Early Ransomware Detection with Deep Learning Models-Reference-Cited by-同舟云学术

Early Ransomware Detection with Deep Learning Models

Published:2024-08-11 Issue:8 Volume:16 Page:291
ISSN:1999-5903
Container-title:Future Internet
language:en
Short-container-title:Future Internet

Author:

Davidian Matan¹,Kiperberg Michael¹,Vanetik Natalia¹^ORCID

Affiliation:

1. Department of Software Engineering, Shamoon College of Engineering, Beer Sheva 84100, Israel

Abstract

Ransomware is a growing-in-popularity type of malware that restricts access to the victim’s system or data until a ransom is paid. Traditional detection methods rely on analyzing the malware’s content, but these methods are ineffective against unknown or zero-day malware. Therefore, zero-day malware detection typically involves observing the malware’s behavior, specifically the sequence of application programming interface (API) calls it makes, such as reading and writing files or enumerating directories. While previous studies have used machine learning (ML) techniques to classify API call sequences, they have only considered the API call name. This paper systematically compares various subsets of API call features, different ML techniques, and context-window sizes to identify the optimal ransomware classifier. Our findings indicate that a context-window size of 7 is ideal, and the most effective ML techniques are CNN and LSTM. Additionally, augmenting the API call name with the operation result significantly enhances the classifier’s precision. Performance analysis suggests that this classifier can be effectively applied in real-time scenarios.

Publisher

MDPI AG

Link

https://www.mdpi.com/1999-5903/16/8/291/pdf

Reference66 articles.

1. Cloudflare Inc. (2024, August 01). (n.d.) Cloudflare. What Is Ransomware?. Available online: https://www.cloudflare.com.

2. CrowdStrike (2024, August 01). 2024 Global Threat Report. Available online: https://www.crowdstrike.com.

3. Urooj, U., Al-rimy, B.A.S., Zainal, A., Ghaleb, F.A., and Rassam, M.A. (2021). Ransomware detection using the dynamic analysis and machine learning: A survey and research directions. Appl. Sci., 12.

4. Ransomware deployment methods and analysis: Views from a predictive model and human responses;Morgan;Crime Sci. J.,2021

5. Herrera Silva, J.A., Barona López, L.I., Valdivieso Caraguay, Á.L., and Hernández-Álvarez, M. (2019). A survey on situational awareness of ransomware attacks—Detection and prevention parameters. Remote Sens., 11.