Abstract
Recently, cybercriminals have infiltrated different sectors of the human venture to launch ransomware attacks against information technology infrastructure. They demand ransom from individuals and industries, thereby inflicting significant loss of data. The use of intelligent algorithms for ransomware attack detection began to gain popularity in recent times and proved feasible. However, no comprehensive dedicated literature review on the applications of intelligent machine learning algorithms to detect ransomware attacks on information technology infrastructure. Unlike the previous reviews on ransomware attacks, this paper aims to conduct a comprehensive survey on the detection of ransomware attacks using intelligent machine learning algorithms. The study analysed literature from different perspectives focusing on intelligent algorithms detection of ransomware. The survey shows that there is a growing interest in recent times (2016—date) on the application of intelligent algorithms for ransomware detection. Deep learning algorithms are gaining tremendous attention because of their ability to handle large scale datasets, prominence in the research community, and ability to solve problems better than the conventional intelligent algorithms. To date, the potentials of big data analytics are yet to be fully exploited for the smart detection of ransomware attacks. Future research opportunities from the perspective of deep learning and big data analytics to solve the challenges identified from the survey are outlined to give the research community a new direction in dealing with ransomware attacks.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Digital Guardian (2019) A history of ransomware attacks: the biggest and worst ransomware attacks of all time. https://digitalguardian.com/blog/history-ransomware-attacks-biggest-and-worst-ransomware-attacks-all-time. Accessed 17 Dec 2019
Abdullahi AU, Ahmad R, Zakaria NM (2016) Big data: performance profiling of meteorological and oceanographic data on hive. In: Paper presented at the 2016 3rd international conference on computer and information sciences (ICCOINS).
Acharya UR, Fujita H, Oh SL, Hagiwara Y, Tan JH, Adam M (2017) Application of deep convolutional neural network for automated detection of myocardial infarction using ECG signals. Inf Sci 415:190–198
Agrawal R, Stokes JW, Selvaraj K, Marinescu M (2019) Attention in recurrent neural networks for ransomware detection. In: Paper presented at the ICASSP 2019–2019 IEEE international conference on acoustics, speech and signal processing (ICASSP).
Ahmadian MM, Shahriari HR (2016) 2entFOX: a framework for high survivable ransomwares detection. In: 2016 13th international iranian society of cryptology conference on information security and cryptology (ISCISC), 7-8 Sept 2016. IEEE, Tehran, Iran, pp 79–84
Al-Hawawreh M, Sitnikova E (2019) Leveraging deep learning models for ransomware detection in the industrial internet of things environment. In: Paper presented at the 2019 military communications and information systems conference (MilCIS).
Alhawi OM, Baldwin J, Dehghantanha A (2018) Leveraging machine learning techniques for windows ransomware network traffic detection. Cyber Threat Intell 70:93–106
Almashhadani AO, Kaiiali M, Sezer S, O’Kane P (2019) A multi-classifier network-based crypto ransomware detection system: a case study of locky ransomware. IEEE Access 7:47053–47067
Alrawashdeh K, Purdy C (2018) Ransomware detection using limited precision deep learning structure in fpga. In: Paper presented at the NAECON 2018-IEEE national aerospace and electronics conference.
Al-rimy BAS, Maarof MA, Shaid SZM (2018) Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. Comput Secur 74:144–166
Al-rimy BAS, Maarof MA, Shaid SZM (2019) Crypto-ransomware early detection model using novel incremental bagging with enhanced semi-random subspace selection. Future Gener Comput Syst 101:476–491
Amanullah MA, Habeeb RAA, Nasaruddin FH, Gani A, Ahmed E, Nainar ASM, Imran M (2020) Deep learning and big data technologies for IoT security. Comput Commun. https://doi.org/10.1016/j.comcom.2020.01.016
Andronio N, Zanero S, Maggi F (2015) Heldroid: dissecting and detecting mobile ransomware. In: Paper presented at the international symposium on recent advances in intrusion detection.
