Skip to content

hauni97/Blockchain-enabled-Adversarial-Threat-Intelligence-Sharing-for-Robust-Ransomware-Detection-air-gaps

Repository files navigation

Blockchain enabled Adversarial Threat Intelligence Sharing for Robust Ransomware Detection in Air Gaps

DOI

Open in GitHub Codespaces

Overview and Context

This repository contains code and supporting files for the novel hybrid cybersecurity PoC (proof of concept) of the following journal arcticle:

Blockchain enabled Adversarial Threat Intelligence Sharing for Robust Ransomware Detection in Air Gaps.

Conceptual Diagram of the Hybrid Cybersecurity PoC

The proposed system architecture, as provided below (Figure 1 in paper), is a PoC conceptualized as a network of simulated nodes of Permissioned Mission Critical Service Operator (PMCSO). PMCSOs are interconnected via a private blockchain, functioning as an immutable ledger. They share adversarial threat intelligence. This architecture allows deployment in restricted connectivity environments, such as air gaps.

The architecture visually presents the flow: Local ML Detection → Evasion → Adversarial Intelligence Generation → Blockchain Submission → Blockchain Retrieval → ML Model Fine-tuning → Enhanced Robustness across multiple simulated nodes.

Fig. 1 Conceptual Diagram of the Hybrid Cybersecurity PoC

Repository Contents

  • main.ipynb: Main file with data preprocessing, model training, adversarial attacks, blockchain integration and evaluation
  • Ransomware_headers.csv: Real world dataset that was ued training and testing of ML models (source)
  • ThreatIntelLedger_abi.json: Application Binary Interface (ABI) of smart contract (Solidity)
  • ThreatIntelLedger_bytecode.txt: Bytecode of smart contract
  • requirements.txt: List of required Python libraries to run Jupyter Notebook
  • charts/: Contains the Draw.io diagram as well as the PNG/SVG plots generated by running notebook (robustness and accuracy visualizations)

GitHub Codespaces the Recommended Environment

The provided devcontainer in this repo is meant to run in GitHub Codespaces. This is the prefered enviornment for reproduction and evalution, over a local set-up.

Disclaimer: Billing of GitHub Codespaces is per user. User launching pays for their own usage.

Devcontainer Security Hardening

  • The devcontainer upgrades base Debian packages (apt-get dist-upgrade) to pull patched system libraries (such as OpenEXR, tar, libwmf) and refreshes npm/ganache to pick up fixes for vulnerable transitive dependencies (cross-spawn, glob, brace-expansion)
  • To rebuild the Codespace/container: Ctrl+Shift+P → “Dev Containers: Rebuild Container” (or to re-create the Codespace)

Prerequisites

To run this repository the following development (see requirements.txt and .devcontainer/devcontainer.json) environment is required which includes:

  1. Python (3.11+): Libraries specified in requirements.txt
  2. Jupyter Notebook or JupyterLab
  3. Node.js + npm: Required to run Ganache CLI
  4. Ganache CLI: A personal Ethereum blockchain for development. Install it using npm: npm install -g ganache
  5. A Solidity development environment like Remix IDE for contract development and compilation (optional, only if re-compiling the contract)

Local Deployment

  1. Clone repo

    git clone https://github.com/hauni97/Blockchain-enabled-Adversarial-Threat-Intelligence-Sharing-for-Robust-Ransomware-Detection-air-gaps
    cd Blockchain-enabled-Adversarial-Threat-Intelligence-Sharing-for-Robust-Ransomware-Detection-air-gaps
  2. Get dependencies

    pip install -r requirements.txt
  3. Start Ganache

    ganache

    Local blockchain will usually be on http://127.0.0.1:8545

  4. Open & run Jupyter Notebook

    jupyter notebook main.ipynb

    Follow instructions in notebook to execute cells sequentially

Reproducibility and Experimental Drift

Observed variation in outcomes from experimental runs are due to nondeterminism during model training. Including random parameter initiation and data shuffling and differences in the execution environment, such as library version mismatches. Furthermore, floating point arithmetic behavior or multithreaded execution order. To mitigate variances from experimental:

  • Restart Jupyter Notebook kernel + run all cells sequentially in main.ipynb
  • Use provided devcontainer/Codespaces environment to match Python and dependency versions
  • Keep RNG seeding enabled (see the “Reproducibility Notes” section in main.ipynb)
  • Avoid re-running partial cell ranges that advance the RNG state

License

This work is licensed under the MIT License.

About

Blockchain enabled Adversarial Threat Intelligence Sharing for Robust Ransomware Detection in air gaps

Topics

Resources

Security policy

Stars

3 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors