Browse > Article
http://dx.doi.org/10.5351/KJAS.2018.31.4.497

A study on variable selection and classification in dynamic analysis data for ransomware detection  

Lee, Seunghwan (Department of Statistics, Inha University)
Hwang, Jinsoo (Department of Statistics, Inha University)
Publication Information
The Korean Journal of Applied Statistics / v.31, no.4, 2018 , pp. 497-505 More about this Journal
Abstract
Attacking computer systems using ransomware is very common all over the world. Since antivirus and detection methods are constantly improved in order to detect and mitigate ransomware, the ransomware itself becomes equally better to avoid detection. Several new methods are implemented and tested in order to optimize the protection against ransomware. In our work, 582 of ransomware and 942 of normalware sample data along with 30,967 dynamic action sequence variables are used to detect ransomware efficiently. Several variable selection techniques combined with various machine learning based classification techniques are tried to protect systems from ransomwares. Among various combinations, chi-square variable selection and random forest gives the best detection rates and accuracy.
Keywords
ransomware; classification; variable selection; machine learning;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Aragorn, T., YunChun, C., YiHsiang, K., and Tsungnan, L. (2016). Deep Learning for Ransomware Detection, IEICE Technical Report, 116, 87-92.
2 Cover, T. M. and Thomas, J. A. (2006). Elements of Information Theory, John Wiley & Sons, New York.
3 Huh, M. Y. and Choi, B. S. (2009). Variable selection based on mutual information, Communications of the Korean Statistical Society, 16, 143-155.
4 Moser, A., Kruegel, C., and Kirda, E. (2007). Limits of Static Analysis for Malware Detection, 23rd Annual Computer Security Applications Conference.
5 Kim, J., Ji, S., and Kim, S. (2017a). A machine learning based ransomware detection model using a hybrid analysis, Journal of Security Engineering, 14, 263-280.   DOI
6 Kim, J. H., Park, K. S., and Park, Y. H. (2017b). A study of vulnerability analysis of ransomware detection techniques, The Korean Institute of Communications and Information Sciences 2017 Summer Conference, 590-591.
7 Lee, H., Seong, J., Kim, Y., Kim, J., and Gim, G. (2017). The automation model of ransomware analysis and detection pattern, Journal of the Korea Institute of Information and Communication Engineering, 21, 1581-1588.
8 O'Gorman, G. and McDonald, G. (2012). Ransomware: a growing menace, Symantec Security Response.
9 Sgandurra, D., Munoz-Gonzalez, L., Mohsen, R., and Lupu, E. C. (2016). Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection. arXiv preprint arXiv:1609.03020.
10 Zhang, H., Xiao, X., Mercaldo, F., Ni, S., Martinelli, F., Sangaiah, A., K.(2019). Classification of ransomware families with machine learning based on N-gram of opcodes, Future Generation Computer Systems, 90, 211-221.   DOI