nach oben

Wireless Personal Communications

Erschienen in:

25.01.2020

Two-Stage Ransomware Detection Using Dynamic Analysis and Machine Learning Techniques

verfasst von: Jinsoo Hwang, Jeankyung Kim, Seunghwan Lee, Kichang Kim

Erschienen in: Wireless Personal Communications | Ausgabe 4/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Detecting ransomware is harder than general malware because of the ever-increasing number of ransomwares with different signatures, which makes traditional signature-based detection technique powerless against ransomware. Current ransomware detection techniques usually build a complex model that incorporates various behavioral traits. The traits include suspicious file activities, API call pattern or frequency, registry keys, file extensions, etc. In this paper, we build a two-stage mixed ransomware detection model, Markov model and Random Forest model. First we focus on Windows API call sequence pattern and build a Markov model to capture the characteristics of ransomware. Next we build Random Forest machine learning model to the remaining data in order to control both false positive (FPR) and false negative (FNR) error rates. As a result of our two-stage mixed detection method we can achieve overall accuracy 97.3% with 4.8% FPR and 1.5% FNR.

Vorheriger Artikel Energy Efficient Routing Structure to Avoid Energy Hole Problem in Multi-Layer Network Model

Nächster Artikel An Effective Relay Node Selection Technique for Energy Efficient WSN-Assisted IoT

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Alazab, M., Venkatraman, S., & Watters, P. (2011). Zero-day malware detection based on supervised learning algorithms of API call signatures. In Proceedings of the 9th Australasian data mining conference (AusDM 2011) (Vol. 121, pp. 171–182). Australian Computer Society.

Bayer, U., Kruegel, C., & Kirda, E. (2006). TTAnalyze: A tool for analyzing malware. In Proceedings of the European institute for computer antivirus research annual conference.

BBC News. (2016). University pays 20,000 Dollars to ransomware hackers. http://www.bbc.com/news/technology-36478650. Accessed 24 Jan 2020.

Belcher, P. (2016). Sofos-Invincea. https://www.securitynewspaper.com/2016/06/07/hash-factory-new-cerber-ransomware-morphs-every-15-seconds/. Accessed 24 Jan 2020.

Bergeron, J., Debbabi, M., Desharnais, J., Erhioui, M.M., Lavoie, Y., & Tawbi, N. (2001). Static detection of malicious code in executable programs. In Proceedings of the symposium on requirements engineering for information security (SREIS ’01).

Butler, K., Scaife, N., Carter, H., & Traynor, P. (2016). CryptoLock (and drop it): Stoping ransomware attacks on user data. In Proceedings of international conference on distributive computing systems.

Continella, A., Guagnelli, A., Zingaro, G., De Pasquale, G., Barenghi, A., Zanero, S., & Maggi, F. (2016). Shieldfs: A self-healing, ransomware-aware filesystem. In Proceedings of the 32nd annual conference on computer security applications (pp. 336–347). ACM.

CryptoLocker Ransomware Information Guide and FAQ. (2016). [WWW]. http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information.

CUCKOO FOUNDATION. (2015). Cuckoo sandbox: Automated malware analysis. www.cuckoosandbox.org. Accessed 24 Jan 2020.

10.

Francescani, C. (2016). Ransomware hackers blackmail U.S. police departments. http://www.cnbc.com/2016/04/26/ransomware-hackers-blackmail-us-police-departments.html. Accessed 24 Jan 2020.

11.

Gupta, S., Sharma, H., & Kaur S. (2016). Malware characterization using Windows API call sequences. In Proceedings of security, privacy, and applied cryptography engineering: 6th international conferences, SPACE 2016, Hyderabad, India, December 14–18.

12.

Jang, J. W., Woo, J., Yun, J., & Kim, H. K. (2014). Mal-netminer: Malware classification based on social network analysis of call graph. In Proceedings of the companion publication of the 23rd international conference on world wide web companion (WWWCompanion 2014) (pp. 731–734). International World Wide Web Conferences Steering Committee.

13.

Jozwiak, I., Kedziora, M., & Melinska, A. (2011). Theoretical and practical aspects of encrypted containers detection. In W. Zamojski, J. Kacprzyk, J. Mazurkiewicz, J. Sugier, & T. Walkowiak (Eds.), Digital forensics approach, dependable computer systems (pp. 75–85). Berlin: Springer.CrossRef

14.

Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015). Cutting the Gordian knot: A look under the hood of ransomware attacks (pp. 1–10). Retrieved April 8, 2016, from http://seclab.ccs.neu.edu/static/publications/dimva2015ransomware.pdf.

15.

Kharraz, A, et al. (2016). UNVEIL: A large-scale, automated approach to detecting ransomware. In 25th USENIX security symposium (USENIX Security 16).

