Abdullahi Arabo Abdullahi.Arabo@uwe.ac.uk
Associate professor of Cyber Science and Network Security
Detecting ransomware using process behavior analysis
Arabo, Abdullahi; Dijoux, Remi; Poulain, Timothee; Chevalier, Gregoire
Authors
Remi Dijoux
Timothee Poulain
Gregoire Chevalier
Abstract
Ransomware attacks are one of the biggest and attractive threats in cyber security today. Anti-virus software's are often inefficient against zero-day malware and ransomware attacks, important network infections could result in a large amount of data loss. Such attacks are also becoming more dynamic and able to change their signatures - hence creating an arms race situation. This study investigates the relationship between a process behavior and its nature, in order to determine whether it is ransomware or not. The paper aim is to see if using this method will help the evading malicious software's and use as a self-defense mechanism using machine learning that emulates the human immune system. The analysis was conducted on 7 ransomware, 41 benign software, and 34 malware samples. The results show that we are able to distinguish between ransomware and benign applications, with a low false-positive and false-negative rate.
Citation
Arabo, A., Dijoux, R., Poulain, T., & Chevalier, G. (2020). Detecting ransomware using process behavior analysis. Procedia Computer Science, 168, 289-296. https://doi.org/10.1016/j.procs.2020.02.249
| Journal Article Type | Conference Paper |
|---|---|
| Conference Name | Complex Adaptive Systems 2019 |
| Conference Location | Malvern, PA. USA |
| Acceptance Date | Sep 11, 2019 |
| Online Publication Date | May 13, 2020 |
| Publication Date | May 13, 2020 |
| Deposit Date | Sep 19, 2019 |
| Publicly Available Date | Sep 19, 2019 |
| Print ISSN | 1877-0509 |
| Publisher | Elsevier |
| Volume | 168 |
| Pages | 289-296 |
| Series Title | Procedia Computer Science |
| Series ISSN | 1877-0509 |
| DOI | https://doi.org/10.1016/j.procs.2020.02.249 |
| Keywords | Ransomware; malware; cyber security; machine learning |
| Public URL | https://uwe-repository.worktribe.com/output/3119673 |
Files
Ransomewear-Final
(636 Kb)
PDF
Licence
http://creativecommons.org/licenses/by-nc-nd/4.0/
Publisher Licence URL
http://creativecommons.org/licenses/by-nc-nd/4.0/
Copyright Statement
© 2019 The Authors. Published by Elsevier B.V.This is an open access article under the CC BY-NC-ND license
You might also like
The use AI (ChatGPT) for offensive cyber security
(2023)
Presentation / Conference
Authenticity assessment a case study - Utilising ChatGPT for offence cyber security
(2023)
Presentation / Conference
Authenticity as a mechanism for an effective meso assessment and feedback strategy
(2022)
Presentation / Conference
Authenticity in delivering contextual pedagogy and materials in cyber security
(2022)
Presentation / Conference
NTFS 2022: Authenticity in teaching and assessment
(2022)
Report
Downloadable Citations
About UWE Bristol Research Repository
Administrator e-mail: repository@uwe.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search