Abstract
With the spread of information technology in human life, data protection is a critical task. On the other hand, malicious programs are developed, which can manipulate sensitive and critical data and restrict access to this data. Ransomware is an example of such a malicious program that encrypts data, restricts users' access to the system or their data, and then request a ransom payment. Many types of research have been proposed for ransomware detection. Most of these methods attempt to identify ransomware by relying on program behavior during execution. The main weakness of these methods is that it is not explicit how long the program should be monitored to show its real behavior. Therefore, sometimes, these researches cannot detect ransomware early. In this paper, a new method for ransomware detection is proposed that does not need executing the program and uses the PE header of the executable file. To extract effective features from the PE header file, an image is constructed based on PE header. Then, according to the advantages of Convolutional Neural Networks in extracting features from images and classifying them, CNN is used. The proposed method achieves high detection rates. Our results indicate the usefulness and practicality of our method for ransomware detection.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: The ISC International Journal of Information Security
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
