Litcius/Paper detail

Modified Decision Tree Technique for Ransomware Detection at Runtime through API Calls

Faizan Ullah, Qaisar Javaid, Abdu Salam, Masood Ahmad, Nadeem Sarwar, Dilawar Shah, Mohammad Abrar

2020Scientific Programming51 citationsDOIOpen Access PDF

Abstract

Ransomware (RW) is a distinctive variety of malware that encrypts the files or locks the user’s system by keeping and taking their files hostage, which leads to huge financial losses to users. In this article, we propose a new model that extracts the novel features from the RW dataset and performs classification of the RW and benign files. The proposed model can detect a large number of RW from various families at runtime and scan the network, registry activities, and file system throughout the execution. API-call series was reutilized to represent the behavior-based features of RW. The technique extracts fourteen-feature vector at runtime and analyzes it by applying online machine learning algorithms to predict the RW. To validate the effectiveness and scalability, we test 78550 recent malign and benign RW and compare with the random forest and AdaBoost, and the testing accuracy is extended at 99.56%.

Topics & Concepts

Computer scienceMalwareScalabilityRansomwareRandom forestDecision treeTree (set theory)Feature (linguistics)Artificial intelligenceAdaBoostData miningMachine learningSupport vector machineOperating systemMathematical analysisMathematicsPhilosophyLinguisticsAdvanced Malware Detection TechniquesNetwork Security and Intrusion DetectionDigital and Cyber Forensics
Modified Decision Tree Technique for Ransomware Detection at Runtime through API Calls | Litcius