A New Static-Based Framework for Ransomware Detection

Recently, ransomware attacks are on the rise hitting critical infrastructures and organizations globally. Ransomware uses advanced encryption techniques to encrypt important files on the targeted computer, then it requests payment to decrypt the encrypted files again. Therefore, the detection and prevention of ransomware attacks represent major challenges for security researchers. This research proposes a novel static-based rules ransomware detection framework. The decision rules of the proposed framework are based on static features extracted from the ransomware files. When scanned file reached rules threshold, the framework evaluates triggered rules through logical operations to assign a score for each file. Every score represents a confidence level whether this file is ransomware or not from critical to low. The proposed framework has proven that it can detect new families based on rules and logical operations with high accuracy and detection ratio

[1]  John Cavazos,et al.  Improving the effectiveness and efficiency of dynamic malware analysis with machine learning , 2017, 2017 Resilience Week (RWS).

[2]  R. Sekar,et al.  On the Limits of Information Flow Techniques for Malware Analysis and Containment , 2008, DIMVA.

[3]  Ali Dehghantanha,et al.  Detecting crypto-ransomware in IoT networks based on energy consumption footprint , 2018, J. Ambient Intell. Humaniz. Comput..

[4]  Bander Ali Saleh Al-rimy,et al.  Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions , 2018, Comput. Secur..

[5]  P. V. Shijo,et al.  Integrated Static and Dynamic Analysis for Malware Detection , 2015 .

[6]  Yudi Prayudi,et al.  Implementation of Malware Analysis using Static and Dynamic Analysis Method , 2015 .

[7]  Mohammad Mehdi Ahmadian,et al.  2entFOX: A framework for high survivable ransomwares detection , 2016, 2016 13th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC).

[8]  Dawei Shi,et al.  Detecting environment-sensitive malware based on taint analysis , 2017, 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS).

[9]  Yanhui Guo,et al.  Malware family classification method based on static feature extraction , 2017, 2017 3rd IEEE International Conference on Computer and Communications (ICCC).

[10]  Kirti Mathur,et al.  A Survey on Techniques in Detection and Analyzing Malware , 2013 .

[11]  Ali Dehghantanha,et al.  Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence , 2018, IEEE Transactions on Emerging Topics in Computing.

[12]  Sakir Sezer,et al.  Evolution of ransomware , 2018, IET Networks.

[13]  James Cannady,et al.  Enhanced detection of advanced malicious software , 2016, 2016 IEEE 7th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON).

[14]  Igor Santos,et al.  OPEM: A Static-Dynamic Approach for Machine-Learning-Based Malware Detection , 2012, CISIS/ICEUTE/SOCO Special Sessions.

[15]  Mansour Ahmadi,et al.  DLLMiner: structural mining for malware detection , 2015, Secur. Commun. Networks.

[16]  Babu M. Mehtre,et al.  Static Malware Analysis Using Machine Learning Methods , 2014, SNDS.

[17]  Jihun Kim,et al.  Malware behavior analysis using binary code tracking , 2017, 2017 4th International Conference on Computer Applications and Information Processing Technology (CAIPT).

[18]  Chris Moore,et al.  Detecting Ransomware with Honeypot Techniques , 2016, 2016 Cybersecurity and Cyberforensics Conference (CCC).

[19]  Aws Naser Jaber,et al.  A Short Review for Ransomware: Pros and Cons , 2017, 3PGCIC.

[20]  Engin Kirda,et al.  UNVEIL: A large-scale, automated approach to detecting ransomware (keynote) , 2016, SANER.

[21]  Yu Yang,et al.  Automated Detection and Analysis for Android Ransomware , 2015, 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems.

[22]  Alexandre Gazet,et al.  Comparative analysis of various ransomware virii , 2010, Journal in Computer Virology.

[23]  Jong Hyuk Park,et al.  CloudRPS: a cloud analysis based enhanced ransomware prevention system , 2016, The Journal of Supercomputing.

[24]  Philip K. Chan,et al.  Malware classification using static analysis based features , 2017, 2017 IEEE Symposium Series on Computational Intelligence (SSCI).

[25]  Cristian Pascariu,et al.  Dynamic analysis of malware using artificial neural networks: Applying machine learning to identify malicious behavior based on parent process hirarchy , 2017, 2017 9th International Conference on Electronics, Computers and Artificial Intelligence (ECAI).

[26]  Baoxu Liu,et al.  Poster : A New Approach to Detecting Ransomware with Deception , 2017 .