Figure - uploaded by Nanda Rani
Content may be subject to copyright.
Source publication
Ransomware is a program used by an attacker or hacker, that locks or encrypts target files or data. The user or the owner of data cannot access these without the explicit assistance of the attacker. After locking or encrypting, the attacker demands ransom generally in the form of cryptocurrencies to permit user to regain access to the locked data....
Context in source publication
Similar publications
The Dark Web is a hidden part of the internet that operates past the attain of conventional seeps, frequently related to anonymity and privateers. This research paper explores the architecture, content, and sports happening on the Dark Web, presenting a complete evaluation of its shape and function. It examines each prison and illegal sports facili...
The necessity of using secure Internet-of-Things (IoT) devices in various use cases has increased over years. According with various analysis in the first half of the year 2021, there were 1.5 billion attacks on smart devices for stealing data, mining cryptocurrency or building botnets. Therefore, the security of the IoT devices is mandatory for an...
Recent statistics indicate a continuous rise in cryptojacking malware. This malware covertly exploits users’ device resources to mine cryptocurrencies, such as Bitcoin, without their knowledge or consent. Cryptocurrency mining involves participants competing to generate a unique hash, with successful miners earning cryptocurrency tokens as rewards....
Citations
... Machine learning is a set of steps that discover the underlying patterns in the data provided and then predict the properties of unseen data [61]. Two types of approaches are used for machine learning [62]. In supervised learning, during training time, labels of the data are provided, which are used during the learning phase while reaching up to the optimal model that will yield the correct label Y for new objects when provided with the feature set X. ...
The cyber realm is overwhelmed with dynamic malware that promptly penetrates all defense mechanisms, operates unapprehended to the user, and covertly causes damage to sensitive data. The current generation of cyber users is being victimized by the interpolation of malware each day due to the pervasive progression of Internet connectivity. Malware is dispersed to infiltrate the security, privacy, and integrity of the system. Conventional malware detection systems do not have the potential to detect novel malware without the accessibility of their signatures, which gives rise to a high False Negative Rate (FNR). Previously, there were numerous attempts to address the issue of malware detection, but none of them effectively combined the capabilities of signature-based and machine learning-based detection engines. To address this issue, we have developed an integrated Anti-Malware System (AMS) architecture that incorporates both conventional signature-based detection and AI-based detection modules. Our approach employs a Generative Adversarial Network (GAN) based Malware Classifier Optimizer (MCOGAN) framework, which can optimize a malware classifier. This framework utilizes GANs to generate fabricated benign files that can be used to train external discriminators for optimization purposes. We describe our proposed framework and anti-malware system in detail to provide a better understanding of how a malware detection system works. We evaluate our approach using the Figshare dataset and state-of-the-art models as discriminators, and our results demonstrate improved malware detection performance compared to existing models.
... MalXCap is a novel proof of concept multi-label classification model that can uncover many capabilities planted within a single piece of malware. Inspired by various state-of-the-art malware analysis methodologies that show the importance of API sequences in identifying malware behaviour, MalXCap uses API sequence as input feature [12,13,23,27,29,30,34,37]. To identify multiple malignant capabilities present in single malware, MalXCap uses multi-label classification method on API call sequences called by malware during their execution. ...
In the present cyber landscape, the sophistication level of malware attacks is rising steadily. Advanced Persistent Threats (APT) and other sophisticated attacks employ complex and intelligent malware. Such malware integrates numerous malignant capabilities into a single complex form of malware, known as multipurpose malware. As attacks get more complicated, it is increasingly important to be aware of what the detected malware can do and comprehend the complete range of functionalities. Traditional malware analysis focuses on malware detection and family classification. The family classification provides insights about the dominant capability rather than the full range of capabilities present in the malware, which is insufficient. Hence, we propose MalXCap to extract multiple functionalities (named malware capabilities) hidden within a single malware sample. MalXCap employs dynamic analysis and captures malware capabilities by identifying patterns of API call sequences to achieve the goal. In the current workflow, there is no publicly available malware capability dataset. Therefore, we analyze 8k malware samples collected from the public domain, identify 12 different capabilities, and prepare a dataset. We use this dataset to train MalXCap and learn the patterns of API sequences to detect different malignant capabilities. MalXCap demonstrates its efficiency by achieving 97.02% accuracy score and 0.0025 hamming loss. Analyzing the capabilities of malware enables security professionals to understand the advanced techniques used in malware, summarize the attack, and develop better countermeasures.
