Abstract
Cybercrime activities are difficult separate from the development of malware. In Internet Security Threat Report, crime by exploiting malware becomes the ultimate crime. One of the highest spreading malwares is ransomware. Ransomware infections has increased year by year since 2013 and there are 1,271 detections for one day in 2017. Meanwhile, in 2018 there was a shift in attacks where 81 percent of attacks targeted enterprise so that ransomware infections increased by 12 percent. For solve this problem, this research proposed antivirus signature based on DLL Files and API Calls of ransomware files. Detection files based on antivirus signature has high theoretical value and practical significance. The experiment showed detection ransomware files based on DLL Files and functional API Calls with machine learning have a good result than detection files based on MD5 and hexdump. For testing and detection ransomware files, this research is using machine learning algorithms such as KNN, SVM, Decision Trees, and Random Forest. Experiment result showed the successful detection ransomware files, improved detection object and method research for antivirus signature.
Highlights
With the amount of attacks 1,242 per day, it is nearly the similar with 2016. (Symantec, 2018) In 2018 there was a shift in attacks where 81 percent of attacks targeted enterprise so that ransomware infections increased by 12 percent. (Symantec, 2019) Antivirus signature is one way to prevent ransomware. (Wressnegger et al, 2017) By doing detection of incoming file to computer can help during period of antivirus company release it update, so it becomes first aid when zero-day attacks. (Gardiner and Nagaraja, 2016) Portable Executables (PE) Ransomware files will be analyzed by static and dynamic analysis with using Pestudio and FileAlyzer, using open source antivirus ClamAV for build antivirus signature, and classification ransomware files with apply machine learning techniques for improve capability of antivirus signature
Selection DLL Files and API Calls based on the amount of frequencies that are called by ransomware files
Antivirus signature with MD5 and hex dump detection can discover the ransomware file which is same as MD5 and hex dump type
Summary
Data from International Telecommunication Union (ITU), there are 4.1 billion people are using internet in 2019. (International Telecommunication Union, 2019) Rapid development and rapid internet growth and computer technology is followed by cybercrime activities. Based on Symantec ISTR 2018, attacks from Ransomware have increased year by year since 2013 and peaked in 2016 at 1,271 detections for one day in 2017. (Wressnegger et al, 2017) By doing detection of incoming file to computer can help during period of antivirus company release it update, so it becomes first aid when zero-day attacks. The outcome of detection Ransomware will be improved with apply machine learning algorithms for get the top model deployment
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
