Visible to the public RansHunt: A Support Vector Machines Based Ransomware Analysis Framework with Integrated Feature Set

TitleRansHunt: A Support Vector Machines Based Ransomware Analysis Framework with Integrated Feature Set
Publication TypeConference Paper
Year of Publication2017
AuthorsHasan, M. M., Rahman, M. M.
Conference Name2017 20th International Conference of Computer and Information Technology (ICCIT)
ISBN Number978-1-5386-1150-0
KeywordsAlgorithm design and analysis, Collaboration, composability, crypto-ransomwares, cryptography, cyber-crime, dynamic analysis, Electronic mail, feature extraction, Heuristic algorithms, hybrid cryptosystem, individual analysis approach, integrated feature set, invasive software, learning (artificial intelligence), machine learning, Malware, malwares, policy, Policy-Governed Secure Collaboration, Policy-Governed systems, pubcrawl, RansHunt, ransomware, ransomware analysis framework, ransomware families, ransomware samples, ransomware variants, Sandboxing, static analysis, static code features, static features, Support vector machines

Ransomware is one of the most increasing malwares used by cyber-criminals in recent days. This type of malware uses cryptographic technology that encrypts a user's important files, folders makes the computer systems unusable, holds the decryption key and asks for the ransom from the victims for recovery. The recent ransomware families are very sophisticated and difficult to analyze & detect using static features only. On the other hand, latest crypto-ransomwares having sandboxing and IDS evading capabilities. So obviously, static or dynamic analysis of the ransomware alone cannot provide better solution. In this paper, we will present a Machine Learning based approach which will use integrated method, a combination of static and dynamic analysis to detect ransomware. The experimental test samples were taken from almost all ransomware families including the most recent ``WannaCry''. The results also suggest that combined analysis can detect ransomware with better accuracy compared to individual analysis approach. Since ransomware samples show some ``run-time'' and ``static code'' features, it also helps for the early detection of new and similar ransomware variants.

Citation Keyhasan_ranshunt:_2017