Abstract
Digital extortion has become a major cyber risk for many organizations; small-medium enterprises (SME) to large enterprises business and individual entrepreneurs. Ransomware is a kind of malware that is the main threat to digital extortion and has caused many organizations to lose huge revenue by paying much bigger ransom demands to the cybercriminals in recent years. The explosive growth of ransomware is due to the existing large infection vector such as social engineering, email attachment, zip file download, browsing malicious site, infected search engine which are boosted dramatically by easily available cryptographic tools, Ransomware As a Service (RaaS), increased cloud storage and off-the-self ransomware toolkits. The large infection vector and available toolkits not only grew ransomware extremely, but also made them more obfuscated, encrypted and varying patterns in the new variants. This, in turn, caused the conventional supervised analysis and detection engine to fail to detect the new variants of ransomware. This paper addresses the limitations of conventional supervised detection engine and proposes semi-supervised framework to compute the inherent latent sources of the varying patterns in the new variants in an unsupervised way using deep learning approaches. The proposed framework extracts the inherent characteristics in the varying patterns from the unlabelled ransomware obtained from the wild which is scalable to accommodate upcoming malicious executables. Then the unsupervised learned model is combined with supervised classification, thus constructing an adaptive detection model. The proposed framework has been verified using real ransomware data with a dynamic analysis testbed. Our extensive experimental results and discussion demonstrate that the proposed adaptive framework can successfully identify different variants of ransomware and achieve higher performance than existing supervised approaches.
Highlights
Ransomware recently has been at the top of the list of most dangerous cyber threats [1], [2] which has attracted enormous attention from the general public and business organizations [1]–[4]
This paper proposes a ransomware analysis and identification framework based on the runtime behavior of ransomware and deep learning based semi-supervised technique
We propose an adaptive framework which can extract the inherent nature of exploitation and encryption of new variants of ransomware
Summary
Ransomware recently has been at the top of the list of most dangerous cyber threats [1], [2] which has attracted enormous attention from the general public and business organizations [1]–[4]. Significant growth of ransomware through a very large infection vector, changes the patterns of infection very rapidly [3], [11], [16] This requires a sophisticated detection engine which is based on the runtime feature of ransomware and requires as less supervised knowledge as possible. This directs us to develop a robust ransomware detection engine which will be adaptive to the rapidly changing infection patterns and to encrypted and obfuscated payloads. The novelty of our proposed approach is that deep learning based semi-supervised technique can extract dynamics of behavioral patterns from the new variants of ransomware obtained from the wild and can integrate the latent sources to the supervised classifier, making the detection engine independent of manual signature generation and robust to the changes. Section five presents the conclusion of this research and future work
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
