Visible to the public AI-Powered Ransomware Detection Framework

TitleAI-Powered Ransomware Detection Framework
Publication TypeConference Paper
Year of Publication2020
AuthorsPoudyal, Subash, Dasgupta, Dipankar
Conference Name2020 IEEE Symposium Series on Computational Intelligence (SSCI)
Date PublishedDec. 2020
ISBN Number978-1-7281-2547-3
KeywordsAI Tool, artificial intelligence, Collaboration, collaboration agreements, composability, cryptography, dynamic binary instrumentation, Encryption, feature extraction, FP-Growth, Instruments, NLP, policy-based governance, pubcrawl, ransomware, ransomware detection, reverse engineering, Sandboxing, Scalability, Tools

Ransomware attacks are taking advantage of the ongoing pandemics and attacking the vulnerable systems in business, health sector, education, insurance, bank, and government sectors. Various approaches have been proposed to combat ransomware, but the dynamic nature of malware writers often bypasses the security checkpoints. There are commercial tools available in the market for ransomware analysis and detection, but their performance is questionable. This paper aims at proposing an AI-based ransomware detection framework and designing a detection tool (AIRaD) using a combination of both static and dynamic malware analysis techniques. Dynamic binary instrumentation is done using PIN tool, function call trace is analyzed leveraging Cuckoo sandbox and Ghidra. Features extracted at DLL, function call, and assembly level are processed with NLP, association rule mining techniques and fed to different machine learning classifiers. Support vector machine and Adaboost with J48 algorithms achieved the highest accuracy of 99.54% with 0.005 false-positive rates for a multi-level combined term frequency approach.

Citation Keypoudyal_ai-powered_2020