Ashraf A, Aziz A, Zahoora U, Khan A (2019) Ransomware analysis using feature engineering and deep neural networks. arXiv preprint. http://arxiv.org/abs/1910.00286
Aurangzeb S, Aleem M, Iqbal MA, Islam MA (2017) Ransomware: a survey and trends. J Inf Assur Secur 6(2):48–58
Bae SI, Lee GB, Im EG (2019) Ransomware detection using machine learning algorithms. Concurr Comput Pract Exp 32:e5422
Berrueta E, Morato D, Magaña E, Izal M (2019) A survey on detection techniques for cryptographic ransomware. IEEE Access 7:144925–144944
Bhardwaj A, Avasthi V, Sastry H, Subrahmanyam G (2016) Ransomware digital extortion: a rising new age threat. Indian J Sci Technol 9(14):1–5
Bibi I, Akhunzada A, Malik J, Ahmed G, Raza M (2019) An effective android ransomware detection through multi-factor feature filtration and recurrent neural network. In: Paper presented at the 2019 UK/China Emerging Technologies (UCET).
Breiman L (2001) Random forests. Mach Learn 45(1):5–32
Chaudhary R, Aujla GS, Kumar N, Zeadally S (2018) Lattice based public key cryptosystem for internet of things environment: challenges and solutions. IEEE Internet Things J 6:4897–4909
Chen J, Wang C, Zhao Z, Chen K, Du R, Ahn G-J (2017a) Uncovering the face of android ransomware: characterization and real-time detection. IEEE Trans Inf Forensics Secur 13(5):1286–1300
Chen Y-C, Li Y-J, Tseng A, Lin T (2017b) Deep learning for malicious flow detection. In: Paper presented at the 2017 IEEE 28th annual international symposium on personal, indoor, and mobile radio communications (PIMRC).
Chong H (2017) SeCBD: the application idea from study evaluation of ransomware attack method in big data architecture. Procedia Comput Sci 116:358–364
Cohen A, Nissim N (2018) Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory. Expert Syst Appl 102:158–178
Connolly LY, Wall DS (2019) The rise of crypto-ransomware in a changing cybercrime landscape: taxonomising countermeasures. Comput Secur 87:101568
Conti M, Gangwal A, Ruj S (2018) On the economic significance of ransomware campaigns: a bitcoin transactions perspective. Comput Secur 79:162–189
Cusack G, Michel O, Keller E (2018) Machine learning-based detection of ransomware using SDN, pp 1–6. https://doi.org/10.1145/3180465.3180467. Accessed 17 Dec 2019
Daku H, Zavarsky P, Malik Y (2018) Behavioral-based classification and identification of ransomware variants using machine learning. In: Paper presented at the 2018 17th IEEE international conference on trust, security and privacy in computing and communications/12th IEEE international conference on big data science and engineering (TrustCom/BigDataSE).
Damshenas M, Dehghantanha A, Mahmoud R (2013) A survey on malware propagation, analysis, and detection. Int J Cyber Secur Digit Forensics 2(4):10–30
Druva (2017) Druva releases annual enterprise ransomware report. https://www.globenewswire.com/news-release/2017/06/28/1217348/0/en/Druva-Releases-Annual-Enterprise-Ransomware-Report.html. Accessed 17 Dec 2019
Feizollah A, Anuar NB, Salleh R, Wahab AWA (2015) A review on feature selection in mobile malware detection. Digit Investig 13:22–37
Fernandez Maimo L, Huertas Celdran A, Perales Gomez AL, Clemente G, Félix J, Weimer J, Lee I (2019) Intelligent and dynamic ransomware spread detection and mitigation in integrated clinical environments. Sensors 19(5):1114
Frank E, Hall MA, Witten IH (2016) The WEKA workbench. Morgan Kaufmann
Gómez-Hernández J, Álvarez-González L, García-Teodoro P (2018) R-Locker: thwarting ransomware action through a honeyfile-based approach. Comput Secur 73:389–398
Hansen SS, Larsen TMT, Stevanovic M, Pedersen JM (2016) An approach for detection and family classification of malware based on behavioral analysis. In: Paper presented at the 2016 international conference on computing, networking and communications (ICNC).
Haque IRI, Neubert J (2020) Deep learning approaches to biomedical image segmentation. Inform Med Unlocked 18:100297
Harikrishnan N, Soman K (2018) Detecting ransomware using GURLS. In: Paper presented at the 2018 second international conference on advances in electronics, computers and communications (ICAECC).
