Litcius/Paper detail

Detecting Ransomware Using Process Behavior Analysis

Abdullahi Arabo, Remi Dijoux, Timothee Poulain, Grégoire Chevalier

2020Procedia Computer Science77 citationsDOIOpen Access PDF

Abstract

Ransomware attacks are one of the biggest and attractive threats in cyber security today. Anti-virus software’s are often inefficient against zero-day malware and ransomware attacks, important network infections could result in a large amount of data loss. Such attacks are also becoming more dynamic and able to change their signatures – hence creating an arms race situation. This study investigates the relationship between a process behavior and its nature, in order to determine whether it is ransomware or not. The paper aim is to see if using this method will help the evading malicious software’s and use as a self-defense mechanism using machine learning that emulates the human immune system. The analysis was conducted on 7 ransomware, 41 benign software, and 34 malware samples. The results show that we are able to distinguish between ransomware and benign applications, with a low false-positive and false-negative rate.

Topics & Concepts

RansomwareMalwareComputer scienceComputer securityProcess (computing)SoftwareOperating systemAdvanced Malware Detection TechniquesNetwork Security and Intrusion DetectionArtificial Immune Systems Applications
Detecting Ransomware Using Process Behavior Analysis | Litcius