Öz
In recent years, ransomware has become highly profitable cyber attacks. This is because, everyday there are several new devices attending to computer networks before testing their security strength. In addition, it is easy to launch ransomware attacks by using Ransomware-as-a-Service. This paper proposed a new method that creates the ransomware specific features by using ransomware behaviors which are performed on file, registry, and network resources. The weights are assigned to the behaviors based upon where the actions are performed. The most feasible features are selected based on the assigned weights as well as Information Gain. The selected features are classified by using ML classifiers including J48 (C4.5), RF (Random Forest), AdaBoost (Adaptive Boosting), SLR (Simple Logistic Regression), KNN (K-Nearest Neighbors), BN (Bayesian Network), and SMO (Sequential Minimal Optimization). The experiments are performed on several ransomware variants as well as benign samples. The test results show that our proposed method is feasible and effective. The DR, FPR, f-measure, and accuracy are measured as 100%, 1.4%, 99.4%, 99.38%, respectively.
Anahtar Kelimeler
Cyber security ransomware ransomware detection behavior-based detection
Kaynakça
- [1] D. Nieuwenhuizen, “A behavioural-based approach to ransomware detection,” MWR Labs Whitepaper, 2017.
- [2] Associated Press, "The Latest: UN warns cybercrime on rise during pandemic," 2020.
- [3] Sophos Report, "The State of Ransomware 2021," 2021.
- [4] Cognyte CTI Research Group, "Ransomware Attack Statistics 2021 – Growth & Analysis," 2021.
- [5] S. Morgan, "Global Ransomware Damage Costs Predicted To Reach $20 Billion (USD) By 2021," Cybercrime Magazine, 2019.
- [6] Ö. Aslan and R. Samet, "Investigation of possibilities to detect malware using existing Tools," in 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA) (pp. 1277-1284), 2017.
- [7] J. P. Tailor and A.D. Patel, "A comprehensive survey: ransomware attacks prevention, monitoring and damage control," Int. J. Res. Sci. Innov, vol. 15, pp. 116-121, 2017.
- [8] R. Brewer, "Ransomware attacks: detection, prevention and cure," Network Security, vol. 9, no. 5-9, 2016.
- [9] D. Sgandurra, L. Muñoz-González, R. Mohsen and E. C. Lupu, "Automated dynamic analysis of ransomware: Benefits, limitations and use for detection," arXiv preprint arXiv:1609.03020, 2016.
- [10] Ö. Aslan, R. Samet and Ö. Ö. Tanrıöver, "Using a Subtractive Center Behavioral Model to Detect Malware," Security and Communication Networks, 2020.
- [11] R. Vinayakumar, K.P. Soman, K.S. Velan and S. Ganorkar, “Evaluating shallow and deep networks for ransomware detection and classification,” in 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 259-265, 2017.
- [12] K. Cabaj, M. Gregorczyk and W. Mazurczyk, "Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics," Computers and Electrical Engineering, vol. 66, pp. 353-368, 2018.
- [13] A. O. Almashhadani, M. Kaiiali, S. Sezer and P. O’Kane, "A multi-classifier network-based crypto ransomware detection system: A case study of locky ransomware," IEEE Access, vol. 7, pp. 47053-47067, 2019.
- [14] S. I. Bae, G. B. Lee and E. G. Im, "Ransomware detection using machine learning algorithms," Concurrency and Computation: Practice and Experience, vol. 32, no. 18, e5422, 2020.
- [15] Ö. Aslan and R. Samet, "A comprehensive review on malware detection approaches," IEEE Access,vol. 8, pp. 6249-6271, 2020.
- [16] C. Beaman, A. Barkworth, T. D. Akande, S. Hakak and M. K. Khan, "Ransomware: Recent advances, analysis, challenges and future research directions," Computers and Security, vol. 111, pp. 102490, 2021.
- [17] Malware downloading website, https://malshare.com/, accessible in 2021.
- [18] Malware downloading website, https://thezoo.morirt.com/, accessible in 2021.
- [19] Malware downloading website, http://www.tekdefense.com/, accessible in 2021.
- [20] Malware downloading website, https://virusshare.com/, accessible in 2021.
