Cited By
View all- Petrean DPotolea R(2024)Random forest evaluation using multi-key homomorphic encryption and lookup tablesInternational Journal of Information Security10.1007/s10207-024-00823-123:3(2023-2041)Online publication date: 14-Mar-2024
Sorting Ransomware from Malware Utilizing Machine Learning Methods with Dynamic Analysis
Pages 516 - 521
Abstract
Ransomware attacks have grown significantly in the past dozen years and have disrupted businesses that engage with personal data. In this paper, we discuss the identification of ransomware, malware, and benign software from one another using machine learning techniques. We collected data samples from repositories on the internet as well as referencing a dataset from a previous study that provided a basis for our approach. We collected ransomware, malware, and benign software samples manually using Cuckoo Sandbox™. We filtered on certain feature groups to test and determine if certain activity/processes in the infection process could be used to correctly distinguish ransomware from malware and benign software. These feature groups represent correlated processes within a running application: network activity, registry/events processes, and file interactions. The datasets were analyzed using several machine learning (ML) models which included Random Forest, Support Vector Machines (SVM), Gradient Boosting, and Decision Trees using binary classification. The best classifiers for distinctly identifying ransomware from benign software were Random Forest and SVM with an f1- score of 86% and an f1-score of 82% as well as an 85% in overall accuracy for Random Forest. In addition to ransomware versus benign software, we also compared malware software to ransomware data. Yielding a 100% accuracy in performance, Gradient Boosting Classifier and Decision Trees were the best at distinguishing ransomware from malware software. This high result may partially be caused by a smaller malware and ransomware dataset. Overall, we were able to successfully distinguish ransomware from malware and benign software.
References
[1]
Herrera-Silva, Juan A. and Hernández-Álvarez, Myriam. 2023. Dynamic feature dataset for ransomware detection using machine learning algorithms. Sensors 23, 3 (2023), 1053.
[2]
Shanxi Li, Qingguo Zhou, Rui Zhou, and Qingquan Lv. 2022. Intelligent Malware Detection Based on Graph Convolutional Networks. The Journal of Supercomputing 78, 3 (2022), 4182--4198.
[3]
NTFS123. 2018. NTFS123/Malwaredatabase. https://github.com/NTFS123/MalwareDatabase
[4]
Aldo Pareja, Giacomo Domeniconi, Jie Chen, Tengfei Ma, Toyotaro Suzumura, Hiroki Kanezashi, Tim Kaler, Tao Schardl, and Charles Leiserson. 2020. EVOLVEGCN: Evolving graph convolutional networks for dynamic graphs. Proceedings of the AAAI Conference on Artificial Intelligence 34, 04 (2020), 5363--5370.
[5]
Umara Urooj, Bander Ali Al-rimy, Anazida Zainal, Fuad A. Ghaleb, and Murad A. Rassam. 2021. Ransomware detection using the dynamic analysis and Machine Learning: A Survey and Research Directions. Applied Sciences 12, 1 (2021), 172.
[6]
Ytisf. 2014. YTISF/thezoo: A repository of Live Malwares for your own joy and pleasure. thezoo is a project created to make the possibility of malware analysis open and available to the public. https://github.com/ytisf/theZoo
[7]
Umme Zahoora, Asifullah Khan, Muttukrishnan Rajarajan, Saddam Hussain Khan, Muhammad Asam, and Tauseef Jamal. 2022. Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive pareto ensemble classifier. Scientific Reports 12, 1 (2022).
[8]
Zikai Zhang, Yidong Li, Wei Wang, Haifeng Song, and Hairong Dong. 2022. Malware detection with dynamic evolving graph convolutional networks. International Journal of Intelligent Systems 37, 10 (2022), 7261--7280.
Index Terms
- Sorting Ransomware from Malware Utilizing Machine Learning Methods with Dynamic Analysis
Recommendations
Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory
A solution for trusted detection of unknown ransomware in VMs is proposed.Valuable data is extracted from the VM's memory dump using the Volatility framework.General descriptive features are proposed and successfully leveraged by ML algorithms.The ...
Behavioural analysis and results of malware and ransomware using optimal behavioural feature set
Ransomware is the subset of malware that is considered the most jeopardising malware. In a malware/ransomware attack, attacker encrypts all the essential data files and demands the ransom to get all the important files that it has encrypted. There are ...
A novel malware analysis for malware detection and classification using machine learning algorithms
SIN '17: Proceedings of the 10th International Conference on Security of Information and NetworksNowadays, Malware has become a serious threat to the digitization of the world due to the emergence of various new and complex malware every day. Due to this, the traditional signature-based methods for detection of malware effectively becomes an ...
Comments
Information & Contributors
Information
Published In
October 2023
621 pages
ISBN:9781450399265
DOI:10.1145/3565287
- General Chairs:
- Jie Wu,
- Suresh Subramaniam,
- Program Chairs:
- Bo Ji,
- Carla Fabiana Chiasserini
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 16 October 2023
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
MobiHoc '23
Sponsor:
MobiHoc '23: Twenty-fourth International Symposium on Theory, Algorithmic Foundations, and Protocol Design for Mobile Networks and Mobile Computing
October 23 - 26, 2023
DC, Washington, USA
Acceptance Rates
Overall Acceptance Rate 296 of 1,843 submissions, 16%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 131Total Downloads
- Downloads (Last 12 months)87
- Downloads (Last 6 weeks)8
Reflects downloads up to 05 Mar 2025
Other Metrics
Citations
Cited By
View all- Petrean DPotolea R(2024)Random forest evaluation using multi-key homomorphic encryption and lookup tablesInternational Journal of Information Security10.1007/s10207-024-00823-123:3(2023-2041)Online publication date: 14-Mar-2024
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in