Bitcoin Ransomware Detection Employing Rule-Based Algorithms

Authors

  • Hardi Sabah Talabani Faculty of Medicals and Applied Sciences, Charmo University, Kurdistan Region, Iraq –
  • Hezha M.TAREQ Abdulhadi Dept. of Information Technology, National Institute of Technology (NIT), Kurdistan Region, Iraq

DOI:

https://doi.org/10.25271/sjuoz.2022.10.1.865

Keywords:

Bitcoin, Ransomware, Machine Learning, Data Mining, Rule-Based Algorithms, Decision Table, Partial Decision Tree (PART), Cybercrime

Abstract

Cryptocurrencies have completely altered the digital transaction process all over the globe. Almost a decade after Satoshi Nakamoto generated the first Bitcoin block; many cryptocurrencies have been established. The Ransomware attack is a type of cybercrime and a class of malware that encrypts the files and prevents users from accessing their data or systems and demands payment for decrypting and retrieving access to their files. Ransomware data classification using present data mining and machine learning methods is difficult because predictions aren't always correct.  We aim to build two models that effectively address these challenges and can diagnose and classify Ransomware attacks accurately, then compare the performance of the models. In this paper, we investigated the use of Rule-Based algorithms for mining Bitcoin Ransomware Data to classify Ransomware attacks in Bitcoin transactions. Employing Rule-Based techniques in detecting Bitcoin data is beneficial because the algorithms effectively classify non-linear datasets. The analysis was done on a Bitcoin dataset for 61,004 addresses selected from 29 Ransomware families and contained ten descriptive and decision attributes. Both Rule-Based algorithms were illustrated and compared on the dataset employing 10-fold cross-validation. Experimental results show that classification under partial decision tree (PART) algorithm performed better in different metrics than the Decision Table algorithm. It provides an accuracy of 96.01%, a recall of 96%, a precision of 95.9%, and an F-Measure of 95.6%. Experimental results propose that it is beneficial to further investigate the application of PART to predictive modelling tasks in Ransomware studies.

Author Biographies

Hardi Sabah Talabani, Faculty of Medicals and Applied Sciences, Charmo University, Kurdistan Region, Iraq –

Faculty of Medicals and Applied Sciences, Charmo University, Kurdistan Region, Iraq – (hardi.talabani@charmouniversity.org)

Hezha M.TAREQ Abdulhadi, Dept. of Information Technology, National Institute of Technology (NIT), Kurdistan Region, Iraq

Dept. of Information Technology, National Institute of Technology (NIT), Kurdistan Region, Iraq –

(Hezha.Abdulhadi@nit.edu.krd)

