On the classification of Microsoft-Windows ransomware using hardware profile-Reference-Cited by-同舟云学术

On the classification of Microsoft-Windows ransomware using hardware profile

Published:2021-02-02 Issue: Volume:7 Page:e361
ISSN:2376-5992
Container-title:PeerJ Computer Science
language:en
Short-container-title:

Author:

Aurangzeb Sana¹^ORCID,Rais Rao Naveed Bin²,Aleem Muhammad³^ORCID,Islam Muhammad Arshad³^ORCID,Iqbal Muhammad Azhar⁴

Affiliation:

1. Department of Computer Science, National University of Modern Languages, Islamabad, Islamabad, ICT, Pakistan

2. College of Engineering and Information Technology, Ajman University, Ajman, United Arab Emirates

3. Department of Computer Science, National University of Computer and Emerging Sciences, Islamabad, Islamabad, ICT, Pakistan

4. School of Information Science and Technology (SIST), Southwest Jiaotong University, Chengdu, China

Abstract

Due to the expeditious inclination of online services usage, the incidents of ransomware proliferation being reported are on the rise. Ransomware is a more hazardous threat than other malware as the victim of ransomware cannot regain access to the hijacked device until some form of compensation is paid. In the literature, several dynamic analysis techniques have been employed for the detection of malware including ransomware; however, to the best of our knowledge, hardware execution profile for ransomware analysis has not been investigated for this purpose, as of today. In this study, we show that the true execution picture obtained via a hardware execution profile is beneficial to identify the obfuscated ransomware too. We evaluate the features obtained from hardware performance counters to classify malicious applications into ransomware and non-ransomware categories using several machine learning algorithms such as Random Forest, Decision Tree, Gradient Boosting, and Extreme Gradient Boosting. The employed data set comprises 80 ransomware and 80 non-ransomware applications, which are collected using the VirusShare platform. The results revealed that extracted hardware features play a substantial part in the identification and detection of ransomware with F-measure score of 0.97 achieved by Random Forest and Extreme Gradient Boosting.

Funder

Deanship of Graduate Studies and Research

Publisher

PeerJ

Subject

General Computer Science

Link

https://peerj.com/articles/cs-361.pdf

Reference76 articles.

1. Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions;Al-rimy;Computers & Security,2018

2. RAPPER: ransomware prevention via performance counters;Alam;ArXiv,2020

3. Ransomware: A research and a personal case study of dealing with this nasty malware;Ali;Issues in Informing Science and Information Technology,2017

Cited by 16 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Ransomware Reloaded: Re-examining Its Trend, Research and Mitigation in the Era of Data Exfiltration;ACM Computing Surveys;2024-08-30

2. RD-FAXID: Ransomware Detection with FPGA-Accelerated XGBoost;ACM Transactions on Reconfigurable Technology and Systems;2024-08-12

3. AndroDex: Android Dex Images of Obfuscated Malware;Scientific Data;2024-02-16

4. Malware Detection with Artificial Intelligence: A Systematic Literature Review;ACM Computing Surveys;2024-01-22

5. Ransomware Detection Using Machine Learning: A Review, Research Limitations and Future Directions;IEEE Access;2024