Öz
In recent years, ransomware has become highly profitable cyber attacks. This is because, everyday there are several new devices attending to computer networks before testing their security strength. In addition, it is easy to launch ransomware attacks by using Ransomware-as-a-Service. This paper proposed a new method that creates the ransomware specific features by using ransomware behaviors which are performed on file, registry, and network resources. The weights are assigned to the behaviors based upon where the actions are performed. The most feasible features are selected based on the assigned weights as well as Information Gain. The selected features are classified by using ML classifiers including J48 (C4.5), RF (Random Forest), AdaBoost (Adaptive Boosting), SLR (Simple Logistic Regression), KNN (K-Nearest Neighbors), BN (Bayesian Network), and SMO (Sequential Minimal Optimization). The experiments are performed on several ransomware variants as well as benign samples. The test results show that our proposed method is feasible and effective. The DR, FPR, f-measure, and accuracy are measured as 100%, 1.4%, 99.4%, 99.38%, respectively.
Anahtar Kelimeler
Cyber security Ransomware detection Behavior-based detection Machine learning
Kaynakça
- [1] D. Nieuwenhuizen, “A behavioural-based approach to ransomware detection,” MWR Labs Whitepaper, 2017.
- [2] Associated Press, "The Latest: UN warns cybercrime on rise during pandemic," 2020.
- [3] Sophos Report, "The State of Ransomware 2021," 2021.
- [4] Cognyte CTI Research Group, "Ransomware Attack Statistics 2021 – Growth & Analysis," 2021.
- [5] S. Morgan, "Global Ransomware Damage Costs Predicted To Reach $20 Billion (USD) By 2021," Cybercrime Magazine, 2019.
- [6] Ö. Aslan and R. Samet, "Investigation of possibilities to detect malware using existing Tools," in 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA) (pp. 1277-1284), 2017.
- [7] J. P. Tailor and A.D. Patel, "A comprehensive survey: ransomware attacks prevention, monitoring and damage control," Int. J. Res. Sci. Innov, vol. 15, pp. 116-121, 2017.
- [8] R. Brewer, "Ransomware attacks: detection, prevention and cure," Network Security, vol. 9, no. 5-9, 2016.
- [9] D. Sgandurra, L. Muñoz-González, R. Mohsen and E. C. Lupu, "Automated dynamic analysis of ransomware: Benefits, limitations and use for detection," arXiv preprint arXiv:1609.03020, 2016.
- [10] Ö. Aslan, R. Samet and Ö. Ö. Tanrıöver, "Using a Subtractive Center Behavioral Model to Detect Malware," Security and Communication Networks, 2020.
- [11] R. Vinayakumar, K.P. Soman, K.S. Velan and S. Ganorkar, “Evaluating shallow and deep networks for ransomware detection and classification,” in 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 259-265, 2017.
- [12] K. Cabaj, M. Gregorczyk and W. Mazurczyk, "Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics," Computers and Electrical Engineering, vol. 66, pp. 353-368, 2018.
- [13] A. O. Almashhadani, M. Kaiiali, S. Sezer and P. O’Kane, "A multi-classifier network-based crypto ransomware detection system: A case study of locky ransomware," IEEE Access, vol. 7, pp. 47053-47067, 2019.
- [14] S. I. Bae, G. B. Lee and E. G. Im, "Ransomware detection using machine learning algorithms," Concurrency and Computation: Practice and Experience, vol. 32, no. 18, e5422, 2020.
- [15] Ö. Aslan and R. Samet, "A comprehensive review on malware detection approaches," IEEE Access,vol. 8, pp. 6249-6271, 2020.
- [16] C. Beaman, A. Barkworth, T. D. Akande, S. Hakak and M. K. Khan, "Ransomware: Recent advances, analysis, challenges and future research directions," Computers and Security, vol. 111, pp. 102490, 2021.
- [17] Malware downloading website, https://malshare.com/, accessible in 2021.
- [18] Malware downloading website, https://thezoo.morirt.com/, accessible in 2021.
- [19] Malware downloading website, http://www.tekdefense.com/, accessible in 2021.
- [20] Malware downloading website, https://virusshare.com/, accessible in 2021.
Ayrıntılar
| Birincil Dil | İngilizce |
|---|---|
| Konular | Mühendislik |
| Bölüm | Araştırma Makalesi |
| Yazarlar | |
| Yayımlanma Tarihi | 30 Haziran 2022 |
| Gönderilme Tarihi | 20 Aralık 2021 |
| Kabul Tarihi | 28 Mart 2022 |
| Yayımlandığı Sayı | Yıl 2022 Cilt: 11 Sayı: 2 |
