Improvement in the Ransomwares Detection Method With New API Calls Features

Document Type : Original Article

Authors

1 Imam Hussain Comprehensive University CyberElectronic Department

2 -Imam Hussain Comprehensive University -CyberElectronic Department

Abstract

In recent years, the tendency for ransomware-based cyberattacks has increased dramatically. One of the defensive methods is the behavioral detection of the ransomware by system functions. Literature review and related studies and investigations in this field show that these researches are not optimum concerning the accuracy and speed of ransomware detection. Because all datasets used in these studies are limited in scope, they have shortcomings such as high false positive or false negative rates and even high                indiscriminate rates. Another drawback of these schemes is the failure to expedite the debate on extortion ransom. Therefore, in this study, the first step is to generate an initial dataset with 126 attributes containing all types of ransomware families. Then, by performing 4-step experiments and tests and applying a feature selection algorithm, this initial set is processed and optimized and reduced to a dataset with 67 attributes without loss of detection precision. In the final step, by providing an optimal and so-called lightweight    dataset, the best classification model for the detection of ransomware is obtained being capable of         identifying ransomwares with an optimum precision rate of 95.11 in 0.21 seconds, a false positive rate of 0.047 and a true positive rate of 0.951 by using a random forest classification algorithm (using 10-part cross-validation method).
 

Keywords

References

    [1]      ACSC, Threat Report 2017, p. 40, Jan. 2017.  [online], available:  https://www.cyber.gov.au/sites/default/files/2019-03/ACSC_Threat_Report_ 2017.pdf##
   [2]      IOCTA, “Internet Organised Crime Threat Assessment (IOCTA),” 2017. available: https://www.europol.europa.eu/sites/default/files/documents/iocta2017.pdf.##
   [3]      Symantec Corporation, “2018 Internet security threat report,” vol. 23, pp. 1–8
Electronic and Cyber Defense
Volume 8, Issue 4 - Serial Number 32
January 2021
Pages 107-118

Files

History

  • Receive Date: 26 April 2021
  • Accept Date: 26 April 2021
  • Publish Date: 26 April 2021

Share

How to cite

Statistics