Ransomware detection using machine learning algorithms

Bae, Seong Il; Lee, Gyu Bin; Im, Eul Gyu

doi:10.1002/cpe.5422

Cited by 77 publications

(46 citation statements)

References 19 publications

(18 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The experimental evaluation of this work claims that the ransomware activities can be identified through a unique low-level system calls that are present in the ransomware. Lorenzo Fernández et al [16], Suhyeon Lee [13], and Seong Il Bae et al [27] use dynamic analysis and supervised machine learning technique. The proposed approaches mostly focused on static, dynamic, or file monitoring approaches and face challenges to detect new variants of ransomware due to their supervised nature in detection engine.…”

Section: Literature Reviewmentioning

confidence: 99%

Avoiding Future Digital Extortion Through Robust Protection Against Ransomware Threats Using Deep Learning Based Adaptive Approaches

et al. 2020

View full text Add to dashboard Cite

Digital extortion has become a major cyber risk for many organizations; small-medium enterprises (SME) to large enterprises business and individual entrepreneurs. Ransomware is a kind of malware that is the main threat to digital extortion and has caused many organizations to lose huge revenue by paying much bigger ransom demands to the cybercriminals in recent years. The explosive growth of ransomware is due to the existing large infection vector such as social engineering, email attachment, zip file download, browsing malicious site, infected search engine which are boosted dramatically by easily available cryptographic tools, Ransomware As a Service (RaaS), increased cloud storage and off-the-self ransomware toolkits. The large infection vector and available toolkits not only grew ransomware extremely, but also made them more obfuscated, encrypted and varying patterns in the new variants. This, in turn, caused the conventional supervised analysis and detection engine to fail to detect the new variants of ransomware. This paper addresses the limitations of conventional supervised detection engine and proposes semi-supervised framework to compute the inherent latent sources of the varying patterns in the new variants in an unsupervised way using deep learning approaches. The proposed framework extracts the inherent characteristics in the varying patterns from the unlabelled ransomware obtained from the wild which is scalable to accommodate upcoming malicious executables. Then the unsupervised learned model is combined with supervised classification, thus constructing an adaptive detection model. The proposed framework has been verified using real ransomware data with a dynamic analysis testbed. Our extensive experimental results and discussion demonstrate that the proposed adaptive framework can successfully identify different variants of ransomware and achieve higher performance than existing supervised approaches.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Avoiding Future Digital Extortion Through Robust Protection Against Ransomware Threats Using Deep Learning Based Adaptive Approaches

et al. 2020

View full text Add to dashboard Cite

show abstract

“…These n-gram sequences are used to identify ransomware and differentiate them from other malware and benign software. Each element of the input can be represented as "1" if an n-gram appears in the n-gram sequence or as "0" if the n-gram is not present in the sequence [23].…”

Section: Api Sequence-based Detectionmentioning

confidence: 99%

“…This technique is used to emphasise the features of each class, therefore giving further ability to differentiate between malware, ransomware and benign files. CF-NCF calculates weights on an element in a class, to provide a higher accuracy on classification experiments [23]. The calculation of this equation can be seen in Equations (16)- (18).…”

Section: Cf-ncf (Class Frequency-non-class Frequency)mentioning

confidence: 99%

“…(17) In these equations, s is an n-gram, and f (s, C) is the number of times that the n-gram s occurs in the n-gram sequence C of a particular class. N is the n-gram sequences of the other classes, and 0.001 serves to prevent the denominator from becoming zero [23].…”

Section: Cf-ncf (Class Frequency-non-class Frequency)mentioning

confidence: 99%

“…blj is the Bernoulli random vector, where P(blj = 1) = pl, j, the dropped neuron, will depend on the Bernoulli random vector. The use of root mean square propagation (RMSprop) is used to adjust the learning rate, so the step size stays on the same scale as the gradient where λ is the forgotten coefficient, Q(w) 2 is the gradient at w. The use of the root square propagation is similar to the use of weight decay; it keeps the moving average of the gradient; this is presented in Equations (22) and (23).…”

Section: Dnpmentioning

confidence: 99%

See 2 more Smart Citations

A Study on the Evolution of Ransomware Detection Using Machine Learning and Deep Learning Techniques

Fernando

Komninos

2020

IoT

View full text Add to dashboard Cite

This survey investigates the contributions of research into the detection of ransomware malware using machine learning and deep learning algorithms. The main motivations for this study are the destructive nature of ransomware, the difficulty of reversing a ransomware infection, and how important it is to detect it before infecting a system. Machine learning is coming to the forefront of combatting ransomware, so we attempted to identify weaknesses in machine learning approaches and how they can be strengthened. The threat posed by ransomware is exceptionally high, with new variants and families continually being found on the internet and dark web. Recovering from ransomware infections is difficult, given the nature of the encryption schemes used by them. The increase in the use of artificial intelligence also coincides with this boom in ransomware. The exploration into machine learning and deep learning approaches when it comes to detecting ransomware poses high interest because machine learning and deep learning can detect zero-day threats. These techniques can generate predictive models that can learn the behaviour of ransomware and use this knowledge to detect variants and families which have not yet been seen. In this survey, we review prominent research studies which all showcase a machine learning or deep learning approach when detecting ransomware malware. These studies were chosen based on the number of citations they had by other research. We carried out experiments to investigate how the discussed research studies are impacted by malware evolution. We also explored the new directions of ransomware and how we expect it to evolve in the coming years, such as expansion into IoT (Internet of Things), with IoT being integrated more into infrastructures and into homes.

show abstract

Novel data mining paradigms based on soft computing and machine learning in the current and upcoming information society revolution

Choi

Pop

Huang

2020

Concurrency and Computation

View full text Add to dashboard Cite

The possibility of having the Internet accessibility everywhere and every time and the progressive reduction of the dimensions of hardware equipment, in addition to the advent of novel ICT paradigms realizing the Internet of Things and Smart City visions, made available the design and realization of an innovative type of applications where data play a key role, promising to achieve a non-negligible impact on the society and business processes. The right management, control, and distribution of data are extremely critical process in our society, so that it is always referred as information society. This is boosted by the proliferation of the social networks within our lives, and the upcoming of the Internet of Things within our homes and factories. Having such a vast volume of data to be processed in order to take decisions and/or infer knowledge poses a number of challenges. The issue of properly storing such data leads to the advent of different approaches than the traditional relational databases, such as the NoSQL products. The issue of supporting the scalability of the overall communication infrastructure and to balance the load of the consequent processing cause the shift from proprietary and centralized computing solutions to more distributed and multi-tenant approaches, such as the cloud computing and its variants. However, the processing is still centralized in the core of the infrastructures, and we only see a change on how such a Finally, we would like to express our sincere appreciation for the valuable contributions made by all the authors. Our special thanks go to Professor Geoffrey C. fox, the Editor in Chief of the Concurrency and Computation: Practice and Experience Journal, for allowing us to publish this Special Issue and for his great support throughout the entire publication process. 16

show abstract

Ransomware detection using machine learning algorithms

Cited by 77 publications

References 19 publications

Avoiding Future Digital Extortion Through Robust Protection Against Ransomware Threats Using Deep Learning Based Adaptive Approaches

Avoiding Future Digital Extortion Through Robust Protection Against Ransomware Threats Using Deep Learning Based Adaptive Approaches

A Study on the Evolution of Ransomware Detection Using Machine Learning and Deep Learning Techniques

Novel data mining paradigms based on soft computing and machine learning in the current and upcoming information society revolution

Contact Info

Product

Resources

About