Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Machine Learning-Based Identification of DDoS Flood Attack in eHealth Cloud Environment Kapitel lesen Erstes Kapitel lesen

2024 | OriginalPaper | Buchkapitel

Effective Ransomware Detection Method Using PE Header and YARA Rules

verfasst von : S. Hashwanth, S. Kirthica

Erschienen in: Proceedings of International Conference on Network Security and Blockchain Technology

Verlag: Springer Nature Singapore

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

As information technology has become more ingrained in people’s lives, data protection has become more and more crucial. On the other hand, malicious programs are being created that could tamper with sensitive and important information and restrict the access to it. A perfect example for such is ransomware, it locks down a computer and prevents users from using it until a ransom is paid. Every 11–14 s, a brand-new organization gets assaulted. Faster recovery is facilitated by early ransomware detection. In this paper, to detect ransomware, several machine learning models are trained using information derived from portable executable (PE) file structure. The proposed approach classifies ransomware applications with 99.4% accuracy by using 14 features. These 14 features are important, and it is enough to provide the accurate classification result. And, to improve the efficiency, the classified file is further examined to check for any bitcoin addresses being present or not through YARA rules.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Detection of Deepfakes in Financial Transactions Using Algorand Blockchain Consensus Mechanism
Nächstes Kapitel Applied S P Integration Procedure for Enhanced Haphazardly Misplaced Values in Data Mining for Database Protection
Literatur
1.
2.
Humayun M, Niazi M, Jhanjhi NZ, Alshayeb M, Mahmood S (2020) Cyber security threats and vulnerabilities: a systematic mapping study. Arab J Sci Eng 1–19
3.
Noorbehbahani F, Rasouli F, Saberi M (2019) Analysis of machine learning techniques for ransomware detection. In: 2019 16th international ISC (Iranian Society of Cryptology) conference on information security and cryptology (ISCISC), pp 128–133
4.
Al-rimy BAS, Maarof MA, Shaid SZM (2018) Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. Comput Secur 74:144–166
5.
Sethi K, Chaudhary SK, Tripathy BK, Bera P (2018) A novel malware analysis framework for malware detection and classification using machine learning approach. In: Proceedings of the 19th international conference on distributed computing and networking—ICDCN ‘18, pp 1–4
6.
Shijo PV, Salim A (2015) Integrated static and dynamic analysis for malware detection. Procedia Comput Sci 46:804–811. ISSN: 1877-0509
7.
Sgandurra D, Munoz-Gonzalez L, Mohsen R, Lupu EC (2016) Automated dynamic analysis of ransomware: benefits, limitations and use for detection. arXiv Prepr. arXiv:​1609.​03020
8.
Manavi F, Hamzeh A (2020) A new method for ransomware detection based on PE header using convolutional neural networks. In: 2020 17th international ISC conference on information security and cryptology (ISCISC), pp 82–87
9.
Vinayakumar R, Soman KP, Velan K, Ganorkar S (2017) Evaluating shallow and deep networks for ransomware detection and classification. In: 2017 international conference on advances in computing, communications, and informatics (ICACCI), pp 259–265
10.
Homayoun S, Dehghantanha A, Ahmadzadeh M, Hashemi S, Khayami R (2020) Know abnormal, find evil: frequent pattern mining for ransomware threat hunting and intelligence. IEEE Trans Emerg Topics Comput 8(2):341–351
11.
Vidyarthi D, Kumar CRS, Rakshit S, Chansarkar S (2019) Static malware analysis to identify ransomware properties. Int J Comput Sci Issues 16(3):10–17
12.
Zhang H, Xiao X, Mercaldo F, Ni S, Martinelli F, Sangaiah AK (2019) Classification of ransomware families with machine learning based on N-gram of opcodes. Future Gener Comput Syst 90:211–221
13.
Bahrani A, Bidgly AJ (2019) Ransomware detection using process mining and classification algorithms. In :2019 16th international ISC (Iranian Society of Cryptology) conference on information security and cryptology (ISCISC), pp 73–77
14.
El-Kosairy A, Azer MA (2018) Intrusion and ransomware detection system. In: 2018 1st international conference on computer applications & information security (ICCAIS), pp 1–7
15.
Rezaei T, Hamze A (2020) An efficient approach for malware detection using PE header specifications. In: 2020 6th international conference on web research (ICWR), pp 234–239
16.
Manavi F, Hamzeh A (2021) Static detection of ransomware using LSTM network and PE header. In: 2021 26th international computer conference, Computer Society of Iran (CSICC), pp 1–5
17.
Belaoued M, Mazouzi S (2016) A chi-square-based decision for real-time malware detection using PE-file features. J Inf Process Syst 12(4):644–660
18.
Vyas R, Luo X, McFarland N, Justice C (2017) Investigation of malicious portable executable file detection on the network using supervised learning techniques. In: 2017 IFIP/IEEE symposium on integrated network and service management (IM)
19.
Benkessirat A, Benblidia N (2019) Fundamentals of feature selection: an overview and comparison. In: 2019 IEEE/ACS 16th international conference on computer systems and applications (AICCSA), pp 1–6
20.
Baldwin J, Dehghantanha A (2018) Leveraging support vector machine for opcode density-based detection of crypto-ransomware. In: Cyber threat intelligence. Springer, pp 107–136
21.
Hassen M, Carvalho MM, Chan PK (2017) Malware classification using static analysis-based features. In: 2017 IEEE symposium series on computational intelligence (SSCI), pp 1–7
22.
Powers DM (2011) Evaluation: from precision, recall and F-measure to ROC, informedness, markedness and correlation
23.
Metadaten
Titel
Effective Ransomware Detection Method Using PE Header and YARA Rules
verfasst von
S. Hashwanth
S. Kirthica
Copyright-Jahr
2024
Verlag
Springer Nature Singapore
Buch
Proceedings of International Conference on Network Security and Blockchain Technology

Print ISBN: 978-981-9944-32-3

Electronic ISBN: 978-981-9944-33-0

Copyright-Jahr: 2024

DOI
https://doi.org/10.1007/978-981-99-4433-0_16

Neuer Inhalt

    Bildnachweise