Research Article
BibTex RIS Cite

Ransomware Detection in Cyber Security Domain

Year 2022, Volume: 11 Issue: 2, 508 - 518, 30.06.2022
https://doi.org/10.17798/bitlisfen.1038966

Abstract

In recent years, ransomware has become highly profitable cyber attacks. This is because, everyday there are several new devices attending to computer networks before testing their security strength. In addition, it is easy to launch ransomware attacks by using Ransomware-as-a-Service. This paper proposed a new method that creates the ransomware specific features by using ransomware behaviors which are performed on file, registry, and network resources. The weights are assigned to the behaviors based upon where the actions are performed. The most feasible features are selected based on the assigned weights as well as Information Gain. The selected features are classified by using ML classifiers including J48 (C4.5), RF (Random Forest), AdaBoost (Adaptive Boosting), SLR (Simple Logistic Regression), KNN (K-Nearest Neighbors), BN (Bayesian Network), and SMO (Sequential Minimal Optimization). The experiments are performed on several ransomware variants as well as benign samples. The test results show that our proposed method is feasible and effective. The DR, FPR, f-measure, and accuracy are measured as 100%, 1.4%, 99.4%, 99.38%, respectively.

References

  • [1] D. Nieuwenhuizen, “A behavioural-based approach to ransomware detection,” MWR Labs Whitepaper, 2017.
  • [2] Associated Press, "The Latest: UN warns cybercrime on rise during pandemic," 2020.
  • [3] Sophos Report, "The State of Ransomware 2021," 2021.
  • [4] Cognyte CTI Research Group, "Ransomware Attack Statistics 2021 – Growth & Analysis," 2021.
  • [5] S. Morgan, "Global Ransomware Damage Costs Predicted To Reach $20 Billion (USD) By 2021," Cybercrime Magazine, 2019.
  • [6] Ö. Aslan and R. Samet, "Investigation of possibilities to detect malware using existing Tools," in 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA) (pp. 1277-1284), 2017.
  • [7] J. P. Tailor and A.D. Patel, "A comprehensive survey: ransomware attacks prevention, monitoring and damage control," Int. J. Res. Sci. Innov, vol. 15, pp. 116-121, 2017.
  • [8] R. Brewer, "Ransomware attacks: detection, prevention and cure," Network Security, vol. 9, no. 5-9, 2016.
  • [9] D. Sgandurra, L. Muñoz-González, R. Mohsen and E. C. Lupu, "Automated dynamic analysis of ransomware: Benefits, limitations and use for detection," arXiv preprint arXiv:1609.03020, 2016.
  • [10] Ö. Aslan, R. Samet and Ö. Ö. Tanrıöver, "Using a Subtractive Center Behavioral Model to Detect Malware," Security and Communication Networks, 2020.
  • [11] R. Vinayakumar, K.P. Soman, K.S. Velan and S. Ganorkar, “Evaluating shallow and deep networks for ransomware detection and classification,” in 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 259-265, 2017.
  • [12] K. Cabaj, M. Gregorczyk and W. Mazurczyk, "Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics," Computers and Electrical Engineering, vol. 66, pp. 353-368, 2018.
  • [13] A. O. Almashhadani, M. Kaiiali, S. Sezer and P. O’Kane, "A multi-classifier network-based crypto ransomware detection system: A case study of locky ransomware," IEEE Access, vol. 7, pp. 47053-47067, 2019.
  • [14] S. I. Bae, G. B. Lee and E. G. Im, "Ransomware detection using machine learning algorithms," Concurrency and Computation: Practice and Experience, vol. 32, no. 18, e5422, 2020.
  • [15] Ö. Aslan and R. Samet, "A comprehensive review on malware detection approaches," IEEE Access,vol. 8, pp. 6249-6271, 2020.
  • [16] C. Beaman, A. Barkworth, T. D. Akande, S. Hakak and M. K. Khan, "Ransomware: Recent advances, analysis, challenges and future research directions," Computers and Security, vol. 111, pp. 102490, 2021.
  • [17] Malware downloading website, https://malshare.com/, accessible in 2021.
  • [18] Malware downloading website, https://thezoo.morirt.com/, accessible in 2021.
  • [19] Malware downloading website, http://www.tekdefense.com/, accessible in 2021.
  • [20] Malware downloading website, https://virusshare.com/, accessible in 2021.

