Ransomware Early Detection Techniques
Received: 16 January 2024 | Revised: 28 March 2024 | Accepted: 30 March 2024 | Online: 26 April 2024
Corresponding author: Abdulbasit A. Darem
Abstract
Ransomware has become a significant threat to individuals and organizations worldwide, causing substantial financial losses and disruptions. Early detection of ransomware is crucial to mitigate its impact. The significance of early detection lies in the capture of ransomware in the act of encrypting sample files, thus thwarting its progression. A timely response to ransomware is crucial to prevent the encryption of additional files, a scenario not adequately addressed by current antivirus programs. This study evaluates the performance of six machine-learning algorithms for ransomware detection, comparing the accuracy, precision, recall, and F1-score of Logistic Regression, Decision Tree, Naive Bayes, Random Forest, AdaBoost, and XGBoost. Additionally, their computational performance is evaluated, including build time, training time, classification speed, computational time, and Kappa statistic. This analysis provides insight into the practical feasibility of the algorithms for real-world deployment. The findings suggest that Random Forst, Decision Tree, and XGBoost are promising algorithms for ransomware detection due to their high accuracy of 99.37%, 99.42%, and 99.48%, respectively. These algorithms are also relatively efficient in terms of classification speed, which makes them suitable for real-time detection scenarios, as they can effectively identify ransomware samples even in the presence of noise and data variations.
Keywords:
Ransomware, Early Detection, Machine Learning, Computational Performance, CybersecurityDownloads
References
D. Dang, F. D. Troia, and M. Stamp, "Malware Classification using Long Short-term Memory Models," in Proceedings of the 7th International Conference on Information Systems Security and Privacy, Apr. 2024, pp. 743–752.
A. Moses and S. Morris, "Analysis of Mobile Malware: A Systematic Review of Evolution and Infection Strategies," Journal of Information Security and Cybercrimes Research, vol. 4, no. 2, pp. 103–131, Dec. 2021.
"Playing with Lives: Cyberattacks on Healthcare are Attacks on People," CyberPeace Institute, 2021.
D. Hummer and J. M. Byrne, Handbook on Crime and Technology. Cheltenham, UK: Edward Elgar Publishing, 2023.
M. Rigaki and S. Garcia, "Bringing a GAN to a Knife-Fight: Adapting Malware Communication to Avoid Detection," in 2018 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA, May 2018, pp. 70–75.
"Ponemon Institute reveals 68% of organizations were victims of successful endpoint attacks in 2019," Security Info Watch, Jan. 30, 2020. https://www.securityinfowatch.com/cybersecurity/press-release/21123576/ponemon-institute-ponemon-institute-reveals-68-of-organizations-were-victims-of-successful-endpoint-attacks-in-2019.
"Ransomware Response: Time is More Than Just Money," Security Intelligence. https://securityintelligence.com/posts/ransomware-response-time-more-than-money/securityintelligence.com/posts/ransomware-response-time-more-than-money.
K. Shaukat, S. Luo, V. Varadharajan, I. A. Hameed, and M. Xu, "A Survey on Machine Learning Techniques for Cyber Security in the Last Decade," IEEE Access, vol. 8, pp. 222310–222354, 2020.
J. Hwang, J. Kim, S. Lee, and K. Kim, "Two-Stage Ransomware Detection Using Dynamic Analysis and Machine Learning Techniques," Wireless Personal Communications, vol. 112, no. 4, pp. 2597–2609, Jun. 2020.
A. A. Alhashmi, A. M. Alashjaee, A. A. Darem, A. F. Alanazi, and R. Effghi, "An Ensemble-based Fraud Detection Model for Financial Transaction Cyber Threat Classification and Countermeasures," Engineering, Technology & Applied Science Research, vol. 13, no. 6, pp. 12433–12439, Dec. 2023.
A. Al-Marghilani, "Comprehensive Analysis of IoT Malware Evasion Techniques," Engineering, Technology & Applied Science Research, vol. 11, no. 4, pp. 7495–7500, Aug. 2021.
K. Aldriwish, "A Deep Learning Approach for Malware and Software Piracy Threat Detection," Engineering, Technology & Applied Science Research, vol. 11, no. 6, pp. 7757–7762, Dec. 2021.
