Premium
Ransomware detection using machine learning algorithms
Author(s) -
Bae Seong Il,
Lee Gyu Bin,
Im Eul Gyu
Publication year - 2020
Publication title -
concurrency and computation: practice and experience
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.309
H-Index - 67
eISSN - 1532-0634
pISSN - 1532-0626
DOI - 10.1002/cpe.5422
Subject(s) - ransomware , malware , computer science , malware analysis , cryptovirology , computer security
Summary The number of ransomware variants has increased rapidly every year, and ransomware needs to be distinguished from the other types of malware to protect users' machines from ransomware‐based attacks. Ransomware is similar to other types of malware in some aspects, but other characteristics are clearly different. For example, ransomware generally conducts a large number of file‐related operations in a short period of time to lock or to encrypt files of a victim's machine. The signature‐based malware detection methods, which have difficulties to detect zero‐day ransomware, are not suitable to protect users' files against the attacks caused by risky unknown ransomware. Therefore, a new protection mechanism specialized for ransomware is needed, and the mechanism should focus on ransomware‐specific operations to distinguish ransomware from other types of malware as well as benign files. This paper proposes a ransomware detection method that can distinguish between ransomware and benign files as well as between ransomware and malware. The experimental results show that our proposed method can detect ransomware among malware and benign files.