Cybercrime activities are difficult separate from the development of malware. In Internet Security Threat Report, crime by exploiting malware becomes the ultimate crime. One of the highest spreading malwares is ransomware. Ransomware infections has increased year by year since 2013 and there are 1,271 detections for one day in 2017. Meanwhile, in 2018 there was a shift in attacks where 81 percent of attacks targeted enterprise so that ransomware infections increased by 12 percent. For solve this problem, this research proposed antivirus signature based on DLL Files and API Calls of ransomware files. Detection files based on antivirus signature has high theoretical value and practical significance. The experiment showed detection ransomware files based on DLL Files and functional API Calls with machine learning have a good result than detection files based on MD5 and hexdump. For testing and detection ransomware files, this research is using machine learning algorithms such as KNN, SVM, Decision Trees, and Random Forest. Experiment result showed the successful detection ransomware files, improved detection object and method research for antivirus signature.
Read full abstract