Ransomware detection: patterns, algorithms, and defense strategies

Authors

  • Manar Y Amro Faculty of Technology and Applied Sciences, Department of Computer Information Systems Al-Quds Open University, Palestine
  • Mohamed Dwieb Faculty of Technology and Applied Sciences, Department of Computer Information Systems Al-Quds Open University, Palestine
  • Jehad A.H Hammad Faculty of Technology and applied Sciences, Al-Quds Open University (QOU)
  • Aji Prasetya Wibawa

DOI:

https://doi.org/10.31763/businta.v8i1.689

Keywords:

Ransomware detection , Random forest , Cyber security , Neural network , Logistic regression, LSTM , Defense strategies

Abstract

In the contemporary digital landscape, rapid technological advancements present unprecedented challenges for developers in the hardware and software realms. The ubiquitous presence of the Internet, the Internet of Things (IoT), and widespread digital solutions bring numerous benefits and escalating risks. This study investigates the pervasive threat of ransomware attacks, a daily menace that imperils the operational and security dimensions of the digital sphere for enterprises and individuals. The research objective is to identify the most effective algorithm for detecting ransomware viruses, a persistent and evolving threat that significantly challenges institutions, companies, and governmental organizations. The dynamic nature of ransomware necessitates robust detection mechanisms to safeguard sensitive data. To achieve this goal, we conducted a comparative analysis of four prominent algorithms recognized for their efficacy in combating and detecting viruses. Emphasis was placed on the algorithm exhibiting the most promising results. A detailed examination of its impact on existing data involved comprehensive analysis and a comparative assessment against previous studies. Results, derived from extensive studies and experiments on a diverse dataset, illuminate the critical role of ransomware detection algorithms and underscore their effectiveness. The findings contribute valuable insights to the ongoing discourse on cybersecurity strategies, providing a foundation for enhanced ransomware defense measures.

References

L. Caviglione et al., “Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection,” IEEE Access, vol. 9, pp. 5371–5396, 2021, doi: 10.1109/ACCESS.2020.3048319.

K. Stoddart, “Non and Sub-State Actors: Cybercrime, Terrorism, and Hackers,” in Cyberwarfare, Cham: Springer International Publishing, 2022, pp. 351–399, doi: 10.1007/978-3-030-97299-8_6.

Y. K. Bin Mohamed Yunus and S. Bin Ngah, “Ransomware: stages, detection and evasion,” in 2021 International Conference on Software Engineering & Computer Systems and 4th International Conference on Computational Science and Information Management (ICSECS-ICOCSIM), Aug. 2021, pp. 227–231, doi: 10.1109/ICSECS52883.2021.00048.

R. Moussaileb, N. Cuppens, J.-L. Lanet, and H. Le Bouder, “A Survey on Windows-based Ransomware Taxonomy and Detection Mechanisms,” ACM Comput. Surv., vol. 54, no. 6, pp. 1–36, Jul. 2022, doi: 10.1145/3453153.

G. Hull, H. John, and B. Arief, “Ransomware deployment methods and analysis: views from a predictive model and human responses,” Crime Sci., vol. 8, no. 1, p. 2, Dec. 2019, doi: 10.1186/s40163-019-0097-9.

S. H. Kok, A. Abdullah, N. Z. Jhanjhi, and M. Supramaniam, “Ransomware, Threat and Detection Techniques: A Review,” IJCSNS Int. J. Comput. Sci. Netw. Secur., vol. 19, no. 2, pp. 136–146, 2019. [Online]. Available at: http://paper.ijcsns.org/07_book/201902/20190217.pdf.

A. Rahimian, L. Nouh, D. Mouheb, and H. Huang, Binary Code Fingerprinting for Cybersecurity. p. 249, 2020. [Online]. Available at: https://link.springer.com/book/10.1007/978-3-030-34238-8.

A. Kapoor, A. Gupta, R. Gupta, S. Tanwar, G. Sharma, and I. E. Davidson, “Ransomware Detection, Avoidance, and Mitigation Scheme: A Review and Future Directions,” Sustainability, vol. 14, no. 1, p. 8, Dec. 2021, doi: 10.3390/su14010008.

O. M. K. Alhawi, J. Baldwin, and A. Dehghantanha, “Leveraging Machine Learning Techniques for Windows Ransomware Network Traffic Detection,” 2018, pp. 93–106, doi: 10.1007/978-3-319-73951-9_5.

S. Homayoun et al., “DRTHIS: Deep ransomware threat hunting and intelligence system at the fog layer,” Futur. Gener. Comput. Syst., vol. 90, pp. 94–104, Jan. 2019, doi: 10.1016/j.future.2018.07.045.

T. McIntosh, A. S. M. Kayes, Y.-P. P. Chen, A. Ng, and P. Watters, “Ransomware Mitigation in the Modern Era: A Comprehensive Review, Research Challenges, and Future Directions,” ACM Comput. Surv., vol. 54, no. 9, pp. 1–36, Dec. 2022, doi: 10.1145/3479393.

S. Kalhoro, M. Rehman, V. Ponnusamy, and F. B. Shaikh, “Extracting Key Factors of Cyber Hygiene Behaviour Among Software Engineers: A Systematic Literature Review,” IEEE Access, vol. 9, pp. 99339–99363, 2021, doi: 10.1109/ACCESS.2021.3097144.