Ransomware Detection in Cyber Security Domain

Year 2022, Volume: 11 Issue: 2, 508 - 518, 30.06.2022
https://doi.org/10.17798/bitlisfen.1038966

Abstract

In recent years, ransomware has become highly profitable cyber attacks. This is because, everyday there are several new devices attending to computer networks before testing their security strength. In addition, it is easy to launch ransomware attacks by using Ransomware-as-a-Service. This paper proposed a new method that creates the ransomware specific features by using ransomware behaviors which are performed on file, registry, and network resources. The weights are assigned to the behaviors based upon where the actions are performed. The most feasible features are selected based on the assigned weights as well as Information Gain. The selected features are classified by using ML classifiers including J48 (C4.5), RF (Random Forest), AdaBoost (Adaptive Boosting), SLR (Simple Logistic Regression), KNN (K-Nearest Neighbors), BN (Bayesian Network), and SMO (Sequential Minimal Optimization). The experiments are performed on several ransomware variants as well as benign samples. The test results show that our proposed method is feasible and effective. The DR, FPR, f-measure, and accuracy are measured as 100%, 1.4%, 99.4%, 99.38%, respectively.

References

  • [1] D. Nieuwenhuizen, “A behavioural-based approach to ransomware detection,” MWR Labs Whitepaper, 2017.
  • [2] Associated Press, "The Latest: UN warns cybercrime on rise during pandemic," 2020.
  • [3] Sophos Report, "The State of Ransomware 2021," 2021.
  • [4] Cognyte CTI Research Group, "Ransomware Attack Statistics 2021 – Growth & Analysis," 2021.
  • [5] S. Morgan, "Global Ransomware Damage Costs Predicted To Reach $20 Billion (USD) By 2021," Cybercrime Magazine, 2019.
  • [6] Ö. Aslan and R. Samet, "Investigation of possibilities to detect malware using existing Tools," in 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA) (pp. 1277-1284), 2017.
  • [7] J. P. Tailor and A.D. Patel, "A comprehensive survey: ransomware attacks prevention, monitoring and damage control," Int. J. Res. Sci. Innov, vol. 15, pp. 116-121, 2017.
  • [8] R. Brewer, "Ransomware attacks: detection, prevention and cure," Network Security, vol. 9, no. 5-9, 2016.
  • [9] D. Sgandurra, L. Muñoz-González, R. Mohsen and E. C. Lupu, "Automated dynamic analysis of ransomware: Benefits, limitations and use for detection," arXiv preprint arXiv:1609.03020, 2016.
  • [10] Ö. Aslan, R. Samet and Ö. Ö. Tanrıöver, "Using a Subtractive Center Behavioral Model to Detect Malware," Security and Communication Networks, 2020.
  • [11] R. Vinayakumar, K.P. Soman, K.S. Velan and S. Ganorkar, “Evaluating shallow and deep networks for ransomware detection and classification,” in 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 259-265, 2017.
  • [12] K. Cabaj, M. Gregorczyk and W. Mazurczyk, "Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics," Computers and Electrical Engineering, vol. 66, pp. 353-368, 2018.
  • [13] A. O. Almashhadani, M. Kaiiali, S. Sezer and P. O’Kane, "A multi-classifier network-based crypto ransomware detection system: A case study of locky ransomware," IEEE Access, vol. 7, pp. 47053-47067, 2019.
  • [14] S. I. Bae, G. B. Lee and E. G. Im, "Ransomware detection using machine learning algorithms," Concurrency and Computation: Practice and Experience, vol. 32, no. 18, e5422, 2020.
  • [15] Ö. Aslan and R. Samet, "A comprehensive review on malware detection approaches," IEEE Access,vol. 8, pp. 6249-6271, 2020.
  • [16] C. Beaman, A. Barkworth, T. D. Akande, S. Hakak and M. K. Khan, "Ransomware: Recent advances, analysis, challenges and future research directions," Computers and Security, vol. 111, pp. 102490, 2021.
  • [17] Malware downloading website, https://malshare.com/, accessible in 2021.
  • [18] Malware downloading website, https://thezoo.morirt.com/, accessible in 2021.
  • [19] Malware downloading website, http://www.tekdefense.com/, accessible in 2021.
  • [20] Malware downloading website, https://virusshare.com/, accessible in 2021.
There are 20 citations in total.

Details

Primary Language English
Subjects Engineering
Journal Section Araştırma Makalesi
Authors

Ömer Aslan 0000-0003-0737-1966

Publication Date June 30, 2022
Submission Date December 20, 2021
Acceptance Date March 28, 2022
Published in Issue Year 2022 Volume: 11 Issue: 2

Cite

IEEE Ö. Aslan, “Ransomware Detection in Cyber Security Domain”, Bitlis Eren Üniversitesi Fen Bilimleri Dergisi, vol. 11, no. 2, pp. 508–518, 2022, doi: 10.17798/bitlisfen.1038966.

Bitlis Eren University
Journal of Science Editor
Bitlis Eren University Graduate Institute
Bes Minare Mah. Ahmet Eren Bulvari, Merkez Kampus, 13000 BITLIS