Abstract
With the increase in the development of technology, the threat of “Ransomware” has also increased especially towards organizations. Ransomware is a malicious software that encrypts all the user’s data or system and demands a ransom payment for decryption. Despite various machine learning approaches proposed for ransomware detection, they often fail to identify those threats accurately in time, thus leading to data loss and victimization. This research introduces a novel framework, primarily based on static analysis of ransomware and predicting the presence of ransomware on users’ systems by monitoring a defined set of ransomware activities. In this study, we used the Resilient Information Systems Security (RISS) ransomware dataset, encompassing 582 ransomware samples from 11 distinct families and 982 instances of goodware. We proposed a generic neural network framework for the identification of ransomware and compared the performance of artificial neural networks (ANN) and deep neural networks (DNN) in terms of accurately classifying ransomware and goodware. The suggested framework secured an accuracy of 98.56% with ANNs, and achieved a slightly better performance (99.06%) when ANN was replaced with DNN. Our results showed that a basic ANN can achieve performance comparable to that of a DNN for ransomware detection. In future work, we plan to evaluate the performance of the proposed framework in a real-time setting.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Kshetri N, Voas J (2017) Do crypto-currencies fuel ransomware? IT profess 19(5):11–15
AlYousef MY, Abdelmajeed NT (2019) Dynamically detecting security threats and updating a signature-based intrusion detection system’s database. Procedia Comput Sci 159:1507–1516
Borrion H, Tripathi K, Chen P, Moon S (2014) Threat detection: a framework for security architects and designers of metropolitan rail systems. Urban Plann Transp Res 2(1):173–194
Lin PP (2006) System security threats and controls. The CPA J 76(7):58
Mehmood T, Helmi B (2016) Svm for network anomaly detection using aco feature subset. In: 2015 International symposium on mathematical sciences and computing research (iSMSC), IEEE, pp 121–126
Bae SI, Lee GB, Im EG (2020) Ransomware detection using machine learning algorithms. Concurr Comput Pract Exp 32(18):e5422
Fernando DW, Komninos N, Chen T (2020) A study on the evolution of ransomware detection using machine learning and deep learning techniques. IoT 1(2):551–604
Noorbehbahani, F., Rasouli, F., Saberi, M.: Analysis of machine learning techniques for ransomware detection. In: 2019 16th International ISC (Iranian Society of Cryptology) conference on information security and cryptology (ISCISC), IEEE, pp 128–133
Mehmod T, Rais HBM (2016) Ant colony optimization and feature selection for intrusion detection. In: Advances in machine learning and signal processing, Springer International Publishing, Cham, pp 305–312
Sajjan RS, Ghorpade VR (2017) Ransomware attacks: Radical menace for cloud computing. In: 2017 International conference on wireless communications, signal processing and networking (WiSPNET), IEEE, pp 1640–1646
Liska A, Gallo T (2016) Ransomware: defending against digital extortion. O’Reilly Media, Inc.
Nari S, Ghorbani AA (2015) Automated malware classification based on network behavior. In: 2013 International conference on computing, networking and communications (ICNC), IEEE, pp 642–647
Rao V, Hande K (2017) A comparative study of static, dynamic and hybrid analysis techniques for android malware detection. Int J Eng Develop Res 5(2):1433–1436
Grosse K, Papernot N, Manoharan P, Backes M, McDaniel P (2020) Adversarial examples for malware detection. In: Computer security–ESORICS 2017: 22nd European symposium on research in computer security, Oslo, Norway, September 11–15, Proceedings, Part II 22, pp 62–79
Zavarsky P, Lindskog D et al (2016) Experimental analysis of ransomware on windows and android platforms: evolution and characterization. Procedia Comput Sci 465–472
Brown S, Henz B, Brown H, Edwards M, Russell M, Mercurio J (2015) Validation of network simulation model with emulation using example malware. In: MILCOM 2015–2015 IEEE military communications conference, pp 1264–1269
Sahay SK, Sharma A (2016) Grouping the executables to detect malwares with high accuracy. Procedia Comput Sci 78:667–674
Rieck K, Holz T, Willems C, Du¨ssel P, Laskov P (2008) Learning and classification of malware behavior. In: International conference on detection of intrusions and malware, and vulnerability assessment, Springer, pp 108–125
Bayer U, Comparetti PM, Hlauschek C, Kruegel C, Kirda E (2009) Scalable, behavior-based malware clustering. In: NDSS, vol 9, pp 8–11
Hwang J, Kim J, Lee S, Kim K (2020) Two-stage ransomware detection using dynamic analysis and machine learning techniques. Wireless Pers Commun 112:2597–2609
Arivudainambi D, KA VK, Visu P et al (2020) Ransomware traffic classification using deep learning models: ransomware traffic classification. Int J Web Port (IJWP) 12(1):1–11
Kok S, Abdullah A, Jhanjhi N, Supramaniam M (2019) Ransomware, threat and detection techniques: A review. Int J Comput Sci Netw Secur 19(2):136
Dion Y, Brohi SN (2020) An experimental study to evaluate the performance of machine learning alogrithms in ransomware detection. J Eng Sci Technol 15(2):967–981
Resilient information systems security (riss) ransomware dataset. Retrieved from http://rissgroup.org/ransomware-dataset/. Accessed on 05 Jan 2023
Eluyode O, Akomolafe DT (2013) Comparative study of biological and artificial neural networks. Euro J Appl Eng Sci Res 2(1):36–4
Pini M, Scalvini A, Liaqat MU, Ranzi R, Serina I, Mehmood T (2020) Evaluation of machine learning techniques for inflow prediction in lake como, italy. In: Knowledge-based and intelligent information & engineering systems: proceedings of the 24th international conference KES-2020, Virtual Event, 16–18 September 2020. Procedia Computer Science, vol 176, pp 918–927. Elsevier
6Sgandurra D, Mun˜oz-Gonza´lez L, Mohsen R, Lupu EC (2016) Automated dynamic analysis of ransomware: benefits, limitations and use for detection. arXiv preprint arXiv:1609.03020
Acknowledgements
The authors thank the UNITAR International University supporting the publication of this paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Nadeem, S., Mehmood, T., Yaqoob, M. (2024). A Generic Framework for Ransomware Prediction and Classification with Artificial Neural Networks. In: Bee Wah, Y., Al-Jumeily OBE, D., Berry, M.W. (eds) Data Science and Emerging Technologies. DaSET 2023. Lecture Notes on Data Engineering and Communications Technologies, vol 191. Springer, Singapore. https://doi.org/10.1007/978-981-97-0293-0_10
Download citation
DOI: https://doi.org/10.1007/978-981-97-0293-0_10
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-0292-3
Online ISBN: 978-981-97-0293-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)