On the classification of Microsoft-Windows ransomware using hardware profile

Aurangzeb, Sana; Rais, Rao Naveed Bin; Aleem, Muhammad; Islam, Muhammad Arshad; Iqbal, Muhammad Azhar

doi:10.7717/peerj-cs.361

Cited by 19 publications

(16 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Kadiyala et al [12] proposed an HPC-based fine-grained malware detection through a three-step process of extracting HPCs of the system calls, dimensionality reduction, and feeding the components to an ML classifier. Aurangzeb et al [14] tried to identify the difference between ransomware and non-ransomware malware using HPCs data and ML classifiers such as RF, decision trees (DT), gradient boost (GBoost), and extreme gradient boost (XGBoost).…”

Section: Hpc-based Malware Detectionmentioning

confidence: 99%

See 1 more Smart Citation

Detection of Ransomware Attacks Using Processor and Disk Usage Data

2023

View full text Add to dashboard Cite

Ransomware often evades antivirus tools, encrypts files, and renders the target computer and its data unusable. The current approaches to detect such ransomware include monitoring processes, system calls, and file activities on the target system and analyzing the data collected. Monitoring multiple processes has a very high overhead; newer ransomware may interfere with the monitoring and corrupt the collected data. This paper presents a robust and practical approach to detecting ransomware in execution on a virtual machine (VM). We collect data for selected processor and disk I/O events for the entire VM from the host machine and use a machine learning (ML) classifier to develop a detection model. This approach avoids the overhead of continuously monitoring every process on the target machine and prevents the risk of data contamination by ransomware. Furthermore, it is resilient to variations in user workloads. It provides fast detection with a high probability for known (used for training the ML model) and unknown (not used for training) ransomware. The random forest (RF) classifier performed the best of the seven ML classifiers we tested. Over six different user loads and 22 ransomware, the RF model detected ransomware within 400 milliseconds with a 0.98 probability.

show abstract

Section: Hpc-based Malware Detectionmentioning

confidence: 99%

“…The data collected using HPCs are frequently used for performance analysis and tuning of the system software. However, several recent research efforts have investigated their use for malware detection [9], [10], [11], [12], [13], [14]. Alam et al [15] utilized HPC data collected for each process running on the system.…”

Section: Introductionmentioning

confidence: 99%

Detection of Ransomware Attacks Using Processor and Disk Usage Data

2023

View full text Add to dashboard Cite

show abstract

“…Further advancements in the field have seen the exploration of novel methodologies, such as the application of graph theory [41,42]. This approach involves modeling the intricate relationships within PE files, aiding significantly in the detection of ransomware [9,43].…”

Section: Portable Executable Files In Ransomware Analysismentioning

confidence: 99%

Efficient Ransomware Detection via Portable Executable File Image Analysis By LLaMA-7b

Li,

Zhu,

Zhang

2023

Preprint

View full text Add to dashboard Cite

This research focuses on developing a novel ransomware detection methodology leveraging the capabilities of the open source large language model LLaMA-7b and image analysis of Portable Executable (PE) files. By transforming PE files into grayscale bitmap images and analyzing these using the LLaMA-7b model, the study introduces an innovative approach in cybersecurity. The model demonstrates high accuracy in distinguishing ransomware from benignware, with a significant true positive rate and minimal false positives and negatives. This method overcomes the limitations of traditional static and dynamic analysis, proving effective against modern ransomware variants. The findings suggest that integrating advanced technologies like LLMs in cybersecurity offers a promising direction for enhancing ransomware detection and prevention.

show abstract

“…The choice of a good feature set is the initial phase of any data mining approach. A few of the extracted features are inspired by previous work [31], [38], however, more features have also been added in this research i.e., hardware performance counters [37], [38], DLLs [52], and strings [16], [31], [53]. We have extracted a total of 1713 features and 10985 features during static and dynamic analysis, respectively.…”

Section: B Feature Extractionmentioning

confidence: 99%

“…However, none of the existing dynamic and ML malware detection techniques use hardware performance counter for malware classification specifically in autonomous vehicles. Although, however, [37] employs a dynamic approach to classify malware based on their hardware performance counters and [38] have used hardware performance counter for ransomware classification on Windows platform.…”

Section: Introductionmentioning

confidence: 99%

CyberSecurity for Autonomous Vehicles Against Malware Attacks in Smart-Cities

Aurangzeb

Aleem

Khan

et al. 2022

Preprint

View full text Add to dashboard Cite

Smart autonomous vehicles (AVs) are networks of cyber physical systems (CPS) in which they wirelessly communicate with other CPS sub-systems (e.g., smart -vehicles and smart-devices) to efficiently and securely plan safe travel. Due to unreliable wireless communication among them, such vehicles are an easy target of malware attacks that may compromise vehicles’ autonomy, increase inter-vehicle communication latency, and drain vehicles’ power. Such compromises may result in traffic congestion, threaten the safety of passengers, and can result in financial loss. Therefore, real-time detection of such attacks is key to the safe smart transportation and Intelligent Transport Systems (ITS). Current approaches either employ static analysis or dynamic analysis techniques to detect such attacks. However, these approaches may not detect malware in real-time because of zero-day attacks and huge computational resources. Therefore, we introduce a hybrid approach that combines the strength of both analyses to efficiently detect malware for the privacy of smart-cities.

show abstract

On the classification of Microsoft-Windows ransomware using hardware profile

Cited by 19 publications

References 51 publications

Detection of Ransomware Attacks Using Processor and Disk Usage Data

Detection of Ransomware Attacks Using Processor and Disk Usage Data

Efficient Ransomware Detection via Portable Executable File Image Analysis By LLaMA-7b

CyberSecurity for Autonomous Vehicles Against Malware Attacks in Smart-Cities

Contact Info

Product

Resources

About