Enhancing Machine Learning Approach Based on Nilsimsa Fingerprinting for Ransomware Detection in IoMT

The heterogeneous data generated within IoMT environments have presented significant challenges in ML-based attack detection approaches, where the lack of standardized features creates a barrier. Current ML-based attack detection methods rely on feature extraction techniques, often requiring specialized security expertise to analyze and identify the most relevant features for modeling ML algorithms, hindering widespread adoption in IoMT. This study presents a new approach for detecting ransomware-spreading behavior based on Nilsimsa fingerprinting and Machine Learning to represent network traffic and detect infected network flows. The performance of our proposal was evaluated using two IoMT datasets, ICE and CICIoMT2024. Our approach demonstrated better performance than current ML-based attack detection methods using network traffic features in terms of precision, F1-score, and training efficiency across both datasets. The Random Forest algorithm modeled with Nilsimsa fingerprints on the ICE dataset achieved 100% precision and 98.72% F1-score. Similarly, on the CICIoMT2024 dataset, our approach exhibited 99.44% precision and 98.59% F1-score.