References

Seow, K. T. (2020). Supervisory control of Blockchain Networks. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 50(1), 159–171. https://doi.org/10.1109/tsmc.2019.2895345
S. D. Mukesh.(2018).An Analysis Technique to Detect Ransomware Threat. International Conference on Computer Communication and Informatics (ICCCI),pp1-5, doi: 10.1109/ICCCI.2018.8441502
Akcora, C. G., Li, Y., Gel, Y. R., & Kantarcioglu, M. (2020). BitcoinHeist: Topological Data Analysis for Ransomware prediction on the Bitcoin blockchain. Proceedings of the Twenty-Ninth International Joint Conference on Artificial Intelligence. https://doi.org/10.24963/ijcai.2020/612
Liao, K., Zhao, Z., Doupe, A., & Ahn, G. (2016). Behind closed doors: measurement and analysis of CryptoLocker ransoms in Bitcoin. 2016 APWG Symposium On Electronic Crime Research (Ecrime). doi: 10.1109/ecrime.2016.7487938
D. Y. Huang et al.(2018). Tracking Ransomware End-to-end.IEEE Symposium on Security and Privacy (SP).pp 618-631, doi: 10.1109/SP.2018.00047.
Alhawi, O. M., Baldwin, J., & Dehghantanha, A. (2018). Leveraging machine learning techniques for windows Ransomware network traffic detection in Cyber threat intelligence. Springer, Cham. pp. 93-106. doi: 10.1007/978-3-319-73951-9_5
Kshirsagar, D., & Shaikh, J. M. (2019, September). Intrusion Detection Using Rule-Based Machine Learning Algorithms. In 2019 5th International Conference On Computing, Communication, Control And Automation (ICCUBEA) (pp. 1-4). IEEE. doi: 10.1109/ICCUBEA47591.2019.9128950
Hussein, N., Abbas, A., & Mahdi, B. (2021). Fraud Classification and Detection Model Using Different Machine Learning Algorithm. Tech-Knowledge Journal, 1(1).
Sohail, M. N., Jiadong, R., Muhammad, M. U., Chauhdary, S. T., Arshad, J., & Verghese, A. J. (2019). An accurate clinical implication assessment for diabetes mellitus prevalence based on a study from Nigeria. Processes, 7(5), 289. doi:10.3390/pr7050289
Gaikwad, D., & Thool, R. (2015). Intrusion Detection System Using Bagging with Partial Decision TreeBase Classifier. Procedia Computer Science, 49, 92-98. doi: 10.1016/j.procs.2015.04.231
Alam, M., Ubaid, S., Shakil, Sohail, S., Nadeem, M., Hussain, S., & Siddiqui, J. (2021). Comparative Analysis of Machine Learning based Filtering Techniques using MovieLens dataset. Procedia Computer Science, 194, 210-217. doi: 10.1016/j.procs.2021.10.075
UCI Machine Learning Repository: BitcoinHeistRansomwareAddressDataset Data Set. (2021). Retrieved 24 December 2021, from https://archive.ics.uci.edu/ml/datasets/BitcoinHeistRansomwareAddressDataset
Fürnkranz, J., Gamberger, D., & Lavrač, N. (2012). Foundations of rule learning. Springer Science & Business Media.
Lengyel, L. (2015). Validating rule-based algorithms. Acta Polytech. Hung, 12, 59-75.doi: 10.12700/aph.12.4.2015.4.4
Qin, B., Xia, Y., Prabhakar, S., & Tu, Y. (2009, March). A rule-based classification algorithm for uncertain data. In 2009 IEEE 25th international conference on data engineering (pp. 1633-1640). IEEE. doi: 10.1109/ICDE.2009.164
Kalmegh, S. R. (2018). Comparative analysis of the weka classifiers rules conjunctive rule & decision table on indian news dataset by using different test mode. International Journal of Engineering Science Invention (IJESI), 7(2Ver III), 2319-6734.
Mohamed, W. N. H. W., Salleh, M. N. M., & Omar, A. H. (2012, November). A comparative study of reduced error pruning method in decision tree algorithms. In 2012 IEEE International conference on control system, computing and engineering (pp. 392-397). IEEE. doi: 10.1109/ICCSCE.2012.6487177
Talabani, H., & Engin, A. V. C. I. (2018, September). Performance comparison of SVM kernel types on child autism disease database. In 2018 International Conference on Artificial Intelligence and Data Processing (IDAP) (pp. 1-5). IEEE. doi: 10.1109/IDAP.2018.8620924
TALABANI, H., & Engin, A. V. C. I. (2018, September). Impact of various kernels on support vector machine classification performance for treating wart disease. In 2018 International Conference on Artificial Intelligence and Data Processing (IDAP) (pp. 1-6). IEEE. doi: 10.1109/IDAP.2018.8620876
Geyik, B., Erensoy, K., & Kocyigit, E. (2021, January). Detection of Phishing Websites from URLs by using Classification Techniques on WEKA. In 2021 6th International Conference on Inventive Computation Technologies (ICICT) (pp. 120-125). IEEE. doi: 10.1109/ICICT50816.2021.9358642
Varol, C., & Abdulhadi, H. M. T. (2018, December). Comparision of string matching algorithms on spam email detection. In 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT) (pp. 6-11). IEEE. doi: 10.1109/IBIGDELFT.2018.8625317
Kotak, P., & Modi, H. (2020, October). Enhancing the Data Mining Tool WEKA. In 2020 5th International Conference on Computing, Communication and Security (ICCCS) (pp. 1-6). IEEE. doi: 10.1109/ICCCS49678.2020.9276870

Downloads

Published

2022-01-16

How to Cite

Talabani, H. S., & Abdulhadi, H. M. (2022). Bitcoin Ransomware Detection Employing Rule-Based Algorithms. Science Journal of University of Zakho, 10(1), 5–10. https://doi.org/10.25271/sjuoz.2022.10.1.865

Issue

Section

Science Journal of University of Zakho