Hatcher WG, Yu W (2018) A survey of deep learning: platforms, applications and emerging research trends. IEEE Access 6:24411–24432
Homayoun S, Dehghantanha A, Ahmadzadeh M, Hashemi S, Khayami R, Choo K-KR, Newton DE (2019) DRTHIS: Deep ransomware threat hunting and intelligence system at the fog layer. Future Gener Comput Syst 90:94–104. https://doi.org/10.1016/j.future.2018.07.045
Javaheri D, Hosseinzadeh M, Rahmani AM (2018) Detection and elimination of spyware and ransomware by intercepting Kernel-Level system routines. IEEE Access 6:78321–78332
Joseph DP, Norman J (2020) A review and analysis of ransomware using memory forensics and its tools. Smart intelligent computing and applications. Springer, Berlin, pp 505–514
Kharraz A, Robertson W, Balzarotti D, Bilge L, Kirda E (2015) Cutting the gordian knot: a look under the hood of ransomware attacks. In: Paper presented at the international conference on detection of intrusions and malware, and vulnerability assessment.
King D (2017) Detect and protect. ITNOW 59(4):54–55
Kok S, Abdullah A, Jhanjhi N, Supramaniam M (2019) Ransomware, threat and detection techniques: a review. Int J Comput Sci Netw Secur 19(2):136
Lachtar N, Ibdah D, Bacha A (2019) The case for native instructions in the detection of mobile ransomware. IEEE Lett Comput Soc 2:16–196
LeCun Y, Bengio Y, Hinton G (2015) Deep learning. Nature 521(7553):436–444
Lee S, Kim HK, Kim K (2019) Ransomware protection using the moving target defense perspective. Comput Electr Eng 78:288–299
Lu T, Zhang L, Wang S, Gong Q (2017) Ransomware detection based on v-detector negative selection algorithm. In: Paper presented at the 2017 international conference on security, pattern analysis, and cybernetics (SPAC).
Maigida AM, Olalere M, Alhassan JK, Chiroma H, Dada EG (2019) Systematic literature review and metadata analysis of ransomware attacks and detection mechanisms. J Reliab Intell Environ 5(2):67–89
Maniath S, Ashok A, Poornachandran P, Sujadevi V, Sankar AP, Jan S (2017) Deep learning LSTM based ransomware detection. In: Paper presented at the 2017 recent developments in control, automation and power engineering (RDCAPE).
Martín A, Hernandez-Castro J, Camacho D (2018) An in-depth study of the Jisut family of android ransomware. IEEE Access 6:57205–57218
Min D, Park D, Ahn J, Walker R, Lee J, Park S, Kim Y (2018) Amoeba: an autonomous backup and recovery SSD for ransomware attack defense. IEEE Comput Archit Lett 17(2):245–248
Mohammadi M, Al-Fuqaha A, Sorour S, Guizani M (2018) Deep learning for IoT big data and streaming analytics: a survey. IEEE Commun Surv Tutor 20(4):2923–2960
Muna A-H, den Hartog F, Sitnikova E (2019) Targeted ransomware: a new cyber threat to edge system of brownfield industrial internet of things. IEEE Internet Things J 6:7137–7151
National Vulnerability Databasa (2017) CVE-2017-0144 Detail. https://nvd.nist.gov/vuln/detail/CVE-2017-0144. Accessed 17 Dec 2019
O’Kane P, Sezer S, Carlin D (2018) Evolution of ransomware. IET Networks 7(5):321–327
Pathak P, Nanded YM (2016) A dangerous trend of cybercrime: ransomware growing challenge. Int J Adv Res Comput Eng Technol 5(2):371–373
Pluskal O (2015) Behavioural malware detection using efficient SVM implementation. In: Paper presented at the proceedings of the 2015 conference on research in adaptive and convergent systems.
Poudyal S, Subedi KP, Dasgupta D (2018) A framework for analyzing ransomware using machine learning. In: Paper presented at the 2018 IEEE symposium series on computational intelligence (SSCI).
