Detecting Ransomware Using Process Behavior Analysis
Autor: | Remi Dijoux, Timothee Poulain, Abdullahi Arabo, Gregoire Chevalier |
---|---|
Rok vydání: | 2020 |
Předmět: |
business.industry
Computer science Process behavior 020206 networking & telecommunications 02 engineering and technology Computer security computer.software_genre Software 0202 electrical engineering electronic engineering information engineering Ransomware General Earth and Planetary Sciences Malware 020201 artificial intelligence & image processing business computer General Environmental Science |
Zdroj: | Procedia Computer Science. 168:289-296 |
ISSN: | 1877-0509 |
Popis: | Ransomware attacks are one of the biggest and attractive threats in cyber security today. Anti-virus software’s are often inefficient against zero-day malware and ransomware attacks, important network infections could result in a large amount of data loss. Such attacks are also becoming more dynamic and able to change their signatures – hence creating an arms race situation. This study investigates the relationship between a process behavior and its nature, in order to determine whether it is ransomware or not. The paper aim is to see if using this method will help the evading malicious software’s and use as a self-defense mechanism using machine learning that emulates the human immune system. The analysis was conducted on 7 ransomware, 41 benign software, and 34 malware samples. The results show that we are able to distinguish between ransomware and benign applications, with a low false-positive and false-negative rate. |
Databáze: | OpenAIRE |
Externí odkaz: |