Ransomware Detection using Process Memory
- URL: http://arxiv.org/abs/2203.16871v1
- Date: Thu, 31 Mar 2022 08:03:48 GMT
- Title: Ransomware Detection using Process Memory
- Authors: Avinash Singh, Richard Adeyemi Ikuesan, and Hein Venter
- Abstract summary: This study focuses on the inner workings and main function of ransomware.
New signatures and fingerprints of ransomware families can be identified to classify novel ransomware attacks correctly.
Several well-known machine learning algorithms were explored with an accuracy range of 81.38 to 96.28 percents.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Ransomware attacks have increased significantly in recent years, causing
great destruction and damage to critical systems and business operations.
Attackers are unfailingly finding innovative ways to bypass detection
mechanisms, whichencouraged the adoption of artificial intelligence. However,
most research summarizes the general features of AI and induces many false
positives, as the behavior of ransomware constantly differs to bypass
detection. Focusing on the key indicating features of ransomware becomes vital
as this guides the investigator to the inner workings and main function of
ransomware itself. By utilizing access privileges in process memory, the main
function of the ransomware can be detected more easily and accurately.
Furthermore, new signatures and fingerprints of ransomware families can be
identified to classify novel ransomware attacks correctly. The current research
used the process memory access privileges of the different memory regions of
the behavior of an executable to quickly determine its intent before serious
harm can occur. To achieve this aim, several well-known machine learning
algorithms were explored with an accuracy range of 81.38 to 96.28 percents. The
study thus confirms the feasibility of utilizing process memory as a detection
mechanism for ransomware.
Related papers
- MASKDROID: Robust Android Malware Detection with Masked Graph Representations [56.09270390096083]
We propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware.
We introduce a masking mechanism into the Graph Neural Network based framework, forcing MASKDROID to recover the whole input graph.
This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks.
arXiv Detail & Related papers (2024-09-29T07:22:47Z) - Time-Aware Face Anti-Spoofing with Rotation Invariant Local Binary Patterns and Deep Learning [50.79277723970418]
imitation attacks can lead to erroneous identification and subsequent authentication of attackers.
Similar to face recognition, imitation attacks can also be detected with Machine Learning.
We propose a novel approach that promises high classification accuracy by combining previously unused features with time-aware deep learning strategies.
arXiv Detail & Related papers (2024-08-27T07:26:10Z) - Understanding crypter-as-a-service in a popular underground marketplace [51.328567400947435]
Crypters are pieces of software whose main goal is to transform a target binary so it can avoid detection from Anti Viruses (AVs) applications.
The crypter-as-a-service model has gained popularity, in response to the increased sophistication of detection mechanisms.
This paper provides the first study on an online underground market dedicated to crypter-as-a-service.
arXiv Detail & Related papers (2024-05-20T08:35:39Z) - Detection of ransomware attacks using federated learning based on the CNN model [3.183529890105507]
This paper offers a ransomware attack modeling technique that targets the disrupted operation of a digital substation.
Experiments demonstrate that the suggested technique detects ransomware with a high accuracy rate.
arXiv Detail & Related papers (2024-05-01T09:57:34Z) - Ransomware threat mitigation through network traffic analysis and
machine learning techniques [0.0]
This paper focuses on a method for recognizing and identifying ransomware in computer networks.
The approach relies on using machine learning algorithms and analyzing the patterns of network traffic.
The results of implementing this method show that machine learning algorithms can effectively pinpoint ransomware based on network traffic.
arXiv Detail & Related papers (2024-01-27T03:55:28Z) - Ransomware Detection and Classification using Machine Learning [7.573297026523597]
This study uses the XGBoost and Random Forest (RF) algorithms to detect and classify ransomware attacks.
The models are evaluated on a dataset of ransomware attacks and demonstrate their effectiveness in accurately detecting and classifying ransomware.
arXiv Detail & Related papers (2023-11-05T18:16:53Z) - DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified
Robustness [58.23214712926585]
We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection.
Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables.
We are the first to offer certified robustness in the realm of static detection of malware executables.
arXiv Detail & Related papers (2023-03-20T17:25:22Z) - Minerva: A File-Based Ransomware Detector [2.139756658997758]
This paper presents Minerva, a novel robust approach to ransomware detection.
Minerva is engineered to be robust by design against evasion attacks, with architectural and feature selection choices informed by their resilience to adversarial manipulation.
Our evaluation showcases the ability of Minerva to accurately identify ransomware, generalize to unseen threats, and withstand evasion attacks.
arXiv Detail & Related papers (2023-01-26T11:47:10Z) - Detecting Ransomware Execution in a Timely Manner [0.0]
In recent times ransomware has spread from traditional computational resources to cyber-physical systems and industrial controls.
We devised a series of experiments in which virtual instances are infected with ransomware.
We design a change point detection and learning method for identifying ransomware execution.
arXiv Detail & Related papers (2022-01-12T11:40:59Z) - Mate! Are You Really Aware? An Explainability-Guided Testing Framework
for Robustness of Malware Detectors [49.34155921877441]
We propose an explainability-guided and model-agnostic testing framework for robustness of malware detectors.
We then use this framework to test several state-of-the-art malware detectors' abilities to detect manipulated malware.
Our findings shed light on the limitations of current malware detectors, as well as how they can be improved.
arXiv Detail & Related papers (2021-11-19T08:02:38Z) - Adversarial EXEmples: A Survey and Experimental Evaluation of Practical
Attacks on Machine Learning for Windows Malware Detection [67.53296659361598]
adversarial EXEmples can bypass machine learning-based detection by perturbing relatively few input bytes.
We develop a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks.
These attacks, named Full DOS, Extend and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section.
arXiv Detail & Related papers (2020-08-17T07:16:57Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.