Ransomware Detection and Classification using Machine Learning

• URL: http://arxiv.org/abs/2311.16143v1
• Date: Sun, 5 Nov 2023 18:16:53 GMT
• Title: Ransomware Detection and Classification using Machine Learning
• Authors: Kavitha Kunku, ANK Zaman, Kaushik Roy
• Abstract summary: This study uses the XGBoost and Random Forest (RF) algorithms to detect and classify ransomware attacks. The models are evaluated on a dataset of ransomware attacks and demonstrate their effectiveness in accurately detecting and classifying ransomware.
• Score: 7.573297026523597
• License: http://creativecommons.org/licenses/by-nc-sa/4.0/
• Abstract: Vicious assaults, malware, and various ransomware pose a cybersecurity threat, causing considerable damage to computer structures, servers, and mobile and web apps across various industries and businesses. These safety concerns are important and must be addressed immediately. Ransomware detection and classification are critical for guaranteeing rapid reaction and prevention. This study uses the XGBoost classifier and Random Forest (RF) algorithms to detect and classify ransomware attacks. This approach involves analyzing the behaviour of ransomware and extracting relevant features that can help distinguish between different ransomware families. The models are evaluated on a dataset of ransomware attacks and demonstrate their effectiveness in accurately detecting and classifying ransomware. The results show that the XGBoost classifier, Random Forest Classifiers, can effectively detect and classify different ransomware attacks with high accuracy, thereby providing a valuable tool for enhancing cybersecurity.

Related papers

• MASKDROID: Robust Android Malware Detection with Masked Graph Representations [56.09270390096083]
  We propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware. We introduce a masking mechanism into the Graph Neural Network based framework, forcing MASKDROID to recover the whole input graph. This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks.
  arXiv  Detail & Related papers  (2024-09-29T07:22:47Z)
• Understanding crypter-as-a-service in a popular underground marketplace [51.328567400947435]
  Crypters are pieces of software whose main goal is to transform a target binary so it can avoid detection from Anti Viruses (AVs) applications. The crypter-as-a-service model has gained popularity, in response to the increased sophistication of detection mechanisms. This paper provides the first study on an online underground market dedicated to crypter-as-a-service.
  arXiv  Detail & Related papers  (2024-05-20T08:35:39Z)
• Detection of ransomware attacks using federated learning based on the CNN model [3.183529890105507]
  This paper offers a ransomware attack modeling technique that targets the disrupted operation of a digital substation. Experiments demonstrate that the suggested technique detects ransomware with a high accuracy rate.
  arXiv  Detail & Related papers  (2024-05-01T09:57:34Z)
• Ransomware threat mitigation through network traffic analysis and machine learning techniques [0.0]
  This paper focuses on a method for recognizing and identifying ransomware in computer networks. The approach relies on using machine learning algorithms and analyzing the patterns of network traffic. The results of implementing this method show that machine learning algorithms can effectively pinpoint ransomware based on network traffic.
  arXiv  Detail & Related papers  (2024-01-27T03:55:28Z)
• DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness [58.23214712926585]
  We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection. Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables. We are the first to offer certified robustness in the realm of static detection of malware executables.
  arXiv  Detail & Related papers  (2023-03-20T17:25:22Z)
• Malware and Ransomware Detection Models [0.0]
  We introduce a novel and flexible ransomware detection model that combines two optimized models. Our detection results on a limited dataset demonstrate good accuracy and F1 scores.
  arXiv  Detail & Related papers  (2022-07-05T15:22:13Z)
• Ransomware Detection using Process Memory [0.0]
  This study focuses on the inner workings and main function of ransomware. New signatures and fingerprints of ransomware families can be identified to classify novel ransomware attacks correctly. Several well-known machine learning algorithms were explored with an accuracy range of 81.38 to 96.28 percents.
  arXiv  Detail & Related papers  (2022-03-31T08:03:48Z)
• Mate! Are You Really Aware? An Explainability-Guided Testing Framework for Robustness of Malware Detectors [49.34155921877441]
  We propose an explainability-guided and model-agnostic testing framework for robustness of malware detectors. We then use this framework to test several state-of-the-art malware detectors' abilities to detect manipulated malware. Our findings shed light on the limitations of current malware detectors, as well as how they can be improved.
  arXiv  Detail & Related papers  (2021-11-19T08:02:38Z)
• Being Single Has Benefits. Instance Poisoning to Deceive Malware Classifiers [47.828297621738265]
  We show how an attacker can launch a sophisticated and efficient poisoning attack targeting the dataset used to train a malware classifier. As opposed to other poisoning attacks in the malware detection domain, our attack does not focus on malware families but rather on specific malware instances that contain an implanted trigger. We propose a comprehensive detection approach that could serve as a future sophisticated defense against this newly discovered severe threat.
  arXiv  Detail & Related papers  (2020-10-30T15:27:44Z)
• Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection [67.53296659361598]
  adversarial EXEmples can bypass machine learning-based detection by perturbing relatively few input bytes. We develop a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks. These attacks, named Full DOS, Extend and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section.
  arXiv  Detail & Related papers  (2020-08-17T07:16:57Z)
• Towards a Resilient Machine Learning Classifier -- a Case Study of Ransomware Detection [5.560986338397972]
  A machine learning (ML) classifier was built to detect ransomware (called crypto-ransomware) We find that input/output activities of ransomware and the file-content entropy are unique traits to detect crypto-ransomware. In addition to accuracy and resiliency, trustworthiness is the other key criteria for a quality detector.
  arXiv  Detail & Related papers  (2020-03-13T18:02:19Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.