Automated analysis approach for the detection of high survivable ransomware

Yahye Abukar Ahmed, Barış Koçer*, Bander Ali Saleh Al-rimy

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

Abstract

Ransomware is malicious software that encrypts the user-related files and data and holds them to ransom. Such attacks have become one of the serious threats to cyberspace. The avoidance techniques that ransomware employs such as obfuscation and/or packing makes it difficult to analyze such programs statically. Although many ransomware detection studies have been conducted, they are limited to a small portion of the attack's characteristics. To this end, this paper proposed a framework for the behavioral-based dynamic analysis of high survivable ransomware (HSR) with integrated valuable feature sets. Term Frequency-Inverse document frequency (TF-IDF) was employed to select the most useful features from the analyzed samples. Support Vector Machine (SVM) and Artificial Neural Network (ANN) were utilized to develop and implement a machine learning-based detection model able to recognize certain behavioral traits of high survivable ransomware attacks. Experimental evaluation indicates that the proposed framework achieved an area under the ROC curve of 0.987 and a few false positive rates 0.007. The experimental results indicate that the proposed framework can detect high survivable ransomware in the early stage accurately.

Original languageEnglish
Pages (from-to)2236-2257
Number of pages22
JournalKSII Transactions on Internet and Information Systems
Volume14
Issue number5
DOIs
Publication statusPublished - 31 May 2020

Keywords

  • Artificial Neural Network
  • Ransomware
  • Supervised machine learning
  • Support Vector Machine
  • Term Frequency-Inverse document frequency

Fingerprint

Dive into the research topics of 'Automated analysis approach for the detection of high survivable ransomware'. Together they form a unique fingerprint.

Cite this