... This section highlights some of the recent studies that developed machine-learning models to detect ransomware. Interested readers can refer to Liu et al. (2020) and Rani et al. (2022) for more information. Aurangzeb et al. (2022) developed a BigRC-EML model by using ensemble methods and principal component analysis (PCA) to select the most significant features either static or dynamic. ...
Ransomware is a serious security concern to mobile devices, as it prevents the use of the device and its contents until a ransom is paid, resulting in considerable financial losses for both people and corporations. The existing anti‐malware measures have shown to be inadequate in combatting new malware variants that utilize advanced evasion strategies like Polymorphic, Metamorphic, Dynamic Code Loading, Time‐based evasion, and Reflection. Furthermore, these primary defences have also suffered from low detection rates, significant false positives, high processing times, and excessive processing and power consumption that is inappropriate for smartphones. This paper offers the binary JAYA (BJAYA) for ransomware detection in Android mobile devices using the BJAYA optimization‐based algorithm. The developed algorithm's effectiveness has been assessed against two datasets, the 0–1 knapsack, and real ransomware dataset. The proposed BJAYA method surpassed the other algorithms on 85% of the 0–1 knapsack datasets. The suggested BJAYA method was also tested on a ransomware dataset in two phases. In the first stage of testing, BJAYA outperformed other standard classifiers with sensitivity and Gmean values of 97% and 98.2%, respectively. In the second stage of testing, BJAYA outperformed other GA, FPA, and PSO metaheuristic algorithms in terms of specificity, sensitivity, and Gmean. These findings indicate the applicability of the suggested BJAYA algorithm for ransomware detection.
... Recent studies on ransomware covering a diverse topics such as behavior-based classification [1], adversarial evasion attack mitigation [2], early detection in industrial IoT [3], hiding ransomware using steganography [4], cryptosteganography on Android IoT devices [5], survey of detection methodologies [6], analysis of Conti ransomware codes [7], big data-based classification [8], victim payment analysis [9], reputational contagion effects [10], feature selection under concept drift [11], impact on commodity markets [12], dataset creation for machine learning models [13], forensic analysis of attacks [14], early detection algorithms [15], interrelationship with Bitcoin and terrorism [16], neutralizing entropy measurement-based detection [17], systematic detection techniques [18], ransomware detection using PE headers [19], machine learning algorithms for classification and detection [20], impact on Active Directory Domain Services [21], analysis of ransomware payment economy [22], survey of evolution and defense solutions [23], patent for attack onset detection [24], study on machine learning-based detection [25], blockchain for controlling ransomware [26], blockchain-enabled security framework for healthcare [27], classification and clustering using static features [28], zero-day attack detection [29], and few-shot meta-learning for classification [30]. These studies highlight the need for a multi-faceted approach to combat ransomware, combining behavioral analysis, machine learning algorithms, early detection techniques, financial analysis, and innovative preventive measures like blockchain technology. ...
... Nowadays, Machine Learning (ML) and Artificial Intelligence (AI) approaches [4][5][6] play a significant role in automatic malware detection and classification. A variety of ML and AI methods, both supervised and unsupervised, have been investigated in order to detect malware and categorize it into classes [7]. More precisely, machine Learning in cybersecurity allows to learn which elements are malicious and which are benign based on patterns discovered by examining massive databases of known good and known bad elements. ...