Richardson R, North MM (2017) Ransomware: evolution, mitigation and prevention. Int Manag Rev 13(1):10
Sabharwal S, Sharma S (2020) Ransomware attack: India issues red alert. Emerging technology in modelling and graphics. Springer, Berlin, pp 471–484
Savage K, Coogan P, Lau H (2015) The evolution of ransomware. Symantec, Mountain View
Scaife N, Carter H, Traynor P, Butler KR (2016) Cryptolock (and drop it): stopping ransomware attacks on user data. In: Paper presented at the 2016 IEEE 36th international conference on distributed computing systems (ICDCS).
Scalas M, Maiorca D, Mercaldo F, Visaggio CA, Martinelli F, Giacinto G (2019) On the effectiveness of system API-related information for android ransomware detection. Comput Secur 86:168–182
Sgandurra D, Muñoz-González L, Mohsen R, Lupu EC (2016) Automated dynamic analysis of ransomware: benefits, limitations and use for detection. arXiv preprint. http://arxiv.org/abs/1609.03020
Shakir HA, Jaber AN (2017) A short review for ransomware: pros and cons. In: Paper presented at the international conference on P2P, parallel, grid, cloud and internet computing.
Sharmeen S, Ahmed YA, Huda S, Koçer B, Hassan MM (2020) Avoiding future digital extortion through robust protection against ransomware threats using deep learning based adaptive approaches. IEEE Access. 8:24522–24534
Shaukat SK, Ribeiro VJ (2018) RansomWall: a layered defense system against cryptographic ransomware attacks using machine learning. In: Paper presented at the 2018 10th international conference on communication systems and networks (COMSNETS).
Shukla M, Mondal S, Lodha S (2016) Poster: locally virtualized environment for mitigating ransomware threat. In: Paper presented at the proceedings of the 2016 ACM SIGSAC conference on computer and communications security.
Song S, Kim B, Lee S (2016) The effective ransomware prevention technique using process monitoring on android platform. Mobile Inf Syst 2016:9
Su D, Liu J, Wang X, Wang W (2018) Detecting android locker-ransomware on chinese social networks. IEEE Access 7:20381–20393
Symantec (2019) 2019 internet security threat report. https://www.symantec.com/en/uk/security-center/threat-report. Accessed 17 Dec 2019
Verma M, Kumarguru P, Deb SB, Gupta A (2018) Analysing indicator of compromises for ransomware: leveraging IOCs with machine learning techniques. In: Paper presented at the 2018 IEEE international conference on intelligence and security informatics (ISI).
Villalba LJG, Orozco ALS, Vivar AL, Vega EAA, Kim T-H (2018) Ransomware automatic data acquisition tool. IEEE Access 6:55043–55052
Vinayakumar R, Soman K, Velan KS, Ganorkar S (2017) Evaluating shallow and deep networks for ransomware detection and classification. In: Paper presented at the 2017 international conference on advances in computing, communications and informatics (ICACCI).
Vinayakumar R, Alazab M, Jolfaei A, Soman K, Poornachandran P (2019) Ransomware triage using deep learning: twitter as a case study. In: Paper presented at the 2019 cybersecurity and cyberforensics conference (CCC).
Wan Y-L, Chang J-C, Chen R-J, Wang S-J (2018) Feature-selection-based ransomware detection with machine learning of data analysis. In: Paper presented at the 2018 3rd international conference on computer and communication systems (ICCCS).
Yaqoob I, Ahmed E, Rehman MH, Ahmed AIA, Al-garadi MA, Imran M, Guizani M (2017) The rise of ransomware and emerging security challenges in the internet of things. Comput Netw 129:444–458
Zhang B, Xiao W, Xiao X, Sangaiah AK, Zhang W, Zhang J (2019) Ransomware classification using patch-based CNN and self-attention network on embedded N-grams of opcodes. Future Gener Comput Syst 110:708–720
Zhang H, Xiao X, Mercaldo F, Ni S, Martinelli F, Sangaiah AK (2019) Classification of ransomware families with machine learning based on N-gram of opcodes. Future Gener Comput Syst 90:211–221. https://doi.org/10.1016/j.future.2018.07.052
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Bello, I., Chiroma, H., Abdullahi, U.A. et al. Detecting ransomware attacks using intelligent algorithms: recent development and next direction from deep learning and big data perspectives. J Ambient Intell Human Comput 12, 8699–8717 (2021). https://doi.org/10.1007/s12652-020-02630-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-020-02630-7