Enhancing File Entropy Analysis to Improve Machine Learning Detection Rate of Ransomware

Hsu, Ching-Tien; Yang, Chia-Cheng; Cheng, Han-Hsuan; Setiasabda, Paul E.; Leu, Jenq-Shiou

doi:10.1109/access.2021.3114148

Cited by 14 publications

(10 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Traditional antivirus solutions have been found somewhat effective but insufficient alone due to the dynamic nature of ransomware attacks [13,32,33]. Combining real-time monitoring with behavior analysis could enhance detection rates [34,28]. Techniques involving the use of sandbox environments to isolate and analyze suspicious applications have shown promise in identifying ransomware before it can cause harm [35].…”

Section: Mitigation Techniquesmentioning

confidence: 99%

An Effective Strategy for Ransomware Mitigation on Android Devices via Android OS File System API

Ozturk,

Yilmaz,

Arslan

et al. 2024

Preprint

View full text Add to dashboard Cite

The development and effectiveness of an API-based system for mitigating ransomware threats on Android devices was explored in this study. Leveraging the Android/Linux file system API, the proposed system enhances the detection and prevention of ransomware by monitoring suspicious file system activities. The methodology includes extensive testing across various Android models and versions, demonstrating a high detection rate with minimal false positives. Results indicate that integrating system-level APIs into security frameworks significantly improves response times and device integrity against ransomware attacks. This paper contributes to mobile cybersecurity by providing a scalable and effective strategy for ransomware mitigation, proposing future enhancements with advanced predictive algorithms and broader system integration.

show abstract

Section: Mitigation Techniquesmentioning

confidence: 99%

An Effective Strategy for Ransomware Mitigation on Android Devices via Android OS File System API

Ozturk,

Yilmaz,

Arslan

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…However, challenges remain, including the evasion of detection by sophisticated ransomware variants and the resource-intensive nature of maintaining dynamic analysis environments [9], [33]- [37]. Studies highlight the ongoing development of more sophisticated dynamic analysis tools and methods, aiming to improve the detection accuracy and reduce false positives [38], [39]. Yet, the adaptability of ransomware creators means that dynamic analysis must continuously evolve to address new threats.…”

Section: B Dynamic Analysis Techniquesmentioning

confidence: 99%

Dynamic Behavioural Analysis of Privacy-Breaching and Data Theft Ransomware

Ozturk,

Demir,

Arslan

et al. 2024

Preprint

View full text Add to dashboard Cite

This study presents a comprehensive analysis of privacy-breaching ransomware, emphasizing the dynamic behavioral patterns and techniques employed by these malicious entities to compromise data privacy. Employing a systematic methodology that includes the collection of diverse ransomware samples, establishment of a secure analysis environment, and execution of a dynamic behavioral analysis procedure, we have delineated the sophisticated tactics that characterize modern ransomware operations. Our findings reveal a significant shift in ransomware strategies, with an increasing focus on data theft over mere financial extortion, highlighting the evolving landscape of cyber threats. The analysis underscores the necessity for advanced cybersecurity measures that incorporate machine learning and behavioral analysis to proactively detect and mitigate these threats. Furthermore, the study identifies key areas for future research, including the development of adaptive security systems and the importance of international collaboration in cybersecurity efforts. This research contributes valuable insights into the behavior of privacy-breaching ransomware, offering a foundation for future advancements in the field of dynamic ransomware analysis and cybersecurity defense strategies.

show abstract

“…Despite achieving 100% detection accuracy using this method, it's worth noting that the study does not include legitimately encrypted files in their dataset, raising questions about the real-world applicability of their perfect result. Similarly, Hsu et al [88] adopt a comparable approach, utilising entropy to identify files that have already been encrypted by ransomware. They train SVM using 17 filebased features, including the compression ratio of the file and report a detection accuracy of 92% in their experiments.…”

Section: C: File-system Featuresmentioning

confidence: 99%

Ransomware Detection Using Machine Learning: A Review, Research Limitations and Future Directions

Ispahany,

Islam,

Islam

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Ransomware attacks are on the rise in terms of both frequency and impact. The shift to remote work due to the COVID-19 pandemic has led more people to work online, prompting companies to adapt quickly. Unfortunately, this increased online activity has provided cybercriminals numerous opportunities to carry out devastating attacks. One recent method employed by malicious actors involves infecting corporate networks with ransomware to extract millions of dollars in profits. Ransomware falls into the category of malware. It works by encrypting sensitive data and demanding payments from victims to receive the encryption keys necessary for decrypting their data. The prevalence of this type of attack has prompted governments and organisations worldwide to intensify their efforts to combat ransomware. In response, the research community has also focused on ransomware detection, leveraging technologies such as machine learning. Despite this increased attention, practical solutions for real-world applications remain scarce in the existing literature. Numerous surveys have explored literature within the domain. Still, there is a notable lack of emphasis on the design of ransomware detection systems and the practical aspects of detection, including real-time and early detection. Against this backdrop, our review delves into the existing literature on ransomware detection, specifically examining the machine-learning techniques, detection approaches, and designs employed. Finally, we highlight the limitations of prior studies and propose future research directions in this crucial area.

show abstract

Enhancing File Entropy Analysis to Improve Machine Learning Detection Rate of Ransomware

Cited by 14 publications

References 18 publications

An Effective Strategy for Ransomware Mitigation on Android Devices via Android OS File System API

An Effective Strategy for Ransomware Mitigation on Android Devices via Android OS File System API

Dynamic Behavioural Analysis of Privacy-Breaching and Data Theft Ransomware

Ransomware Detection Using Machine Learning: A Review, Research Limitations and Future Directions

Contact Info

Product

Resources

About