Malware (malicious software) are available as software or program that is deliberately developed to cause disturbance in the computation systems such as computers, servers, or networks. Typically, malware aims to drip private data/information, gain unlawful access to system resources (hardware, software, and information/data), deny authorized users from accessing system resources, or even destroy or corrupt system resources. While the level of impact for malware might range from limited to severe, it is essential to detect malware in the system at earlier stages to enable the proper defense to be activated in response to malware. In this paper, we propose a machine learning-based model for identifying malware from goodware by analyzing the API call sequences over the operating system (Windows OS) using support vector machines (SVM). The experimental results show that our model can analyze API call sequences to malware provide identification with an accuracy rate of 98.7% in 13.5 \upmu s only. Besides, the comparison with other state-of-the-art models exhibits the advantage of our model in terms of detectability at high inferencing rates.KeywordsMalwareGoodwareMachine learningClassificationSupport vector machines (SVM)API calls
... Malwares are used primarily by the cyber criminals to breach and access the sensitive data. Malware has several variations, and these include ransomwares [9][10], viruses [11], key loggers [12][13], trojans [14], spywares [15][16], rootkits [17][18], and worms [19][20]. Almost all the popular modern operating systems are under the constant malware threat and endpoint protections i.e., firewalls, email protection, URL filtering, sandboxing, and spam filters [21][22][23][24][25] are being developed to protect the android [26], Linux [27], windows [28] and mac [29] based machines from these cyber-attacks. ...
Malwares are increasingly threatening the security and confidentiality of data. Therefore, the issues related to malware detection are gaining interest among the researchers. In this research work, an efficient behavioral malware detection system has been proposed for Portable Executable (PE) files. The detection of malware is done through machine learning classifiers. The most recently published dataset (containing samples from august 2019 to September 2020) namely, Blue Hexagon Open Dataset for Malware Analysis (BODMAS) has been used to train and test the proposed design. The proposed methodology is divided into two stages. First stage contains a binary classifier which detects whether PE file is malicious. A random forest is used as a binary classifier for this stage. Second stage contains a multi-class ensemble base voting classifier, and it detects the family of malware. K-nearest neighbor (KNN), support vector machine (SVM), random forest, decision tree and gradient boosting are used in voting classifier with equal weights. The proposed methodology achieved significant results with 99.48% accuracy in the first stage (binary classifier) and 92.49% accuracy in the second stage (ensemble-based classifier) on BODMAS dataset.
... This technique automatically monitors dangerous behaviors of such applications to warn users of zeroday attacks such as launching roots exploit or sending background SMS messages. Recently, authors in [22] conducted a survey on machine learning techniques to detect ransomware attacks. The survey shows that machine learning techniques are used efficiently in various applications such as ransomware detection, spam detection, text classification, and pattern recognition. ...
This article presents an asset-based security system where security practitioners build their systems based on information they own and not solicited by observing attackers’ behavior. Current security solutions rely on information coming from attackers. Examples are current monitoring and detection security solutions such as intrusion prevention/detection systems and firewalls. This article envisions creating an imbalance between attackers and defenders in favor of defenders. As such, we are proposing to flip the security game such that it will be led by defenders and not attackers. We are proposing a security system that does not observe the behavior of the attack. On the contrary, we draw, plan, and follow up our own protection strategy regardless of the attack behavior. The objective of our security system is to protect assets rather than protect against attacks. Virtual machine introspection is used to intercept, inspect, and analyze system calls. The system call-based approach is utilized to detect zero-day ransomware attacks. The core idea is to take advantage of Xen and DRAKVUF for system call interception, and leverage system calls to detect illegal operations towards identified critical assets. We utilize our vision by proposing an asset-based approach to mitigate zero-day ransomware attacks. The obtained results are promising and indicate that our prototype will achieve its goals.
The rapid expansion of Internet of Things (IoT) devices has revolutionized various sectors. It enhances automation, facilitates data collection, and enables real-time monitoring. However, it has also exposed these interconnected systems to significant security risks, particularly ransomware attacks, an increasingly common threat capable of causing severe damage to individuals and organizations. To deal with this issue, it is necessary to leverage machine learning techniques to come up with a robust early detection solution to protect IoT infrastructures against ransomware effectively. This survey reviews state-of-the-art solutions for IoT ransomware prediction using machine learning techniques by mainly focusing on their analysis tasks, including detection, classification, and early detection. The survey also introduces a multi-criteria taxonomy to categorize existing solutions systematically for different aspects. This taxonomy allows us to compare the solutions and highlight the gaps in the research literature. The findings of this survey show that there is still significant potential for advancing the state-of-the-art and addressing existing research gaps. Furthermore, we analyze the advantages and limitations of the proposed solutions, highlight unresolved challenges, and suggest future research directions.