K. Maennel, S. Mäses, and O. Maennel, “Cyber Hygiene: The Big Picture,” in Lecture Notes in Computer Science, 2018, pp. 291–305, doi: 10.1007/978-3-030-03638-6_18.

A. Vehabovic, N. Ghani, E. Bou-Harb, J. Crichigno, and A. Yayimli, “Ransomware Detection and Classification Strategies,” in 2022 IEEE International Black Sea Conference on Communications and Networking (BlackSeaCom), Jun. 2022, pp. 316–324, doi: 10.1109/BlackSeaCom54372.2022.9858296.

G. Ramesh and A. Menen, “Automated dynamic approach for detecting ransomware using finite-state machine,” Decis. Support Syst., vol. 138, p. 113400, Nov. 2020, doi: 10.1016/j.dss.2020.113400.

A. Alraizza and A. Algarni, “Ransomware Detection Using Machine Learning: A Survey,” Big Data Cogn. Comput., vol. 7, no. 3, p. 143, Aug. 2023, doi: 10.3390/bdcc7030143.

D. W. Fernando, N. Komninos, and T. Chen, “A Study on the Evolution of Ransomware Detection Using Machine Learning and Deep Learning Techniques,” IoT, vol. 1, no. 2, pp. 551–604, Dec. 2020, doi: 10.3390/iot1020030.

A. Brown, M. Gupta, and M. Abdelsalam, “Automated machine learning for deep learning based malware detection,” Comput. Secur., vol. 137, p. 103582, Feb. 2024, doi: 10.1016/j.cose.2023.103582.

F. Noorbehbahani and M. Saberi, “Ransomware Detection with Semi-Supervised Learning,” in 2020 10th International Conference on Computer and Knowledge Engineering (ICCKE), Oct. 2020, pp. 024–029, doi: 10.1109/ICCKE50421.2020.9303689.

F. Ullah et al., “Modified Decision Tree Technique for Ransomware Detection at Runtime through API Calls,” Sci. Program., vol. 2020, pp. 1–10, Aug. 2020, doi: 10.1155/2020/8845833.

B. M. Khammas, “Ransomware Detection using Random Forest Technique,” ICT Express, vol. 6, no. 4, pp. 325–331, Dec. 2020, doi: 10.1016/j.icte.2020.11.001.

B. Ramadhan, Y. Purwanto, and M. F. Ruriawan, “Forensic Malware Identification Using Naive Bayes Method,” in 2020 International Conference on Information Technology Systems and Innovation (ICITSI), Oct. 2020, pp. 1–7, doi: 10.1109/ICITSI50517.2020.9264959.

Z. Akram, M. Majid, and S. Habib, “A Systematic Literature Review: Usage of Logistic Regression for Malware Detection,” in 2021 International Conference on Innovative Computing (ICIC), Nov. 2021, pp. 1–8, doi: 10.1109/ICIC53490.2021.9693035.

H. Madani, N. Ouerdi, A. Boumesaoud, and A. Azizi, “Classification of ransomware using different types of neural networks,” Sci. Rep., vol. 12, no. 1, p. 4770, Mar. 2022, doi: 10.1038/s41598-022-08504-6.

L. Chen, C.-Y. Yang, A. Paul, and R. Sahita, “Towards resilient machine learning for ransomware detection,” no. Ml, p. 10, 2018. [Online]. Available at: https://arxiv.org/abs/1812.09400.

M. Abdullah Alohali, M. Elsadig, F. N. Al-Wesabi, M. Al Duhayyim, A. Mustafa Hilal, and A. Motwakel, “Optimal Deep Learning Based Ransomware Detection and Classification in the Internet of Things Environment,” Comput. Syst. Sci. Eng., vol. 46, no. 3, pp. 3087–3102, 2023, doi: 10.32604/csse.2023.036802.

K. Lee, S.-Y. Lee, and K. Yim, “Machine Learning Based File Entropy Analysis for Ransomware Detection in Backup Systems,” IEEE Access, vol. 7, pp. 110205–110215, 2019, doi: 10.1109/ACCESS.2019.2931136.

O. Aslan and A. A. Yilmaz, “A New Malware Classification Framework Based on Deep Learning Algorithms,” IEEE Access, vol. 9, pp. 87936–87951, 2021, doi: 10.1109/ACCESS.2021.3089586.

S. Il Bae, G. Bin Lee, and E. G. Im, “Ransomware detection using machine learning algorithms,” Concurr. Comput. Pract. Exp., vol. 32, no. 18, Sep. 2020, doi: 10.1002/cpe.5422.

G. Apruzzese et al., “The Role of Machine Learning in Cybersecurity,” Digit. Threat. Res. Pract., vol. 4, no. 1, pp. 1–38, Mar. 2023, doi: 10.1145/3545574.

Downloads

Published

2024-05-08

How to Cite

Amro, M. Y., Dwieb, M. ., Hammad, J. A., & Wibawa, A. P. . (2024). Ransomware detection: patterns, algorithms, and defense strategies. Bulletin of Social Informatics Theory and Application, 8(1), 165–172. https://doi.org/10.31763/businta.v8i1.689

Issue

Vol. 8 No. 1 (2024): (In Progress)

Section

Articles

License

Copyright (c) 2024 Manar Y Amro, Mohamed Dwieb, Jehad A.H Hammad, Aji Prasetya Wibawa

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.