AI-Powered Ransomware Detection Framework

Poudyal, Subash; Dasgupta, Dipankar

doi:10.1109/ssci47803.2020.9308387

Cited by 25 publications

(11 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Only the last two apply artificial neural networks (ANN) such as convolutional neural networks (CNN) and bi-directional long short-term memory (Bi-LSTM); the others implement supervised algorithms such as naive Bayes (NB), support vector machine (SVM), sequential minimal optimization (SMO), logistic regression (LR), decision tree (DT), random forest (RF), simple logistic (SL), decision trees (DT), K-nearest neighbor (KNN), and gradient boosting decision tree (GBDT) [ 27 , 28 , 29 , 30 ].…”

Section: Related Workmentioning

confidence: 99%

Dynamic Feature Dataset for Ransomware Detection Using Machine Learning Algorithms

Silva

Hernández-Álvarez

2023

Sensors

View full text Add to dashboard Cite

Ransomware-related cyber-attacks have been on the rise over the last decade, disturbing organizations considerably. Developing new and better ways to detect this type of malware is necessary. This research applies dynamic analysis and machine learning to identify the ever-evolving ransomware signatures using selected dynamic features. Since most of the attributes are shared by diverse ransomware-affected samples, our study can be used for detecting current and even new variants of the threat. This research has the following objectives: (1) Execute experiments with encryptor and locker ransomware combined with goodware to generate JSON files with dynamic parameters using a sandbox. (2) Analyze and select the most relevant and non-redundant dynamic features for identifying encryptor and locker ransomware from goodware. (3) Generate and make public a dynamic features dataset that includes these selected parameters for samples of different artifacts. (4) Apply the dynamic feature dataset to obtain models with machine learning algorithms. Five platforms, 20 ransomware, and 20 goodware artifacts were evaluated. The final feature dataset is composed of 2000 registers of 50 characteristics each. This dataset allows for a machine learning detection with a 10-fold cross-evaluation with an average accuracy superior to 0.99 for gradient boosted regression trees, random forest, and neural networks.

show abstract

Section: Related Workmentioning

confidence: 99%

Dynamic Feature Dataset for Ransomware Detection Using Machine Learning Algorithms

Silva

Hernández-Álvarez

2023

Sensors

View full text Add to dashboard Cite

show abstract

“…An AI based ransomware detection framework referred as AIRaD was proposed in [103]. This tool was able to detect ransomware by combining both static and dynamic analysis.…”

Section: Ransomware Hybrid Analysis Studies Utilizing Machine Learningmentioning

confidence: 99%

“…An AI based ransomware detection framework AIRaD along with machine learning algorithms was proposed in [103]. Machine learning algorithms included in the work were SVM, LR, RF, and Adaboost with J48 and J48.…”

Section: Conventional Detection Studies Utilizing Machine Learningmentioning

confidence: 99%

Ransomware Detection Using the Dynamic Analysis and Machine Learning: A Survey and Research Directions

et al. 2021

View full text Add to dashboard Cite

Ransomware is an ill-famed malware that has received recognition because of its lethal and irrevocable effects on its victims. The irreparable loss caused due to ransomware requires the timely detection of these attacks. Several studies including surveys and reviews are conducted on the evolution, taxonomy, trends, threats, and countermeasures of ransomware. Some of these studies were specifically dedicated to IoT and android platforms. However, there is not a single study in the available literature that addresses the significance of dynamic analysis for the ransomware detection studies for all the targeted platforms. This study also provides the information about the datasets collection from its sources, which were utilized in the ransomware detection studies of the diverse platforms. This study is also distinct in terms of providing a survey about the ransomware detection studies utilizing machine learning, deep learning, and blend of both techniques while capitalizing on the advantages of dynamic analysis for the ransomware detection. The presented work considers the ransomware detection studies conducted from 2019 to 2021. This study provides an ample list of future directions which will pave the way for future research.

show abstract

“…Though this approach improved the performance of the previous one, it still fell short in handling the obfuscated binaries due to the dependency on static analysis. The shortcomings of our recent approaches motivated us to adopt the hybrid approach of ransomware analysis in [24]. We reverse engineer samples using both static and dynamic analysis techniques leveraging different AI techniques.…”

Section: Literature Reviewmentioning

confidence: 99%

“…This current version of our research includes the extended and enhanced work of [24] with an improvised framework, more insights and experiments, and a focus on behavioral chains. Unlike other's work, our recent approach leverages hybrid multi-level deep inspection showing the relation of three levels, its contribution to unique signatures, and behavioral chains.…”

Section: Literature Reviewmentioning

confidence: 99%

Analysis of Crypto-Ransomware Using ML-Based Multi-Level Profiling

Poudyal¹,

Dasgupta

2021

IEEE Access

Self Cite

View full text Add to dashboard Cite

Crypto-ransomware is the most prevalent form of modern malware, has affected various industries, demanding a significant amount of ransom. Mainly, small businesses, healthcare, education, and government sectors have been under continuous attacks by these adversaries. Various static and dynamic analysis techniques exist, but these methods become less efficient as the malware writers continuously trick the defenders. Numerous research of ransomware with AI techniques often lack the behavioral analysis and its correlation mapping. In this work, we developed an AI-powered hybrid approach overcoming the recent challenges to detect ransomware. Specifically, we proposed a deep inspection approach for multi-level profiling of crypto-ransomware, which captures the distinct features at Dynamic link library, function call, and assembly levels. We showed how the code segments correlate at these levels for studied samples. Our hybrid multi-level analysis approach includes advanced static and dynamic methods and a novel strategy of analyzing behavioral chains with AI techniques. Moreover, association rule mining, natural language processing techniques, and machine learning classifiers are integrated for building ransomware validation and detection model. We experimented with crypto-ransomware samples (collected from VirusTotal). One of the machine learning algorithms achieved the highest accuracy of 99.72% and a false positive rate of 0.003 with two class datasets. The result exhibited that multi-level profiling can better detect ransomware samples with higher accuracy. The multi-level feature sequence can be extracted from most of the applications running in the different operating systems; therefore, we believe that our method can detect ransomware for devices on multiple platforms. We designed a prototype, AIRaD (AI-based Ransomware Detection) tool, which will allow researchers and the defenders to visualize the analysis with proper interpretation.

show abstract

AI-Powered Ransomware Detection Framework

Cited by 25 publications

References 9 publications

Dynamic Feature Dataset for Ransomware Detection Using Machine Learning Algorithms

Dynamic Feature Dataset for Ransomware Detection Using Machine Learning Algorithms

Ransomware Detection Using the Dynamic Analysis and Machine Learning: A Survey and Research Directions

Analysis of Crypto-Ransomware Using ML-Based Multi-Level Profiling

Contact Info

Product

Resources

About