that, this chapter first discusses the black-box problems of AI technologies for Cybersecurity applications in smart city-based solutions. Later, considering the new technological paradigm, Explainable Artificial Intelligence (XAI), this chapter discusses the transition from black-box to white-box. This chapter also discusses the transition requirements concerning the interpretability, transparency, understandability, and Explainability of AI-based technologies in applying different autonomous systems in smart cities. Finally, it has presented some commercial XAI platforms that offer explainability over traditional AI technologies before presenting future challenges and opportunities.

The recent advancement in cloud technology offers unparallel strength to support intelligent computations and advanced services to assist with automated decisions to improve road transportation safety and comfort. Besides, the rise of machine intelligence propels the technological evolution of transportation systems one step further and leads to a new framework known as Cognitive Internet of Vehicles (C-IoV). The redefined cognitive technology in this framework promises significant enhancements and optimized network capacities compared with its predecessor framework, the Internet of Vehicles (IoV). CIoV offers additional security measures and introduces security and privacy concerns, such as evasion attacks, additional threats of data poisoning, and learning errors, which may likely lead to system failure and road user fatalities. Similar to many other public enterprise systems, transportation has a significant impact on the population. Therefore, it is crucial to understand the evolution and equally essential to identify potential security vulnerabilities and issues to offer mitigation towards success. This chapter offers discussions framing answers to the following two questions, (1) how and in what ways the penetration of the latest technologies are reshaping the transportation system? (2) whether the evolved system is capable of addressing the concerns of cybersecurity? This chapter, therefore, starts presenting the evolution of the transportation system followed by a quick overview of the evolved CIoV, highlighting the evolved cognitive design. Later it presents how a cognitive engine can overcome legacy security concerns and also be subjected to further potential security, privacy, and trust issues that this cloud-based evolved transportation system may encounter.

Malware authors leverage strong cryptographic primitives to hold user files as a hostage in their own devices until a ransom is paid. Indeed, victims not protected against ransomware are forced to pay the ransom or lose the files if ignoring the extortion. Devices are by no means immune from ransomware attacks. The reality is that there is a limited study on how to protect end-user devices against ransomware while there is hardly any protection available. Ransomware uses legitimate operating system processes that even state-of-the-art and advanced anti-malware products are ineffective against them. The results of our static and dynamic analysis illustrate that a local file system plays a critical role in the operation of all ransomware engines. Therefore, this study investigates the correlation existed between the file system operations to identify metrics such as the absolute occurrence frequency of a system file to identify a ransomware attack from within the kernel. We employ business process mining techniques to analyze collected log files from samples of seven recent live ransomware families and use the Naive discovery algorithm to study the absolute occurrence frequency of system files. The findings are visualized by state charts and sequence diagrams. Finally, the study identifies eight common system files that ransomware calls on in order to encrypt a victim’s files on their device.

Accurate implementation of communications protocol stacks is unavoidable, however the traditional protocol stack designed for Dedicated Short Range Communications (DSRC) does not efficiently support safety applications. DSRC protocol stack must satisfy some stringent performance requirements by safety applications in challenging scenarios such as heavy road traffic. Several communications solutions, and industry standards including the recently published SAE-J2945.1 standard, are proposed for vehicular safety systems, but by what means such systems can address the stringent requirements of safety applications and the scalability issue in their actual deployment is still an open question. With the current spectrum allocations for vehicular DSRC and the data traffic generated by cooperative applications, the radio channels could be easily saturated in the absence of effective control algorithms, resulting in unstable inter-vehicle communications and eventually failure of the system. The results of several simulation studies are presented in this paper to evaluate the DSRC channel and understand the parameters affecting its state.

This paper proposes a cross-layer designed controller for inter-vehicle safety messaging to address the channel congestion problem of vehicular networks. The proposed controller enjoys a design supporting direct and in-direct interfacing between layers with awareness control aiming at serving the stringent requirements of DSRC safety applications. The message dissemination controller receives feedback such as channel utilization, outdated packets and vehicle density information from cross-layer sources to control the load on the radio channels by adjusting the transmit power and message intervals. The necessity of instant adjustments requires the mechanism to be utilized with a decentralized yet cooperative coordination. The aim of this study is to validate the cross-layer design for DSRC and is fundamentally different to that of the message scheduling and congestion control algorithm presented as a part of the SAE-J2945.1 standard. The complexity verification and results of analysis show the proposed controller is an efficient and fair design.