Avoiding Future Digital Extortion Through Robust Protection Against Ransomware Threats Using Deep Learning Based Adaptive Approaches

Sharmeen, Shaila; Ahmed, Yunis Ali; Huda, Shamsul; Koçer, Bari Ş; Hassan, Mohammad Mehedi

doi:10.1109/access.2020.2970466

Cited by 43 publications

(39 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The following industries were particularly targeted: transportation, healthcare, financial services, and government ( Alshaikh et al., 2020 ). The number of ransomware attacks has grown exponentially thanks to easily obtainable ransomware toolkits and ransomware-as-a-service (RaaS) that allows novices to launch ransomware attacks ( Sharmeen et al., 2020 ).…”

Section: Introductionmentioning

confidence: 99%

Ransomware: Recent advances, analysis, challenges and future research directions

Beaman

Barkworth

Akande

et al. 2021

Computers & Security

107

View full text Add to dashboard Cite

The COVID-19 pandemic has witnessed a huge surge in the number of ransomware attacks. Different institutions such as healthcare, financial, and government have been targeted. There can be numerous reasons for such a sudden rise in attacks, but it appears working remotely in home-based environments (which is less secure compared to traditional institutional networks) could be one of the reasons. Cybercriminals are constantly exploring different approaches like social engineering attacks, such as phishing attacks, to spread ransomware. Hence, in this paper, we explored recent advances in ransomware prevention and detection and highlighted future research challenges and directions. We also carried out an analysis of a few popular ransomware samples and developed our own experimental ransomware, AESthetic, that was able to evade detection against eight popular antivirus programs.

show abstract

Section: Introductionmentioning

confidence: 99%

Ransomware: Recent advances, analysis, challenges and future research directions

Beaman

Barkworth

Akande

et al. 2021

Computers & Security

107

View full text Add to dashboard Cite

show abstract

“…Basicly, the instruction compression here must satisfy that the compression result can be analysed by the corresponding model without decompression. So it is different from the common compression algorithm [17] [18] used in our daily life. And we can find many related works satisfying this point [19] [20].…”

Section: ) How To Collect the Source Instructions When Facing The Compression Encryption?mentioning

confidence: 92%

A Gray Box for Visualizing Instruction Sequence Based on Improved Suffix Tree

Wang

Fang

2020

IEEE Access

View full text Add to dashboard Cite

Gray box is a kind of device in which the working process of a program or system is locally recognized. Gray box testing, also known as gray box analysis, is a software debugging method based on the limited cognition of the internal details of the program. Testers may know how system components interact with each other, but they lack a detailed understanding of internal program functions and operation. So the construction of gray box is particularly important. The most original gray boxes are static debugger and dynamic debugger. And then reflexion model, which reduces the manual work greatly, is developed and applied. The latest gray boxes are focus on regarding instructions as a natural language using the mature mathematical model to mine their internal value. Adhering to the idea of latest researches, our paper improves the original suffix tree and use the improved suffix tree as a mathematical models to analyse and visualize the internal logic of instructions. Our gray box aims at solving three problems in practical application. In addition, we explain the complexity of instruction sequence and put forward a prediction formula for the building part. By experiment, we prove the time complexity of each part and the correctness of the prediction formula, and show the effect of visualizing part.INDEX TERMS Gray box, reverse engineering, suffix tree, visualize, instruction preprocess.

show abstract

“…With an objective to overcome the limitations of supervised learning algorithms, Sharmeen et al [27] have proposed a semi-supervised framework to learn unique ransomware behavioral patterns using deep learning techniques. They claim that their model is scalable to accommodate new variants of malware executable.…”

Section: Literature Reviewmentioning

confidence: 99%

Analysis of Crypto-Ransomware Using ML-Based Multi-Level Profiling

Poudyal¹,

Dasgupta

2021

IEEE Access

View full text Add to dashboard Cite

Crypto-ransomware is the most prevalent form of modern malware, has affected various industries, demanding a significant amount of ransom. Mainly, small businesses, healthcare, education, and government sectors have been under continuous attacks by these adversaries. Various static and dynamic analysis techniques exist, but these methods become less efficient as the malware writers continuously trick the defenders. Numerous research of ransomware with AI techniques often lack the behavioral analysis and its correlation mapping. In this work, we developed an AI-powered hybrid approach overcoming the recent challenges to detect ransomware. Specifically, we proposed a deep inspection approach for multi-level profiling of crypto-ransomware, which captures the distinct features at Dynamic link library, function call, and assembly levels. We showed how the code segments correlate at these levels for studied samples. Our hybrid multi-level analysis approach includes advanced static and dynamic methods and a novel strategy of analyzing behavioral chains with AI techniques. Moreover, association rule mining, natural language processing techniques, and machine learning classifiers are integrated for building ransomware validation and detection model. We experimented with crypto-ransomware samples (collected from VirusTotal). One of the machine learning algorithms achieved the highest accuracy of 99.72% and a false positive rate of 0.003 with two class datasets. The result exhibited that multi-level profiling can better detect ransomware samples with higher accuracy. The multi-level feature sequence can be extracted from most of the applications running in the different operating systems; therefore, we believe that our method can detect ransomware for devices on multiple platforms. We designed a prototype, AIRaD (AI-based Ransomware Detection) tool, which will allow researchers and the defenders to visualize the analysis with proper interpretation.

show abstract

Avoiding Future Digital Extortion Through Robust Protection Against Ransomware Threats Using Deep Learning Based Adaptive Approaches

Cited by 43 publications

References 28 publications

Ransomware: Recent advances, analysis, challenges and future research directions

Ransomware: Recent advances, analysis, challenges and future research directions

A Gray Box for Visualizing Instruction Sequence Based on Improved Suffix Tree

Analysis of Crypto-Ransomware Using ML-Based Multi-Level Profiling

Contact Info

Product

Resources

About