Browse > Article
http://dx.doi.org/10.9728/dcs.2018.19.2.363

Offline Based Ransomware Detection and Analysis Method using Dynamic API Calls Flow Graph  

Kang, Ho-Seok (Institute of Ubiquitous Information Technology and Application (UBITA), Konkuk University)
Kim, Sung-Ryul (Department of Software, Konkuk University)
Publication Information
Journal of Digital Contents Society / v.19, no.2, 2018 , pp. 363-370 More about this Journal
Abstract
Ransomware detection has become a hot topic in computer security for protecting digital contents. Unfortunately, current signature-based and static detection models are often easily evadable by compress, and encryption. For overcoming the lack of these detection approach, we have proposed the dynamic ransomware detection system using data mining techniques such as RF, SVM, SL and NB algorithms. We monitor the actual behaviors of software to generate API calls flow graphs. Thereafter, data normalization and feature selection were applied to select informative features. We improved this analysis process. Finally, the data mining algorithms were used for building the detection model for judging whether the software is benign software or ransomware. We conduct our experiment using more suitable real ransomware samples. and it's results show that our proposed system can be more effective to improve the performance for ransomware detection.
Keywords
Data Analysis; Ransomware Detection; API CFG (Calls Flow Graph); Data Mining; Computer Security;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Tech Times News, Cybersecurity: SonicWall Threat Report [Internet] Available: http://www.techtimes.com/articles/196580/20170208/cybersecurity-sonicwall-threat-report-shows-malware-slightly-dropped-but-ransomware-surged-in-2016.htm.
2 Z.-G. Chen, H.-S. Kang, S.-N. Yin and S.-R. Kim, "Automatic Ransomware Detection and Analysis Based on Dynamic API Call Flow Graph," in Processing of 2017 Research in Adaptive and Convergent System, Poland, 2017
3 G. Nguyen, V. Nguyen, S. Nguyen, and K. Kim, "Efficient Association Rule Mining based SON Algorithm for a Bigdata Platform," Journal of Digital Contents Society, Vol.18, No.8, pp.1593-1601, December 2017.   DOI
4 M. A. Aydn, A. H. Zaim, and K. G. Ceylan, "A hybrid intrusion detection system design for computer network security," Computers & Electrical Engineering, Vol.35, No.3, pp.517-526, 2009.   DOI
5 J. Lee, K. Jeong, and H. Lee, "Detecting metamorphic malwares using code graphs," in Proceedings of the 2010 ACM symposium on applied computing, pp. 1970-1977. ACM, 2010.
6 F. Karbalaie, A. Sami, and M. Ahmadi, "Semantic malware detection by deploying graph mining," International Journal of Computer Science Issues, Vol.9, No.1, pp.373-379, 2012.
7 N. Nissim, R. Moskovitch, L. Rokach, and Y. Elovici, "Novel active learning methods for enhanced pc malware detection in windows os," Expert Systems with Applications, Vol.41, No.13, pp.5843-5857, 2014.   DOI
8 J. Saxe and K. Berlin, "Deep neural network based malware detection using two dimensional binary program features," in Proceedings of Malicious and Unwanted Software (MALWARE), 2015 10th International Conference on, pp.11-20, 2015.
9 D. Kim and S. Kim, "Design of quantication model for ransom ware prevent," World Journal of Engineering and Technology, Vol.3, No.03 pp.203, 2015.   DOI
10 D. Sgandurra, L. Mu-noz-Gonzalez, R. Mohsen, and E. C. Lupu, "Automated dynamic analysis of ransomware: Benets, limitations and use for detection," arXiv preprint arXiv:1609.03020, 2016.
11 S. Song, B. Kim, and S. Lee, "The effective ransomware prevention technique using process monitoring on android platform," Mobile Information Systems, 2016
12 A. Kharraz, S. Arshad, C. Mulliner, W. K. Robertson, and E. Kirda, "Unveil: A large-scale, automated approach to detecting ransomware," in Proceedings of USENIX Security Symposium, pp.757-772, 2016.
13 APIMonitor.com, Win32 API Monitor tool [Internet], Available: http://www.apimonitor.com/.
14 S. Kotsiantis, D. Kanellopoulos, and P. Pintelas, "Data preprocessing for supervised leaning," International Journal of Computer Science, Vol.1, No.2, pp.111-117, 2006.
15 K. Rieck, P. Trinius, C. Willems, and T. Holz, "Automatic analysis of malware behavior using machine learning," Journal of Computer Security, Vol.19, No.4, pp.:639-668, 2011.   DOI
16 Software.informer, Benign softwares [Internet], Available: http://software.informer.com/software/.
17 M. A. Hall, "Correlation-based feature selection for machine learning," 1999.
18 J. Benesty, J. Chen, Y. Huang, and I. Cohen, "Pearson correlation coecient," in Noise reduction in speech processing, pp.1-4, 2009.
19 A. G. Karegowda, A. Manjunath, and M. Jayaram, " Comparative study of attribute selection using gain ratio and correlation based feature selection," International Journal of Information Technology and Knowledge Management, Vol.2, No.2, pp.271-277, 2010.
20 VirusShare [Internet], Available: http://virusshare.com/.
21 S. V. Stehman, "Selecting and interpreting measures of thematic classification accuracy," Remote sensing of Environment, Vol.62, No.1, pp.77-89, 1997.   DOI
22 R. R. Picard and R. D. Cook, "Cross-validation of regression models," Journal of the American Statistical Association, Vol.79, No.387, pp.575-583, 1984.   DOI
23 G. Seni and J. F. Elder, "Ensemble methods in data mining: improving accuracy through combining predictions," Synthesis Lectures on Data Mining and Knowledge Discovery, Vol.2, No.1, pp.1-126, 2010.