Skip to main content

Research Repository

Advanced Search

Detecting ransomware using process behavior analysis

Arabo, Abdullahi; Dijoux, Remi; Poulain, Timothee; Chevalier, Gregoire

Authors

Profile image of Abdullahi Arabo

Abdullahi Arabo Abdullahi.Arabo@uwe.ac.uk
Associate professor of Cyber Science and Network Security

Remi Dijoux

Timothee Poulain

Gregoire Chevalier



Abstract

Ransomware attacks are one of the biggest and attractive threats in cyber security today. Anti-virus software's are often inefficient against zero-day malware and ransomware attacks, important network infections could result in a large amount of data loss. Such attacks are also becoming more dynamic and able to change their signatures - hence creating an arms race situation. This study investigates the relationship between a process behavior and its nature, in order to determine whether it is ransomware or not. The paper aim is to see if using this method will help the evading malicious software's and use as a self-defense mechanism using machine learning that emulates the human immune system. The analysis was conducted on 7 ransomware, 41 benign software, and 34 malware samples. The results show that we are able to distinguish between ransomware and benign applications, with a low false-positive and false-negative rate.

Presentation Conference Type Conference Paper (published)
Conference Name Complex Adaptive Systems 2019
Acceptance Date Sep 11, 2019
Online Publication Date May 13, 2020
Publication Date May 13, 2020
Deposit Date Sep 19, 2019
Publicly Available Date Sep 19, 2019
Journal Procedia Computer Science
Print ISSN 1877-0509
Publisher Elsevier
Volume 168
Pages 289-296
Series Title Procedia Computer Science
Series ISSN 1877-0509
DOI https://doi.org/10.1016/j.procs.2020.02.249
Keywords Ransomware; malware; cyber security; machine learning
Public URL https://uwe-repository.worktribe.com/output/3119673
Contract Date Sep 19, 2019

Files





You might also like



Downloadable Citations