Automated Ransomware Behavior Analysis: Pattern Extraction and Early Detection

Chen, Qian; Islam, Sheikh Rabiul; Haswell, Henry; Bridges, Robert A.

doi:10.1007/978-3-030-34637-9_15

Cited by 28 publications

(29 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Yassine Lemmou and El Mamoun Souidi [10] published a deep analysis over the behavior of Gandcrab ransomware on 2 subversions (v1.0 and v2.2r) out of 7 (v1.0, v1.1, v2.1, v2.1r, v2.2r, v2.3r, and v2.3.1r) subversions while Oleg Kolesnikov [17] mentioned the v4.1 has detected in July 2018 and it reached up to v5.2 March 2019 and observed all the versions have same payload with little changes. Gandcrab owner mentioned that they ceased their business on June 2019 [21]. Gandcrab kill the running process to avoid detection except antivirus, monitoring tools and some programs of operating system.…”

Section: Literature Reviewmentioning

confidence: 99%

“…Reference [18] referred malicious sites as first step to start of ransomware kill chain. According to [19] CryptoWall, PrincessLocker and CryptXXX while in [21] GandCrab uses this method to deliver attack.…”

Section: Malicious Websitesmentioning

confidence: 99%

“…Qian Chen et al [21] designed a tool, which extracts patterns of malware and performs early detection. They mentioned in their research that manually analysis of malware is time killing and not as much accurate as designed tool.…”

Section: Detection and Protection Mechanismmentioning

confidence: 99%

See 2 more Smart Citations

Security Awareness on Ransomware Threats Detection and their Protection Techniques

2021

IJATCSE

View full text Add to dashboard Cite

Computing and smart monitoring devices or machines are involved in every organization and sector in present era. These machines have any operating system (OS), software and applications installed based on the requirement. Due to available security vulnerabilities in OS or software and applications, these machines have more chances to become victims of Ransomware attacks. Attacker demands for ransom in any form of cryptocurrency like Bitcoin and other to normalize the files and services. Ransomwares are pandemic threats globally. Paper focuses on this part of the cybersecurity issues, the latest ransomware and their variants. In our research, we tried our best to explained ransomware and millions of dollar damage done by them in the past few years. Further, we have provided different ransomware spreading and detection mechanisms. At the end of the paper, if any machine infected through ransomware so some prevention, protection and recovery tools and techniques have been mentioned.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Section: Malicious Websitesmentioning

confidence: 99%

See 1 more Smart Citation

Security Awareness on Ransomware Threats Detection and their Protection Techniques

2021

IJATCSE

View full text Add to dashboard Cite

show abstract

“…However, setting a fixed time is not applicable to all ransomware samples, since some variants exhibit their malicious activities after human interaction or discovering the executing environment. Machine learning-based methods have also been applied by the researchers in [34]. They have applied TF-IDF, Fisher's LDA and ET as machine learning method to detect ransomware.…”

Section: Literature Reviewmentioning

confidence: 99%

Avoiding Future Digital Extortion Through Robust Protection Against Ransomware Threats Using Deep Learning Based Adaptive Approaches

et al. 2020

View full text Add to dashboard Cite

Digital extortion has become a major cyber risk for many organizations; small-medium enterprises (SME) to large enterprises business and individual entrepreneurs. Ransomware is a kind of malware that is the main threat to digital extortion and has caused many organizations to lose huge revenue by paying much bigger ransom demands to the cybercriminals in recent years. The explosive growth of ransomware is due to the existing large infection vector such as social engineering, email attachment, zip file download, browsing malicious site, infected search engine which are boosted dramatically by easily available cryptographic tools, Ransomware As a Service (RaaS), increased cloud storage and off-the-self ransomware toolkits. The large infection vector and available toolkits not only grew ransomware extremely, but also made them more obfuscated, encrypted and varying patterns in the new variants. This, in turn, caused the conventional supervised analysis and detection engine to fail to detect the new variants of ransomware. This paper addresses the limitations of conventional supervised detection engine and proposes semi-supervised framework to compute the inherent latent sources of the varying patterns in the new variants in an unsupervised way using deep learning approaches. The proposed framework extracts the inherent characteristics in the varying patterns from the unlabelled ransomware obtained from the wild which is scalable to accommodate upcoming malicious executables. Then the unsupervised learned model is combined with supervised classification, thus constructing an adaptive detection model. The proposed framework has been verified using real ransomware data with a dynamic analysis testbed. Our extensive experimental results and discussion demonstrate that the proposed adaptive framework can successfully identify different variants of ransomware and achieve higher performance than existing supervised approaches.

show abstract

“…Selecting the most relevant subset features from the original features can improve classifier performance and the accuracy of classification operation [41,45,40]; hence, the effective feature set was identified using term weight as the criterion of feature selection. We applied term frequency-inverse document frequency (TF-IDF) feature selection method for setting the weight to a term based on its inverse document frequency and evaluating how important feature is a document in the collection [36]. The purpose of using TF-IDF weighting is to eliminate those features that occur commonly in many vectors while giving more attention to features that are less frequent in the vectors.…”

Section: Feature Extraction and Selectionmentioning

confidence: 99%

Automated Analysis Approach for the Detection of High Survivable Ransomware

Ahmed¹,

Koçer²,

Al‐rimy³

2020

KSII TIIS

View full text Add to dashboard Cite

Ransomware is malicious software that encrypts the user-related files and data and holds them to ransom. Such attacks have become one of the serious threats to cyberspace. The avoidance techniques that ransomware employs such as obfuscation and/or packing makes it difficult to analyze such programs statically. Although many ransomware detection studies have been conducted, they are limited to a small portion of the attack's characteristics. To this end, this paper proposed a framework for the behavioral-based dynamic analysis of high survivable ransomware (HSR) with integrated valuable feature sets. Term Frequency-Inverse document frequency (TF-IDF) was employed to select the most useful features from the analyzed samples. Support Vector Machine (SVM) and Artificial Neural Network (ANN) were utilized to develop and implement a machine learning-based detection model able to recognize certain behavioral traits of high survivable ransomware attacks. Experimental evaluation indicates that the proposed framework achieved an area under the ROC curve of 0.987 and a few false positive rates 0.007. The experimental results indicate that the proposed framework can detect high survivable ransomware in the early stage accurately.

show abstract

Automated Ransomware Behavior Analysis: Pattern Extraction and Early Detection

Cited by 28 publications

References 9 publications

Security Awareness on Ransomware Threats Detection and their Protection Techniques

Security Awareness on Ransomware Threats Detection and their Protection Techniques

Avoiding Future Digital Extortion Through Robust Protection Against Ransomware Threats Using Deep Learning Based Adaptive Approaches

Automated Analysis Approach for the Detection of High Survivable Ransomware

Contact Info

Product

Resources

About