Application of Sequential Analysis on Runtime Behavior for Ransomware Classification

Authors

  • Chee Keong NG Victorian Institute of Technology, Department of Information Technology
  • Tahsien Al-Quraishi Victorian Institute of Technology, Department of Information Technology
  • Tony De Souza-Daw Victorian Institute of Technology, Department of Information Technology

DOI:

https://doi.org/10.58496/ADSA/2023/012

Keywords:

Ransomware, Machine Learning, Dynamic Analysis

Abstract

The unprecedented development and massive proliferation of Internet technology, computing /storage capability and emerging business model, like cloud and IoT, brings not only incredible changes to human lifestyle but also numerous, complex and continuing cyber security threats, one noticeable example among them is malware. Static analysis has been popular and widely used in many anti-virus engine. However, static analysis can be avoided using techniques such as packing, polymorphism, and metamorphism. In this paper, I propose a novel method focuses on the feature extraction, which exploits the inherent encryption behaviour of ransomwares. Specifically, runtime malicious sequential analysis is adopted to establish the desired feature set, which further facilitate the identification of the inherent encryption function. With the proposed method, an accuracy level of 96% was achieved

Downloads

Download data is not yet available.

References

.

Downloads

Published

2023-11-23

How to Cite

Chee Keong NG, Tahsien Al-Quraishi, & Tony De Souza-Daw. (2023). Application of Sequential Analysis on Runtime Behavior for Ransomware Classification. Applied Data Science and Analysis, 2023, 126–142. https://doi.org/10.58496/ADSA/2023/012
CITATION
DOI: 10.58496/ADSA/2023/012
Published: 2023-11-23

Issue

Vol. 2023 (2023)

Section

Articles

License

Copyright (c) 2023 Chee Keong NG, Tahsien Al-Quraishi, Tony De Souza-Daw

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.