2021
DOI: 10.7717/peerj-cs.361
|View full text |Cite
|
Sign up to set email alerts
|

On the classification of Microsoft-Windows ransomware using hardware profile

Abstract: Due to the expeditious inclination of online services usage, the incidents of ransomware proliferation being reported are on the rise. Ransomware is a more hazardous threat than other malware as the victim of ransomware cannot regain access to the hijacked device until some form of compensation is paid. In the literature, several dynamic analysis techniques have been employed for the detection of malware including ransomware; however, to the best of our knowledge, hardware execution profile for ransomware anal… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

1
10
0

Year Published

2022
2022
2025
2025

Publication Types

Select...
5
2
1

Relationship

0
8

Authors

Journals

citations
Cited by 23 publications
(16 citation statements)
references
References 51 publications
1
10
0
Order By: Relevance
“…Kadiyala et al [12] proposed an HPC-based fine-grained malware detection through a three-step process of extracting HPCs of the system calls, dimensionality reduction, and feeding the components to an ML classifier. Aurangzeb et al [14] tried to identify the difference between ransomware and non-ransomware malware using HPCs data and ML classifiers such as RF, decision trees (DT), gradient boost (GBoost), and extreme gradient boost (XGBoost).…”
Section: Hpc-based Malware Detectionmentioning
confidence: 99%
See 1 more Smart Citation
“…Kadiyala et al [12] proposed an HPC-based fine-grained malware detection through a three-step process of extracting HPCs of the system calls, dimensionality reduction, and feeding the components to an ML classifier. Aurangzeb et al [14] tried to identify the difference between ransomware and non-ransomware malware using HPCs data and ML classifiers such as RF, decision trees (DT), gradient boost (GBoost), and extreme gradient boost (XGBoost).…”
Section: Hpc-based Malware Detectionmentioning
confidence: 99%
“…The data collected using HPCs are frequently used for performance analysis and tuning of the system software. However, several recent research efforts have investigated their use for malware detection [9], [10], [11], [12], [13], [14]. Alam et al [15] utilized HPC data collected for each process running on the system.…”
Section: Introductionmentioning
confidence: 99%
“…Further advancements in the field have seen the exploration of novel methodologies, such as the application of graph theory [41,42]. This approach involves modeling the intricate relationships within PE files, aiding significantly in the detection of ransomware [9,43].…”
Section: Portable Executable Files In Ransomware Analysismentioning
confidence: 99%
“…The choice of a good feature set is the initial phase of any data mining approach. A few of the extracted features are inspired by previous work [31], [38], however, more features have also been added in this research i.e., hardware performance counters [37], [38], DLLs [52], and strings [16], [31], [53]. We have extracted a total of 1713 features and 10985 features during static and dynamic analysis, respectively.…”
Section: B Feature Extractionmentioning
confidence: 99%
“…However, none of the existing dynamic and ML malware detection techniques use hardware performance counter for malware classification specifically in autonomous vehicles. Although, however, [37] employs a dynamic approach to classify malware based on their hardware performance counters and [38] have used hardware performance counter for ransomware classification on Windows platform.…”
Section: Introductionmentioning
confidence: 99%