Richard Adeyemi Ikuesan

Avinash Singh, Richard Adeyemi Ikuesan, Hein Venter

Ransomware attacks have increased significantly in recent years, causing great destruction and damage to critical systems and business operations. Attackers are unfailingly finding innovative ways to bypass detection mechanisms, whichencouraged the adoption of artificial intelligence. However, most research summarizes the general features of AI and induces many false positives, as the behavior of ransomware constantly differs to bypass detection. Focusing on the key indicating features of ransomware becomes vital as this guides the investigator to the inner workings and main function of ransomware itself. By utilizing access privileges in process memory, the main function of the ransomware can be detected more easily and accurately. Furthermore, new signatures and fingerprints of ransomware families can be identified to classify novel ransomware attacks correctly. The current research used the process memory access privileges of the different memory regions of the behavior of an executable to quickly determine its intent before serious harm can occur. To achieve this aim, several well-known machine learning algorithms were explored with an accuracy range of 81.38 to 96.28 percents. The study thus confirms the feasibility of utilizing process memory as a detection mechanism for ransomware.

Victor R. Kebande, Nickson M. Karie, Richard Adeyemi Ikuesan et al.

The threats posed by botnets in the cyberspace continue to grow each day and it has become very hard to detect or infiltrate the cynicism of bots. This, is owing to the fact, that, the botnet developers each day, keep changing the propagation and attack techniques. Currently, most of these attacks have been centered on stealing computing energy, theft of personal information and Distributed Denial of Service (DDoS) attacks. In this paper, the authors propose a novel technique that uses the Non-Deterministic Polynomial-Time Hardness (NP-Hard Problem) based on the Traveling Salesperson Person (TSP) that depicts that a given bot, bj, is able to visit each host on a network environment, NE, and then it returns to the botmaster, in form of instruction(command), through optimal minimization of the hosts that are (may) be attacked. Given that bj represents a piece of malicious code and TSP-NP Hard Problem, which forms part of combinatorial optimization, the authors present this as an effective approach for the detection of the botnet. It is worth noting that the concentration of this study is basically on the centralized botnet architecture. This holistic approach shows that botnet detection accuracy can be increased with a degree of certainty and potentially decrease the chances of false positives. Nevertheless, a discussion on the possible applicability and implementation has also been given in this paper.