Hybrid-Based Analysis Impact on Ransomware Detection for Android Systems

Almohaini, Rana; Almomani, Iman; Alkhayer, Aala

doi:10.3390/app112210976

Cited by 15 publications

(8 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The model's proficiency in differentiating between benignware and ransomware, while maintaining minimal rates of false positives and negatives, further reflects its advanced pattern recognition skills [8,15]. These results, with true positive rates for ransomware hovering around 91.7% and false positives kept under 5%, provide a strong indication that incorporating large language models into the cyber-security domain, specifically for ransomware detection, represents a viable and highly effective strategy [22,4]. Moreover, the model's effectiveness in discerning between benign and malicious software, while minimizing erroneous classifications, underscores the importance of precision in such security applications [20,1].…”

Section: In-depth Analysis Of Resultsmentioning

confidence: 78%

“…This research has primarily concentrated on understanding the ways in which ransomware interacts with file systems and network resources, thereby disrupting traditional operational flows [20,21]. Furthermore, the field has witnessed considerable exploration into the capabilities of anomaly detection systems in pinpointing ransomware [22,5]. These systems are notably effective when focusing on irregularities diverging from established patterns of network traffic [10,23].…”

Section: Ransomware Detectionmentioning

confidence: 99%

See 1 more Smart Citation

Efficient Ransomware Detection via Portable Executable File Image Analysis By LLaMA-7b

Li,

Zhu,

Zhang

2023

Preprint

View full text Add to dashboard Cite

This research focuses on developing a novel ransomware detection methodology leveraging the capabilities of the open source large language model LLaMA-7b and image analysis of Portable Executable (PE) files. By transforming PE files into grayscale bitmap images and analyzing these using the LLaMA-7b model, the study introduces an innovative approach in cybersecurity. The model demonstrates high accuracy in distinguishing ransomware from benignware, with a significant true positive rate and minimal false positives and negatives. This method overcomes the limitations of traditional static and dynamic analysis, proving effective against modern ransomware variants. The findings suggest that integrating advanced technologies like LLMs in cybersecurity offers a promising direction for enhancing ransomware detection and prevention.

show abstract

Section: In-depth Analysis Of Resultsmentioning

confidence: 78%

Section: Ransomware Detectionmentioning

confidence: 99%

Efficient Ransomware Detection via Portable Executable File Image Analysis By LLaMA-7b

Li,

Zhu,

Zhang

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…As a result, a new technique to detect and prevent this type of assault is critical. Dynamic analysis, static analysis, and a hybrid system that combined dynamic and static analysis were the three types of detection approaches used [3]- [5]. Most previous detection methods relied on a time-consuming but feasible and effective procedure known as dynamic analysis [6], [7].…”

Section: Introductionmentioning

confidence: 99%

Dynamic Ransomware Detection for Windows Platform Using Machine Learning Classifiers

Park

Razak

2022

JOIV : Int. J. Inform. Visualization

View full text Add to dashboard Cite

In this world of growing technological advancements, ransomware attacks are also on the rise. This threat often affects the finance of individuals, organizations, and financial sectors. In order to effectively detect and block these ransomware threats, the dynamic analysis strategy was proposed and carried out as the approach of this research. This paper aims to detect ransomware attacks with dynamic analysis and classify the attacks using various machine learning classifiers namely: Random Forest, Naïve Bayes, J48, Decision Table and Hoeffding Tree. The TON IoT Datasets from the University of New South Wales' (UNSW) were used to capture ransomware attack features on Windows 7. During the experiment, a testbed was configured with numerous virtual Windows 7 machines and a single attacker host to carry out the ransomware attack. A total of 77 classification features are selected based on the changes before and after the attack. Random Forest and J48 classifiers outperformed other classifiers with the highest accuracy results of 99.74%. The confusion matrix highlights that both Random Forest and J48 classifiers are able to accurately classify the ransomware attacks with the AUC value of 0.997 respectively. Our experimental result also suggests that dynamic analysis with machine learning classifier is an effective solution to detect ransomware with the accuracy percentage exceeds 98%.

show abstract

“…In a similar report, Kaspersky [8] detected more than 5 million malicious installation packages, which includes new variants of trojans and ransomware. As viable solutions, different techniques such as malware detection, vulnerability detection, and application reinforcement, to impose protection on the Android OS have been proposed and developed [9][10][11]. Malware detection is widely adopted among the proposed security protection measures to prevent dangerous applications.…”

Section: Introductionmentioning

confidence: 99%

“…As there are more instances of benign applications as compared to malicious applications, the Android malware detection can be said to have a class imbalance problem [1,11,12]. In this research, an extensive comparative performance analysis is conducted to ascertain the performance of ML methods in the presence of a class imbalance problem.…”

Section: Introductionmentioning

confidence: 99%

Performance Analysis of Machine Learning Methods with Class Imbalance Problem in Android Malware Detection

Akintola¹,

Balogun

Mojeed³

et al. 2022

Int. J. Interact. Mob. Technol.

View full text Add to dashboard Cite

Due to the exponential rise of mobile technology, a slew of new mobile security concerns has surfaced recently. To address the hazards connected with malware, many approaches have been developed. Signature-based detection is the most widely used approach for detecting Android malware. This approach has the disadvantage of being unable to identify unknown malware. As a result of this issue, machine learning (ML) for identifying and categorising malware apps was created. Conventional ML methods are concerned with increasing classification accuracy. However, the standard classification method performs poorly in recognising malware applications due to the unbalanced real-world datasets. In this study, an empirical analysis of the detection performance of ML methods in the presence of class imbalance is conducted. Specifically, eleven (11) ML methods with diverse computational complexities were investigated. Also, a synthetic minority oversampling technique (SMOTE) and random undersampling (RUS) are deployed to address the class imbalance in the Android malware datasets. The experimented ML methods are tested using the Malgenome and Drebin Android malware datasets that contain features gathered from both static and dynamic malware approaches. According to the experimental findings, the performance of each experimented ML method varies across the datasets. Moreover, the presence of class imbalance deteriorated the performance of the ML methods as their performances were amplified with the deployment of data sampling methods (SMOTE and RUS) used to alleviate the class imbalance problem. Besides, ML models with SMOTE technique are superior to other experimented methods. It is therefore recommended to address the inherent class imbalance problem in Android Malware detection.

show abstract

Hybrid-Based Analysis Impact on Ransomware Detection for Android Systems

Cited by 15 publications

References 38 publications

Efficient Ransomware Detection via Portable Executable File Image Analysis By LLaMA-7b

Efficient Ransomware Detection via Portable Executable File Image Analysis By LLaMA-7b

Dynamic Ransomware Detection for Windows Platform Using Machine Learning Classifiers

Performance Analysis of Machine Learning Methods with Class Imbalance Problem in Android Malware Detection

Contact Info

Product

Resources

About