16.

Kolodenker, E., Koch, W., Stringhini, G., & Egele, M. (2017). Paybreak: Defense against cryptographic ransomware. In Proceedings of the 2017 ACM on Asia conference on computer and communications security, ASIA CCS 2017, New York, NY, USA (pp. 599–611).

17.

Lipovsky, R. (2014). We live security. Retrieved December 22, 2014, from https://www.welivesecurity.com/2014/12/22/win32virlock-first-self-reproducing-ransomware-also-shape-shifter/.

18.

Mariconti, E., Onwuzurike, L., Andriotis, P., Cristofaro, E. D., Ross, G., & Stringhini, G. (2017). MaMaDroid: Detecting android malware by building Markov chains of behavioral models. In The proceedings of 24th network and distributed system security symposium.

19.

Mimoso, M. (2017). Leaked NSA exploit spreading ransomware worldwide. https://threatpost.com/leaked-nsa-exploit-spreading-ransomware-worldwide/125654/. Accessed 24 Jan 2020.

20.

Peisert, S., Bishop, M., Karin, S., & Marzullo, K. (2007). Analysis of computer intrusions using sequences of function calls. IEEE Transactions on Dependable and Secure Computing, 4(2), 137–150.CrossRef

21.

Qiao, Y., Yang, Y., Ji, L., & He, J. (2013). Analyzing malware by abstracting the frequent item sets in API call sequences. In Proceedings of the 12th IEEE international conference on trust, security and privacy in computing and communications (TrustCom 2013) (pp. 265–270).

22.

Sathyanarayan, V. S., Kohli, P., & Bruhadeshwar, B. (2008). Signature generation and detection of malware families. In Information security and privacy. Berlin: Springer.

23.

Sgandurra, D., Munoz-Gonzalez, L. M., Mohsen, R., & Lupu, E. C. (2016). Automated dynamic analysis of ransomware: Benefits, limitations and use for detection. arXiv:1609.03020v1.

24.

Shankarapani, M., Kancherla, K., Ramammoorthy, S., Movva, R., & Mukkamala, S. (2010). Kernel machines for malware classification and similarity analysis. In Proceedings of the international joint conference on neural networks (IJCNN 2010) (pp. 1–6).

25.

WIRED Magazine. (2016). Why hospitals are the perfect targets for ransomware. https://www.wired.com/2016/03/ransomware-why-hospitals-are-the-perfect-targets/. Accessed 24 Jan 2020.

26.

You, K., & Yim, I. (2016). Malware obfuscation techniques: A brief survey. In International conference on broadband, wireless computing communication and application.

27.

Youngjoon, K., Eunjin, K., & HuyKang, K. (2015). A Novel approach to detect Malware based on API call sequence analysis. International Journal of Distributed Sensor Networks. https://doi.org/10.1155/2015/659101 CrossRef

28.

Zhang, H., Xiao, X., Mercaldo, F., Ni, S., Martinelli, F., & Sangaiah, A. K. (2019). Classification of ransomware families with machine learning based on N-gram of opcodes. Future Generation Computer Systems, 90, 211–211.CrossRef

Titel: Two-Stage Ransomware Detection Using Dynamic Analysis and Machine Learning Techniques
verfasst von: Jinsoo Hwang
Jeankyung Kim
Seunghwan Lee
Kichang Kim
Publikationsdatum: 25.01.2020
Verlag: Springer US
Erschienen in: Wireless Personal Communications / Ausgabe 4/2020
Print ISSN: 0929-6212
Elektronische ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-020-07166-9

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Nachhaltigkeitsaward Key Visual/© Cometis AG/Global ESG Monitor | Daniel Rupp | Generiert mit KI, Search Icon, Banner Hanser, Beijing Auto Show 2024: Deutsche Hersteller wollen angreifen./© EKH-Pictures / Generated with AI / Stock.adobe.com, Buchstaben, die aus einem Megaphon kommen/© MicroStockHub/Getty Images/iStock, Digitale Lieferkette/© zapp2photo / stock.adobe.com, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Sustainibility Finance/© Robert Kneschke / stock.adobe.com / Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2020

A Novel Method for Key Establishment Based on Symmetric Cryptography in Hierarchical Wireless Sensor Networks

Joint User Patterning and Power Control Optimization of MIMO–NOMA Systems

Multipath Diversity for OFDM Based Visible Light Communication Systems Through Fractional Sampling

Performance Evaluation and Analysis of Peak to Average Power Reduction in OFDM Signal

Reinforcing the Security of Instant Messaging Systems Using an Enhanced Honey Encryption Scheme: The Case of WhatsApp

Underdetermined DOA Estimation Algorithm Based on an Improved Nested Array

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.