FedDICE: A Ransomware Spread Detection in a Distributed Integrated Clinical Environment Using Federated Learning and SDN Based Mitigation

Thapa, Chandra; Karmakar, Kallol Krishna; Celdran, Alberto Huertas; Camtepe, Seyit; Varadharajan, Vijay; Nepal, Surya

Title: FedDICE: A Ransomware Spread Detection in a Distributed Integrated Clinical Environment Using Federated Learning and SDN Based Mitigation
Creator: Thapa, Chandra; Karmakar, Kallol Krishna; Celdran, Alberto Huertas; Camtepe, Seyit; Varadharajan, Vijay; Nepal, Surya
Relation: International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness. Proceedings of the 17th EAI International Conference on Quality, Reliability, Security and Robustness in Heterogeneous Networks, QShine 2021 (Virtual 29-30 November, 2021) p. 3-24
Publisher Link: http://dx.doi.org/10.1007/978-3-030-91424-0_1
Publisher: Springer
Resource Type: conference paper
Date: 2021
Description: An integrated clinical environment (ICE) enables the connection and coordination of the internet of medical things around the care of patients in hospitals. However, ransomware attacks and their spread on hospital infrastructures, including ICE, are rising. Often the adversaries are targeting multiple hospitals with the same ransomware attacks. These attacks are detected by using machine learning algorithms. But the challenge is devising the anti-ransomware learning mechanisms and services under the following conditions: (1) provide immunity to other hospitals if one of them got the attack, (2) hospitals are usually distributed over geographical locations, and (3) direct data sharing is avoided due to privacy concerns. In this regard, this paper presents a federated distributed integrated clinical environment, aka. FedDICE. FedDICE integrates federated learning (FL), which is privacy-preserving learning, to SDN-oriented security architecture to enable collaborative learning, detection, and mitigation of ransomware attacks. We demonstrate the importance of FedDICE in a collaborative environment with up to 4 hospitals and 4 ransomware families, namely WannaCry, Petya, BadRabbit and PowerGhost. Our results find that in both IID and non-IID data setups, FedDICE achieves the centralized baseline performance that needs direct data sharing for detection. However, as a trade-off to data privacy, FedDICE observes overhead in the anti-ransomware model training, e.g., 28x for the logistic regression model. Besides, FedDICE utilizes SDN's dynamic network programmability feature to remove the infected devices in ICE.
Subject: economic and social effects; ice; learning algorithms; logistic regression
Identifier: http://hdl.handle.net/1959.13/1435367
Identifier: uon:39696
Identifier: ISBN:9783030914233
Language: eng
Reviewed

Hits: 1689
Visitors: 1687
Downloads: 0