In recent years, ransomware has become highly profitable cyber attacks. This is because, everyday there are several new devices attending to computer networks before testing their security strength. In addition, it is easy to launch ransomware attacks by using Ransomware-as-a-Service. This paper proposed a new method that creates the ransomware specific features by using ransomware behaviors which are performed on file, registry, and network resources. The weights are assigned to the behaviors based upon where the actions are performed. The most feasible features are selected based on the assigned weights as well as Information Gain. The selected features are classified by using ML classifiers including J48 (C4.5), RF (Random Forest), AdaBoost (Adaptive Boosting), SLR (Simple Logistic Regression), KNN (K-Nearest Neighbors), BN (Bayesian Network), and SMO (Sequential Minimal Optimization). The experiments are performed on several ransomware variants as well as benign samples. The test results show that our proposed method is feasible and effective. The DR, FPR, f-measure, and accuracy are measured as 100%, 1.4%, 99.4%, 99.38%, respectively.
In recent years, ransomware has become highly profitable cyber attacks. This is because, everyday there are several new devices attending to computer networks before testing their security strength. In addition, it is easy to launch ransomware attacks by using Ransomware-as-a-Service. This paper proposed a new method that creates the ransomware specific features by using ransomware behaviors which are performed on file, registry, and network resources. The weights are assigned to the behaviors based upon where the actions are performed. The most feasible features are selected based on the assigned weights as well as Information Gain. The selected features are classified by using ML classifiers including J48 (C4.5), RF (Random Forest), AdaBoost (Adaptive Boosting), SLR (Simple Logistic Regression), KNN (K-Nearest Neighbors), BN (Bayesian Network), and SMO (Sequential Minimal Optimization). The experiments are performed on several ransomware variants as well as benign samples. The test results show that our proposed method is feasible and effective. The DR, FPR, f-measure, and accuracy are measured as 100%, 1.4%, 99.4%, 99.38%, respectively.
Primary Language | English |
---|---|
Subjects | Engineering |
Journal Section | Araştırma Makalesi |
Authors | |
Publication Date | June 30, 2022 |
Submission Date | December 20, 2021 |
Acceptance Date | March 28, 2022 |
Published in Issue | Year 2022 |