Machine Learning Algorithms and Frameworks in Ransomware Detection

Smith, Daryle; Khorsandroo, Sajad; Roy, Kaushik

doi:10.1109/access.2022.3218779

Cited by 12 publications

(17 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…initiates the encryption of user data using the AES algorithm without requiring connection to a command and control center (C&C) [8]. Locky ransomware, first seen since 2016, propagated through embedded macros within Microsoft Office documents and facilitated encrypted communications for Tor and Bitcoin transactions [29]. The infamous WannaCry attack in 2017, which leveraged the Microsoft Windows EternalBlue security vulnerability to target the Server Message Block protocols, affected over 300,000 computers across more than 100 countries and encrypted files using the AES algorithm [30].…”

Section: Of 13mentioning

confidence: 99%

“…Techniques such as entropy measurement for detection can be circumvented when ransomware employs complex encoding strategies [54]. Moreover, machine learning models that depend on static attributes might not exhibit the flexibility to generalize across the spectrum of ransomware families, resulting in potential shortcomings [29]. Consequently, metadata analysis often concentrates on recognized ransomware families, encountering challenges in detecting novel or zero-day threats with advanced obfuscation techniques [39].…”

Section: File Metadata Analysismentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Ransomware Threats: Contrasting Static and Dynamic Analysis Methods

Kang,

2023

Preprint

View full text Add to dashboard Cite

The proliferation of ransomware poses a significant threat to global cybersecurity. This study presents a comprehensive review of the methodologies employed in the detection and analysis of ransomware, emphasizing the dichotomy between static and dynamic analysis approaches. It introduces the historical context and the necessity for robust cybersecurity measures, followed by an outline of the methodological framework used to evaluate existing ransomware analysis techniques. The results detail the effectiveness and limitations of various analysis strategies, identifying key features and patterns that aid in the detection and classification of ransomware threats. The study concludes by summarizing the primary achievements, including the identification of gaps in current research and proposing future research directions aimed at enhancing ransomware detection and mitigation strategies. The synthesis provided in this survey offers a consolidated view of the state-of-the-art in ransomware threat analysis and serves as a resource for cybersecurity professionals and researchers.

show abstract

Section: Of 13mentioning

confidence: 99%

Section: File Metadata Analysismentioning

confidence: 99%

A Survey on Ransomware Threats: Contrasting Static and Dynamic Analysis Methods

Kang,

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Such methodologies not only act as an early warning system but also as a means to study the attack patterns of ransomware without the risk of actual data loss or system damage. On the other hand, behavior-based techniques involve a granular observation of system operations, cataloging file access patterns, and modifications to detect deviations from established norms [10,[23][24][25][26].…”

Section: Related Workmentioning

confidence: 99%

“…The integration of artificial intelligence into ransomware detection represents a significant shift from these traditional methods, capitalizing on the capacity of machine learning algorithms to discern patterns in large datasets and deep learning's ability to learn from data in a more human-like manner [27][28][29]. Machine learning, particularly, has been instrumental in enhancing the predictive accuracy of detection systems [26,[30][31][32][33]. By analyzing the metadata and invocation sequences of APIs, support vector machines, and other learning models have been utilized to classify software behavior effectively, distinguishing between benign and ransomware-infected states [9,11,12,14,34].…”

Section: Related Workmentioning

confidence: 99%

Enhanced Ransomware Identification via Feature Extraction with Class Feature Weighting

Wang

2023

Preprint

View full text Add to dashboard Cite

Ransomware attacks have risen alarmingly, with encryption techniques becoming more complex. This paper introduces a novel detection model tailored for ransomware's distinctive characteristics. The Intel PIN tool extracts Windows API invocation sequences related to file operations. These sequences are used to construct n-grams, forming feature vectors enhanced by a new Class Feature Weighting (CFW) metric to improve malware detection. Preliminary results demonstrate elevated accuracy and precision versus existing methods. The major contributions are: (1) Introducing an innovative deep learning model for few-shot ransomware classification using entropy features and transfer learning. (2) Achieving high weighted F1-score in classifying ransomware variants into families with limited training data. (3) Demonstrating the potential of entropy-based features to capture intricacies lost in image-based approaches, improving detection of new strains.

show abstract

“…Several surveys have reviewed the ransomware detection domain over this period as shown in Table . 3. These surveys broadly focus on: (1) the features or input data used to train machine learning algorithms [11]- [32]; (2) ransomware behaviour and trends [13], [14], [16]- [22], [25], [27], [28], [31], [32]; (3) detection techniques [11]- [14], [16]- [27], [29]- [32]; (4) the algorithms used to detect ransomware [11]- [13], [15], [16], [18], [19], [25]- [32]; (5) ransomware prevention strategies [20]. However, despite recent research efforts, several key limitations emerge from existing surveys:…”

Section: Introductionmentioning

confidence: 99%

Ransomware Detection Using Machine Learning: A Review, Research Limitations and Future Directions

Ispahany,

Islam,

Islam

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Ransomware attacks are on the rise in terms of both frequency and impact. The shift to remote work due to the COVID-19 pandemic has led more people to work online, prompting companies to adapt quickly. Unfortunately, this increased online activity has provided cybercriminals numerous opportunities to carry out devastating attacks. One recent method employed by malicious actors involves infecting corporate networks with ransomware to extract millions of dollars in profits. Ransomware falls into the category of malware. It works by encrypting sensitive data and demanding payments from victims to receive the encryption keys necessary for decrypting their data. The prevalence of this type of attack has prompted governments and organisations worldwide to intensify their efforts to combat ransomware. In response, the research community has also focused on ransomware detection, leveraging technologies such as machine learning. Despite this increased attention, practical solutions for real-world applications remain scarce in the existing literature. Numerous surveys have explored literature within the domain. Still, there is a notable lack of emphasis on the design of ransomware detection systems and the practical aspects of detection, including real-time and early detection. Against this backdrop, our review delves into the existing literature on ransomware detection, specifically examining the machine-learning techniques, detection approaches, and designs employed. Finally, we highlight the limitations of prior studies and propose future research directions in this crucial area.

show abstract

Machine Learning Algorithms and Frameworks in Ransomware Detection

Cited by 12 publications

References 23 publications

A Survey on Ransomware Threats: Contrasting Static and Dynamic Analysis Methods

A Survey on Ransomware Threats: Contrasting Static and Dynamic Analysis Methods

Enhanced Ransomware Identification via Feature Extraction with Class Feature Weighting

Ransomware Detection Using Machine Learning: A Review, Research Limitations and Future Directions

Contact Info

Product

Resources

About