Abstract
Ransomware is a continuing threat and has resulted in the battle between the development and detection of new techniques. Detection and mitigation systems have been developed and are in wide-scale use; however, their reactive nature has resulted in a continuing evolution and updating process. This is largely because detection mechanisms can often be circumvented by introducing changes in the malicious code and its behaviour. In this paper, we demonstrate a classification technique of integrating both static and dynamic features to increase the accuracy of detection and classification of ransomware. We train supervised machine learning algorithms using a test set and use a confusion matrix to observe accuracy, enabling a systematic comparison of each algorithm. In this work, supervised algorithms such as the Naïve Bayes algorithm resulted in an accuracy of 96% with the test set result, SVM 99.5%, random forest 99.5%, and 96%. We also use Youden’s index to determine sensitivity and specificity.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Didier Steven’s script available at: https://blog.didierstevens.com/programs/virustotal-tools/.
References
A. Kumar, K.S.K., Aghila, G.: A learning model to detect maliciousness of portable executable using integrated feature set. J. King Saud Univ. - Comput. Inf. Sci. (2017)
Mohaisen, A., Alrawi, O., Mohaisen, M.: Amal: high-fidelity, behavior-based automated malware analysis and classification. Comput. Secur. 52, 251–266 (2015)
Alazab, M.: Profiling and classifying the behavior of malicious codes. J. Syst. Softw. 100, 91–102 (2015)
Shahzad, F., Shahzad, M., Farooq, M.: In-execution dynamic malware analysis and detection by mining information in process control blocks of linux OS. Inf. Sci. (Ny) 231, 45–63 (2013)
Gatz, D.F., Smith, L.: The standard error of a weighted mean concentration-i. Bootstrapping vs other methods. Atmos. Environ. 29(11), 1185–1193 (1995)
Grant, L., Parkinson, S.: Identifying file interaction patterns in ransomware behaviour. In: Parkinson, S., Crampton, A., Hill, R. (eds.) Guide to Vulnerability Analysis for Computer Networks and Systems. CCN, pp. 317–335. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-92624-7_14
Lu, H., Wang, X., Zhao, B., Wang, F., Su, J.: Endmal: an anti-obfuscation and collaborative malware detection system using syscall sequences. Math. Comput. Model. 58(5), 1140–1154 (2013)
Zhang, H., Xiao, X., Mercaldo, F., Ni, S., Martinelli, F., Sangaiah, A.K.: Classification of ransomware families with machine learning based on n-gram of opcodes. Futur. Gener. Comput. Syst. 90, 211–221 (2019)
Islam, R., Tian, R., Batten, L.M., Versteeg, S.: Classification of malware based on integrated static and dynamic features. J. Network Comput. Appl. 36(2), 646–656 (2013)
Deepa, K., Radhamani, G., Vinod, P.: Investigation of feature selection methods for android malware analysis. Procedia Comput. Sci. 46, 841–848 (2015)
Sun, M., Li, X., Lui, J.C., Ma, R.T., Liang, Z.: Monet: a user-oriented behavior-based malware variants detection system for android. IEEE Trans. Inf. Forensics Secur. 12(5), 1103–1112 (2017)
Milosevic, N., Dehghantanha, A., Choo, K.K.R.: Machine learning aided android malware classification. Comput. Electr. Eng. 61, 266–274 (2017)
Burnap, P., French, R., Turner, F., Jones, K.: Malware classification using self organising feature maps and machine activity data. Comput. Secur. 73, 399–410 (2018)
Patil, T.R., Sherekar, M.S.S.: Performance analysis of naive bayes and j48 classification algorithm for data classification. Int. J. Comput. Sci. Appl. 6(2), 256–261 (2013)
Provataki, A., Katos, V.: Differential malware forensics. Digit. Investig. 10(4), 311–322 (2013)
Das, S., Liu, Y., Zhang, W., Chandramohan, M.: Semantics-based online malware detection: towards efficient real-time protection against malware. IEEE Trans. Inf. Forensics Secur. 11(2), 289–302 (2016)
Schultz, M.G., Eskin, E., Zadok, F., Stolfo, S.J.: Data mining methods for detection of new malicious executables. In: Proceedings 2001 IEEE Symposium on Security and Privacy, S&P 2001, pp. 38–49. IEEE (2000)
Sharma, A., Sahay, S.K.: An effective approach for classification of advanced malware with high accuracy. arXiv preprint arXiv:1606.06897 (2016)
Shijo, P.V., Salim, A.: Integrated static and dynamic analysis for malware detection. Procedia Comput. Sci. 46, 804–811 (2015)
Townsend, J.T.: Theoretical analysis of an alphabetic confusion matrix* (1971)
Zhang, H.: The optimality of naive bayes
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Egunjobi, S., Parkinson, S., Crampton, A. (2019). Classifying Ransomware Using Machine Learning Algorithms. In: Yin, H., Camacho, D., Tino, P., Tallón-Ballesteros, A., Menezes, R., Allmendinger, R. (eds) Intelligent Data Engineering and Automated Learning – IDEAL 2019. IDEAL 2019. Lecture Notes in Computer Science(), vol 11872. Springer, Cham. https://doi.org/10.1007/978-3-030-33617-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-33617-2_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-33616-5
Online ISBN: 978-3-030-33617-2
eBook Packages: Computer ScienceComputer Science (R0)