Development of a method for investigating cybercrimes by the type of ransomware using artificial intelligence models in the information security management system of critical infrastructure
Abstract
Purpose: to develop a method for detecting ransomware in the information security management systems of critical infrastructure that is compliant with the ISO 27001:2022 standard.
Method: analysis, synthesis and modeling.
Findings: The study found that the use of artificial intelligence can significantly improve the ability of critical infrastructure security systems to identify and respond to encryption attacks.
Theoretical implications: This research improves existing theories of the use of artificial intelligence in cyber security, demonstrating how deep learning can be adapted for the specific needs of cyber defense of critical infrastructure. It also advances theories of cyber risk management by integrating AI technologies into security strategies.
Practical implications: The study provides practical recommendations for cybersecurity professionals regarding integrating artificial intelligence into security management systems. It also points to potential areas of improvement in incident detection and response.
Future research: Analysis of the effectiveness of the proposed model.
Paper type: theoretical.
Downloads
References
Jack Hughes, Sergio Pastrana, Alice Hutchings, Sadia Afroz, Sagar Samtani, Weifeng Li, and Ericsson Santana Marin. 2024. The Art of Cybercrime Community Research. ACM Comput. Surv. 56, 6, Article 155 (June 2024), 26 pages. https://doi.org/10.1145/3639362.
Tvaronavičienė, Manuela; Plėta, Tomas; Della Casa, Silvia. Cyber security management model for critical infrastructure protection. In: Proceedings of the Selected papers of the International Scientific Conference Contemporary Issues in Business, Management and Economics Engineering. 2021. https://doi.org/10.3846/cibmee.2021.611.
Sarker, Iqbal H.; Furhad, Md Hasan; Nowrozy, Raza. Ai-driven cybersecurity: an overview, security intelligence modeling and research directions. SN Computer Science, 2021, 2: 1-18. https://doi.org/10.1007/s42979-021-00557-0.
TAO, Feng; Akhtar, Muhammad Shoaib; Jiayuan, Zhang. The future of artificial intelligence in cybersecurity: A comprehensive survey. EAI Endorsed Transactions on Creative Technologies, 2021, 8.28: e3-e3. https://doi.org/10.4108/eai.7-7-2021.170285.
Harun Oz, Ahmet Aris, Albert Levi, and A. Selcuk Uluagac. 2022. A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions. ACM Comput. Surv. 54, 11s, Article 238 (January 2022), 37 pages. https://doi.org/10.1145/3514229.
Cybersecurity Ventures Report on Cybercrime [Електронний ресурс] // eSentire. – Available from : https://www.esentire.com/cybersecurity-fundamentals-defined/glossary/cybersecurity-ventures-report-on-cybercrime.
FBI Releases 2022 Crime in the Nation Statistics [Електронний ресурс] // FBI – Available from : https://www.fbi.gov/news/press-releases/fbi-releases-2022-crime-in-the-nation-statistics.
Vidyarthi, Deepti, et al. Static malware analysis to identify ransomware properties. International Journal of Computer Science Issues (IJCSI), 2019, 16.3: 10-17. https://doi.org/10.5281/zenodo.3252963.
Aminanto, M. E., Ban, T., Isawa, R., Takahashi T. and Inoue, D. “Threat Alert Prioritization Using Isolation Forest and Stacked Auto Encoder With Day-Forward-Chaining Analysis”, in IEEE Access, vol. 8, pp. 217977-217986, 2020, https://doi.org/10.1109/ACCESS.2020.3041837.
G. Apruzzese, M. Andreolini, M. Colajanni and M. Marchetti, “Hardening Random Forest Cyber Detectors Against Adversarial Attacks”, in IEEE Transactions on Emerging Topics in Computational Intelligence, vol. 4, no. 4, pp. 427-439, Aug. 2020, https://doi.org/10.1109/TETCI.2019.2961157.
Ferrag, Mohamed Amine, et al. Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. Journal of Information Security and Applications, 2020, 50: 102419. https://doi.org/10.1016/j.jisa.2019.102419.
(2022) ISO/IEC 27001: Information security, cybersecurity and privacy protection – Information security management systems – Requirements. Available from : https://www.iso.org/standard/82875.html. https://doi.org/10.1016/j.jisa.2019.102419.
Fathurohman, Adrian; Witjaksono, R. Wahjoe. Analysis and Design of Information Security Management System Based on ISO 27001: 2013 Using ANNEX Control (Case Study: District of Government of Bandung City). Bulletin of Computer Science and Electrical Engineering, 2020, 1.1: 1-11. https://doi.org/10.25008/bcsee.v1i1.2.
Abstract views: 267 PDF Downloads: 183
Copyright (c) 2024 Andrii Partyka, Oleh Harasymchuk, Elena Nyemkova, Yaroslav Sovyn, Valerii Dudykevych
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors agree with the following conditions:
1. Authors retain copyright and grant the journal right of first publication (Download agreement) with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
2. Authors have the right to complete individual additional agreements for the non-exclusive spreading of the journal’s published version of the work (for example, to post work in the electronic repository of the institution or to publish it as part of a monograph), with the reference to the first publication of the work in this journal.
3. Journal’s politics allows and encourages the placement on the Internet (for example, in the repositories of institutions, personal websites, SSRN, ResearchGate, MPRA, SSOAR, etc.) manuscript of the work by the authors, before and during the process of viewing it by this journal, because it can lead to a productive research discussion and positively affect the efficiency and dynamics of citing the published work (see The Effect of Open Access).
