LightGBM-based Ransomware Detection using API Call Sequences

Nguyen, Doan Trang; Lee, Soojin

doi:10.14569/ijacsa.2021.0121016

Cited by 5 publications

(2 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The focus on feature importance over the feature-prediction relationship is common in the field and is enforced by the limitations of the chosen algorithms. For instance, to better understand the contribution of individual features to the final predictions made by Light GBM, a Gradient-Boosted Decision Trees glass-box model, Nguyen and colleagues ( [34]) were limited to counting the number of times each feature was used as split points in all learned trees.…”

Section: Related Workmentioning

confidence: 99%

MIRAD: A Method for Interpretable Ransomware Attack Detection

Marcinkowski,

Goschorska,

Wileńska

et al. 2024

Preprint

View full text Add to dashboard Cite

In the face of escalating crypto-ransomware attacks, which encrypt user data for ransom, our study introduces a significant advancement in dynamic ransomware detection. We develop an innovative machine learning model capable of identifying ransomware activity. This model is uniquely trained in a simulated user environment, enhancing detection accuracy under realistic conditions and addressing the imbalances typical of ransomware datasets. A notable aspect of our approach is the emphasis on interpretability. We employ a simplified version of Generalized Additive Models (GAMs), ensuring clarity in how individual features influence predictions. This is crucial for minimizing false positives, a common challenge in dynamic detection methods. Our contributions to the field include a Python library for easy application of our detection method, and a comprehensive, publicly available ransomware detection dataset. These resources aim to facilitate broader research and implementation in ransomware defense.

show abstract

Section: Related Workmentioning

confidence: 99%

MIRAD: A Method for Interpretable Ransomware Attack Detection

Marcinkowski,

Goschorska,

Wileńska

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…Their results showed that the proposed approach can be used with existing multilayer security solutions and 99.18% accuracy for Windows platforms. Nguyen et al [88] proposed a method for ransomware detection by examining API calls extracted during dynamic analysis of executables in a virtual environment. ML is used for training, detecting, and classifying normal software as well as different types of ransomware.…”

Section: A: Desktop Platformsmentioning

confidence: 99%

The Age of Ransomware: A Survey on the Evolution, Taxonomy, and Research Directions

et al. 2023

View full text Add to dashboard Cite

The proliferation of ransomware has become a significant threat to cybersecurity in recent years, causing significant financial, reputational, and operational damage to individuals and organizations. This paper aims to provide a comprehensive overview of the evolution of ransomware, its taxonomy, and its state-of-the-art research contributions. We begin by tracing the origins of ransomware and its evolution over time, highlighting the key milestones and major trends. Next, we propose a taxonomy of ransomware that categorizes different types of ransomware based on their characteristics and behavior. Subsequently, we review the existing research over several years in regard to detection, prevention, mitigation, and prediction techniques. Our extensive analysis, based on more than 150 references, has revealed that significant research, specifically 72.8%, has focused on detecting ransomware. However, a lack of emphasis has been placed on predicting ransomware. Additionally, of the studies focused on ransomware detection, a significant portion, 70%, have utilized machine learning methods. We further discuss the challenges found such as the ones related to obtaining ransomware datasets. In addition, our study uncovers a range of shortcomings in research pertaining to real-time protection and identifying zero-day ransomware. Adversarial machine learning exploitation has been identified as an under-researched area in the field. This survey is a constructive roadmap for researchers interested in ransomware research matters.

show abstract

Analyzing Malware From API Call Sequences Using Support Vector Machines

Al‐Haija

Krichen²

2023

Engineering Cyber-Physical Systems and Critical Infrastructures

View full text Add to dashboard Cite

LightGBM-based Ransomware Detection using API Call Sequences

Cited by 5 publications

References 14 publications

MIRAD: A Method for Interpretable Ransomware Attack Detection

MIRAD: A Method for Interpretable Ransomware Attack Detection

The Age of Ransomware: A Survey on the Evolution, Taxonomy, and Research Directions

Analyzing Malware From API Call Sequences Using Support Vector Machines

Contact Info

Product

Resources

About