Skip to main content

A Generic Framework for Ransomware Prediction and Classification with Artificial Neural Networks

  • Conference paper
  • First Online:
Data Science and Emerging Technologies (DaSET 2023)

Abstract

With the increase in the development of technology, the threat of “Ransomware” has also increased especially towards organizations. Ransomware is a malicious software that encrypts all the user’s data or system and demands a ransom payment for decryption. Despite various machine learning approaches proposed for ransomware detection, they often fail to identify those threats accurately in time, thus leading to data loss and victimization. This research introduces a novel framework, primarily based on static analysis of ransomware and predicting the presence of ransomware on users’ systems by monitoring a defined set of ransomware activities. In this study, we used the Resilient Information Systems Security (RISS) ransomware dataset, encompassing 582 ransomware samples from 11 distinct families and 982 instances of goodware. We proposed a generic neural network framework for the identification of ransomware and compared the performance of artificial neural networks (ANN) and deep neural networks (DNN) in terms of accurately classifying ransomware and goodware. The suggested framework secured an accuracy of 98.56% with ANNs, and achieved a slightly better performance (99.06%) when ANN was replaced with DNN. Our results showed that a basic ANN can achieve performance comparable to that of a DNN for ransomware detection. In future work, we plan to evaluate the performance of the proposed framework in a real-time setting.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Kshetri N, Voas J (2017) Do crypto-currencies fuel ransomware? IT profess 19(5):11–15

    Article  Google Scholar 

  2. AlYousef MY, Abdelmajeed NT (2019) Dynamically detecting security threats and updating a signature-based intrusion detection system’s database. Procedia Comput Sci 159:1507–1516

    Article  Google Scholar 

  3. Borrion H, Tripathi K, Chen P, Moon S (2014) Threat detection: a framework for security architects and designers of metropolitan rail systems. Urban Plann Transp Res 2(1):173–194

    Article  Google Scholar 

  4. Lin PP (2006) System security threats and controls. The CPA J 76(7):58

    Google Scholar 

  5. Mehmood T, Helmi B (2016) Svm for network anomaly detection using aco feature subset. In: 2015 International symposium on mathematical sciences and computing research (iSMSC), IEEE, pp 121–126

    Google Scholar 

  6. Bae SI, Lee GB, Im EG (2020) Ransomware detection using machine learning algorithms. Concurr Comput Pract Exp 32(18):e5422

    Google Scholar 

  7. Fernando DW, Komninos N, Chen T (2020) A study on the evolution of ransomware detection using machine learning and deep learning techniques. IoT 1(2):551–604

    Article  Google Scholar 

  8. Noorbehbahani, F., Rasouli, F., Saberi, M.: Analysis of machine learning techniques for ransomware detection. In: 2019 16th International ISC (Iranian Society of Cryptology) conference on information security and cryptology (ISCISC), IEEE, pp 128–133

    Google Scholar 

  9. Mehmod T, Rais HBM (2016) Ant colony optimization and feature selection for intrusion detection. In: Advances in machine learning and signal processing, Springer International Publishing, Cham, pp 305–312

    Google Scholar 

  10. Sajjan RS, Ghorpade VR (2017) Ransomware attacks: Radical menace for cloud computing. In: 2017 International conference on wireless communications, signal processing and networking (WiSPNET), IEEE, pp 1640–1646

    Google Scholar 

  11. Liska A, Gallo T (2016) Ransomware: defending against digital extortion. O’Reilly Media, Inc.

    Google Scholar 

  12. Nari S, Ghorbani AA (2015) Automated malware classification based on network behavior. In: 2013 International conference on computing, networking and communications (ICNC), IEEE, pp 642–647

    Google Scholar 

  13. Rao V, Hande K (2017) A comparative study of static, dynamic and hybrid analysis techniques for android malware detection. Int J Eng Develop Res 5(2):1433–1436

    Google Scholar 

  14. Grosse K, Papernot N, Manoharan P, Backes M, McDaniel P (2020) Adversarial examples for malware detection. In: Computer security–ESORICS 2017: 22nd European symposium on research in computer security, Oslo, Norway, September 11–15, Proceedings, Part II 22, pp 62–79

    Google Scholar 

  15. Zavarsky P, Lindskog D et al (2016) Experimental analysis of ransomware on windows and android platforms: evolution and characterization. Procedia Comput Sci 465–472

    Google Scholar 

  16. Brown S, Henz B, Brown H, Edwards M, Russell M, Mercurio J (2015) Validation of network simulation model with emulation using example malware. In: MILCOM 2015–2015 IEEE military communications conference, pp 1264–1269

    Google Scholar 

  17. Sahay SK, Sharma A (2016) Grouping the executables to detect malwares with high accuracy. Procedia Comput Sci 78:667–674

    Article  Google Scholar 

  18. Rieck K, Holz T, Willems C, Du¨ssel P, Laskov P (2008) Learning and classification of malware behavior. In: International conference on detection of intrusions and malware, and vulnerability assessment, Springer, pp 108–125

    Google Scholar 

  19. Bayer U, Comparetti PM, Hlauschek C, Kruegel C, Kirda E (2009) Scalable, behavior-based malware clustering. In: NDSS, vol 9, pp 8–11

    Google Scholar 

  20. Hwang J, Kim J, Lee S, Kim K (2020) Two-stage ransomware detection using dynamic analysis and machine learning techniques. Wireless Pers Commun 112:2597–2609

    Article  Google Scholar 

  21. Arivudainambi D, KA VK, Visu P et al (2020) Ransomware traffic classification using deep learning models: ransomware traffic classification. Int J Web Port (IJWP) 12(1):1–11

    Google Scholar 

  22. Kok S, Abdullah A, Jhanjhi N, Supramaniam M (2019) Ransomware, threat and detection techniques: A review. Int J Comput Sci Netw Secur 19(2):136

    Google Scholar 

  23. Dion Y, Brohi SN (2020) An experimental study to evaluate the performance of machine learning alogrithms in ransomware detection. J Eng Sci Technol 15(2):967–981

    Google Scholar 

  24. Resilient information systems security (riss) ransomware dataset. Retrieved from http://rissgroup.org/ransomware-dataset/. Accessed on 05 Jan 2023

  25. Eluyode O, Akomolafe DT (2013) Comparative study of biological and artificial neural networks. Euro J Appl Eng Sci Res 2(1):36–4

    Google Scholar 

  26. Pini M, Scalvini A, Liaqat MU, Ranzi R, Serina I, Mehmood T (2020) Evaluation of machine learning techniques for inflow prediction in lake como, italy. In: Knowledge-based and intelligent information & engineering systems: proceedings of the 24th international conference KES-2020, Virtual Event, 16–18 September 2020. Procedia Computer Science, vol 176, pp 918–927. Elsevier

    Google Scholar 

  27. 6Sgandurra D, Mun˜oz-Gonza´lez L, Mohsen R, Lupu EC (2016) Automated dynamic analysis of ransomware: benefits, limitations and use for detection. arXiv preprint arXiv:1609.03020

Download references

Acknowledgements

The authors thank the UNITAR International University supporting the publication of this paper.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Tahir Mehmood .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nadeem, S., Mehmood, T., Yaqoob, M. (2024). A Generic Framework for Ransomware Prediction and Classification with Artificial Neural Networks. In: Bee Wah, Y., Al-Jumeily OBE, D., Berry, M.W. (eds) Data Science and Emerging Technologies. DaSET 2023. Lecture Notes on Data Engineering and Communications Technologies, vol 191. Springer, Singapore. https://doi.org/10.1007/978-981-97-0293-0_10

Download citation

Publish with us

Policies and ethics