Abstract
Ransomware is a malware which may publish the users data or may block genuine access to it unless a ransom is paid by the user. This kind of malware belongs to cryptovirology. It has become increasingly popular as a cyber threat and is highly destructive, causing an immense loss for unprepared users and businesses. In this work, we use a data set of about 50K samples, out of which, about 23K are ransomware, and 27K are benign. The malware samples are downloaded from publicly available repositories such as Virusshare, and benign files are crawled from online software hosting websites. We design and deploy a static analysis tool using machine learning that scans and gives general information while also detecting the nature of a portable executable file given as input. Our model offers an accuracy of 99.68%. We also provide a command-line based application using Python that shows general file information and characteristics and predicts the malicious nature of the given portable executable.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Pefile (2019). github.com/erocarrera/pefile
Exiftool (2020). https://github.com/exiftool/exiftool
Abbott, L.: Sourceforge (1999). https://sourceforge.net/directory/os:windows/. Accessed 10 May 2020
Ahire, J.B.: The artificial neural networks handbook: Part 1 (2018). https://medium.com/coinmonks/the-artificial-neural-networks-handbook-part-1-f9ceb0e376b4
Aurangzeb, S., Aleem, M., Iqbal, M., Islam, A.: Ransomware: a survey and trends. J. Inf. Assurance Secur. (ESCI - Thomson Reuters Indexed), June 2017. ISSN: 1554–101, 12:2–5
Birant, D., Kut, A.: ST-DBSCAN: an algorithm for clustering spatial-temporal data. Data Knowl. Eng. 60(1), 208–221 (2007)
Ceschin, F., Grégio, A., Menotti, D.: Need for Speed: Analysis of Brazilian Malware Classifiers’ Expiration Date. Ph.D. thesis, February 2018
Diago, T.: Softonic (2004). https://en.softonic.com/windows. Accessed 10 May 2020
Dogru , N., Subasi, A.: Traffic accident detection using random forest classifier. In: 2018 15th Learning and Technology Conference (L&T), pp. 40–45. IEEE (2018)
Gorham, M.: 2019 internet crime report (2019). https://pdf.ic3.gov/2019_IC3Report.pdf/
Guglielmo, C.: CNET (1994). https://download.cnet.com/s/software/windows/?licenseType=Free. Accessed 10 May 2020
Han, K., Kang, B.J., Im, E.G.: Malware classification using instruction frequencies. In: Proceedings of the 2011 ACM Research in Applied Computation Symposium, RACS 2011, December 2011
Hassen, M., Carvalho, M., Chan, P.: Malware classification using static analysis based features, pp. 1–7, November 2017
Kiltz, S., Lang, A., Dittmann, J.: Malware, chapter, January 2007
Kiru, M., Aman, J.: The Age of Ransomware: Understanding Ransomware and Its Countermeasures, pp. 1–37, January 2019
Kujawa, A., et al.: 2020 state of malware report (2020). https://resources.malwarebytes.com/files/2020/02/2020_State-of-Malware-Report.pdf
Lee, K., Lee, S., Yim, K.: Machine learning based file entropy analysis for ransomware detection in backup systems. IEEE Access PP, 1 (2019)
McAfee. Mcafee labs 2017 threats predictions (2017). https://www.mcafee.com/enterprise/en-us/assets/reports/rp-threats-predictions-2017.pdf
Microsoft. Microsoft’s Dumpbin Utility for Windows (2019). https://docs.microsoft.com/en-us/cpp/build/reference/dumpbin-reference?view=vs-2019. Accessed 28 May 28, 2020
Mohammed, M., Khan, M., Bashier, E.: Machine Learning: Algorithms and Applications, June 2016
Nagpal, B., Wadhwa, V.: Cryptoviral extortion: evolution, scenarios, and analysis. In: Lobiyal, D.K., Mohapatra, D.P., Nagar, A., Sahoo, M.N. (eds.) Proceedings of the International Conference on Signal, Networks, Computing, and Systems. LNEE, vol. 396, pp. 309–316. Springer, New Delhi (2016). https://doi.org/10.1007/978-81-322-3589-7_34
Nielsen, M.A.: Neural networks and deep learning, volume 2018. Determination press San Francisco, CA (2015)
Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., Duchesnay, E.: Scikit-learn: machine learning in python. J. Mach. Learn. Res. 12, 2825–2830 (2011)
Pickle. Python’s pickle library (2011). github.com/python/cpython/blob/master/Lib/pickle.py
Raman, K., et al.: Selecting features to classify malware. InfoSec Southwest (2012)
Seghouane, A.-K., Fleury, G.: A cost function for learning feedforward neural networks subject to noisy inputs, vol. 2, pp. 386–389, February 2001
Sgandurra, D., Muñoz-González, L., Mohsen, R., Lupu, E.: Automated dynamic analysis of ransomware: benefits, limitations and use for detection, September 2016
Shah, N., Farik, M.: Ransomware-threats, vulnerabilities and recommendations. Int. J. Sci. Technol. Res. 6, 307–309 (2017)
Nir Sofer. Hashmyfiles v2.17 (2015). https://github.com/foreni-packages/hashmyfiles
Soucy, P., Mineau,G.W.: A simple knn algorithm for text categorization. In: Proceedings 2001 IEEE International Conference on Data Mining, pp. 647–648. IEEE (2001)
Suykens, J.A.K., Vandewalle, J.: Least squares support vector machine classifiers. Neural Process. Lett. 9(3), 293–300 (1999)
Taha, A., Praptodiyono, S., Almomani, A., Anbar, M., Ramadass, S.: Malware detection based on evolving clustering method for classification. 7, 2031–2036 (2012)
Trautman, L., Ormerod, P.: Wannacry, ransomware, and the emerging threat to corporations. SSRN Electron. J.01 2018
VirusShare. Malware Repository. https://virusshare.com/, 2011
Wang, X., Wang, Z., Shao, W., Jia, C., Li, X.: Explaining concept drift of deep learning models, pp. 524–534, January 2020
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Gaur, K., Kumar, N., Handa, A., Shukla, S.K. (2021). Static Ransomware Analysis Using Machine Learning and Deep Learning Models. In: Anbar, M., Abdullah, N., Manickam, S. (eds) Advances in Cyber Security. ACeS 2020. Communications in Computer and Information Science, vol 1347. Springer, Singapore. https://doi.org/10.1007/978-981-33-6835-4_30
Download citation
DOI: https://doi.org/10.1007/978-981-33-6835-4_30
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-33-6834-7
Online ISBN: 978-981-33-6835-4
eBook Packages: Computer ScienceComputer Science (R0)