Abstract
With the advent of big data and cloud services, user data has become an important issue. Although a variety of detection and prevention technologies are used to protect user data, ransomware that demands money in exchange for one's data has emerged. In order to detect and prevent ransomware, file- and behavior-based detection methods have been investigated. Nevertheless, we are still facing from ransomware threats, as it is difficult to detect and prevent ransomware containing unknown malicious codes. In particular, these methods are limited in that they cannot detect ransomware for backup systems such as cloud services. For instance, if files infected with ransomware are synchronized with the backup systems, the infected files will not be able to be restored through the backed-up files. In this paper, we utilize an entropy technique to measure a characteristic of the encrypted file (i.e., uniformity). Machine learning is applied for classifying infected files based file entropy analysis. The proposed method can recover the original file from the backup system by detecting ransomware infected files that have been synchronized to the backup system, even if the user system is infected by ransomware. Conducted analysis results confirm that the proposed method provides a high detection rate with low false positive and false negative rates compared with the existing detection methods.
Highlights
With the advent of big data and cloud services, user data has become an important element, and ensuring reliability and integrity of user data is one of the core requirements for these services
Machine learning based on entropy according to different file formats. This method detects files stored in the backup system safely and allows the user to restore their original files from the backup system, even if the user system is infected by ransomware
In this paper, we proposed a method to detect files infected with ransomware using machine learning models measuring the entropy of files for the backup system
Summary
With the advent of big data and cloud services, user data has become an important element, and ensuring reliability and integrity of user data is one of the core requirements for these services. Machine learning based on entropy according to different file formats This method detects files stored in the backup system safely and allows the user to restore their original files from the backup system, even if the user system is infected by ransomware. The proposed method can detect ransomware-infected files based on the entropy of the file transferred to the backup system and can continuously apply the optimal reference value using machine learning. The proposed method is extremely effective and accurate because it selects the optimal model to detect the infected files by ransomware based on various machine learning models and derives the optimal entropy reference value.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