S. Sechel, "A Comparative Assessment of Obfuscated Ransomware Detection Methods," Informatica Economica, vol. 23, no. 2, pp. 45–62, 2019.
H. Oz, A. Aris, A. Levi, and A. S. Uluagac, "A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions," ACM Computing Surveys, vol. 54, no. 11s, Jun. 2022, Art. no. 238.
K. Lee, K. Yim, and J. T. Seo, "Ransomware prevention technique using key backup," Concurrency and Computation: Practice and Experience, vol. 30, no. 3, 2018, Art. no. e4337.
U. Urooj, B. A. S. Al-rimy, A. Zainal, F. A. Ghaleb, and M. A. Rassam, "Ransomware Detection Using the Dynamic Analysis and Machine Learning: A Survey and Research Directions," Applied Sciences, vol. 12, no. 1, Jan. 2022, Art. no. 172.
M. Masum, M. J. Hossain Faruk, H. Shahriar, K. Qian, D. Lo, and M. I. Adnan, "Ransomware Classification and Detection With Machine Learning Algorithms," in 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, Jan. 2022, pp. 0316–0322.
E. Larsen, D. Noever, and K. MacVittie, "A Survey of Machine Learning Algorithms for Detecting Ransomware Encryption Activity." arXiv, Oct. 14, 2021.
Q. Chen, S. R. Islam, H. Haswell, and R. A. Bridges, "Automated Ransomware Behavior Analysis: Pattern Extraction and Early Detection," in Science of Cyber Security, Nanjing, China, 2019, pp. 199–214.
O. M. K. Alhawi, J. Baldwin, and A. Dehghantanha, "Leveraging Machine Learning Techniques for Windows Ransomware Network Traffic Detection," in Cyber Threat Intelligence, A. Dehghantanha, M. Conti, and T. Dargahi, Eds. Cham, Switzerland: Springer International Publishing, 2018, pp. 93–106.
N. Pundir, M. Tehranipoor, and F. Rahman, "RanStop: A Hardware-assisted Runtime Crypto-Ransomware Detection Technique." arXiv, Nov. 24, 2020.
A. Singh, R. Ikuesan, and H. Venter, "Ransomware Detection using Process Memory," in Proceedings of the 17th International Conference on Cyber Warfare and Security, Albany, NY, USA, Mar. 2022, vol. 17, pp. 413–422.
B. A. S. Al-rimy et al., "Redundancy Coefficient Gradual Up-weighting-based Mutual Information Feature Selection technique for Crypto-ransomware early detection," Future Generation Computer Systems, vol. 115, pp. 641–658, Feb. 2021.
Y. Sahin and E. Duman, "Detecting credit card fraud by ANN and logistic regression," in 2011 International Symposium on Innovations in Intelligent Systems and Applications, Istanbul, Turkey, Jun. 2011, pp. 315–319.
A. S. Alraddadi, "A Survey and a Credit Card Fraud Detection and Prevention Model using the Decision Tree Algorithm," Engineering, Technology & Applied Science Research, vol. 13, no. 4, pp. 11505–11510, Aug. 2023.
Y. Ding, W. Kang, J. Feng, B. Peng, and A. Yang, "Credit Card Fraud Detection Based on Improved Variational Autoencoder Generative Adversarial Network," IEEE Access, vol. 11, pp. 83680–83691, 2023.
M. Wa Nkongolo, "UGRansome Dataset." Kaggle.
M. Tokmak, "Deep Forest Approach for Zero-Day Attacks Detection," in Innovations and Technologies in Engineering, S. Tasdemir and I. Ali Ozkan, Eds. Istanbul, Turkey: Eğitim Yayinevi, 2022.
D. Shankar, G. V. Sudha, J. N. S. S. Naidu, and P. S. Madhuri, "Deep Analysis of Risks and Recent Trends Towards Network Intrusion Detection System," International Journal of Advanced Computer Science and Applications, vol. 14, no. 1, pp. 262-276, 2023.
Downloads
How to Cite
License
Copyright (c) 2024 Asma A. Alhashmi, Abdulbasit A. Darem, Ahmed B. Alshammari, Laith A. Darem, Huda K. Sheatah, Rachid Effghi
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.