Testing Deep Learning Methods to Predict Ransowmare Activity from Hybrid Analysis
Keywords:
Artificial Intelligence, Hybrid Analysis, Machine Learning, Model Drift, RansomwareAbstract
This article focuses on using deep learning methods to predict ransomware from hybrid analysis samples. Other similar research is analysed to understand the common methods of detection used to predict ransomware using various methods of analysis. By using this knowledge an experiment is created which tests the performance of a model created from hybrid analysis of ransomware samples. The training dataset used is made up of more than five hundred samples containing 38 different ransomware families and benign Windows program samples. The resultant model was then tested against a dataset include ransomware families not represented in the training dataset, which showed a decrease in performance. These results were then compared to other research’s reported results which highlights potential issues in the way artificial intelligence models are tested and reported. The paper then proposes a focus on more complex methods of prediction, and other potential methods to ensure the models created are externally as effective as they report.
References
Almousa, M., Osawere, J., & Anwar, M. (2021). Identification of Ransomware families by Analyzing Network Traffic Using Machine Learning Techniques. In 2021 Third International Conference on Transdisciplinary AI (TransAI) (pp. 19–24). IEEE. https://doi.org/10.1109/transai51903.2021.00012
Alzahrani, A., Alshahrani, H., Alshehri, A., & Fu, H. (2019). An Intelligent Behavior-Based Ransomware Detection System For Android Platform. In 2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). IEEE. https://doi.org/10.1109/tps-isa48467.2019.00013
Anand, P. M., Charan, P. S., & Shukla, S. K. (2022). A Comprehensive API Call Analysis for Detecting Windows-Based Ransomware. In 2022 IEEE International Conference on Cyber Security and Resilience (CSR) Workshops (pp. 337–344). IEEE. https://doi.org/10.1109/csr54599.2022.9850320
Ansel, J., Yang, E., He, H., Gimelshein, N., Jain, A., Voznesensky, M., Bao, B., Bell, P., Berard, D., Burovski, E., Chauhan, G., Chourdia, A., Constable, W., Desmaison, A., DeVito, Z., Ellison, E., Feng, W., Gong, J., Gschwind, M., . . . Chintala, S. (2024). PyTorch 2: Faster machine learning through dynamic Python bytecode transformation and graph compilation (Vol. 5, pp. 929–947). https://doi.org/10.1145/3620665.3640366
Davies, S. R., Macfarlane, R., & Buchanan, W. J. (2021). Review of current ransomware detection techniques. 2021 International Conference on Engineering and Emerging Technologies (ICEET), 1–6. https://doi.org/10.1109/iceet53442.2021.9659643
Ghazi, M. R., & Raghava, N. S. (2022). Detecting Ransomware Attacks in Cloud Environment Using Machine Learning-Based Intelligence System in COVID-19 Chaos. 2022 IEEE Conference on Interdisciplinary Approaches in Technology and Management for Social Innovation (IATMSI). https://doi.org/10.1109/iatmsi56455.2022.10119441
Hirano, M., & Kobayashi, R. (2019). Machine Learning Based Ransomware Detection Using Storage Access Patterns Obtained From Live-forensic Hypervisor (pp. 1–6). 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS). https://doi.org/10.1109/iotsms48152.2019.8939214
Hossain, M. S., Hasan, N., Samad, M. A., Shakhawat, H. M., Karmoker, J., Ahmed, F., Fuad, K. F. M. N., & Choi, K. (2022). Android ransomware detection from traffic analysis using metaheuristic feature selection. IEEE Access, 10, 128754–128763. https://doi.org/10.1109/access.2022.3227579
Hsu, C., Yang, C., Cheng, H., Setiasabda, P. E., & Leu, J. (2021). Enhancing file entropy analysis to improve machine learning detection rate of ransomware. IEEE Access, 9, 138345–138351. https://doi.org/10.1109/access.2021.3114148
Iqbal, M. J., Aurangzeb, S., Aleem, M., Srivastava, G., & Lin, J. C. (2022). RTHREatDroid: A ransomware detection approach to secure IoT based healthcare systems. IEEE Transactions on Network Science and Engineering, 10(5), 2574–2583. https://doi.org/10.1109/tnse.2022.3188597
Masum, M., Faruk, M. J. H., Shahriar, H., Qian, K., Lo, D., & Adnan, M. I. (2022). Ransomware classification and detection with machine learning algorithms. 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC), 0316–0322. https://doi.org/10.1109/ccwc54503.2022.9720869
Melaragno, A., & Casey, W. (2022). Change Point Detection with Machine Learning for Rapid Ransomware Detection. 2021 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), 1–9. https://doi.org/10.1109/dasc/picom/cbdcom/cy55231.2022.9927828
Moussaileb, R., Cuppens, N., Lanet, J., & Bouder, H. L. (2021). A survey on Windows-based ransomware taxonomy and detection Mechanisms. ACM Computing Surveys, 54(6), 1–36. https://doi.org/10.1145/3453153
Nurnoby, M. F., & El-Alfy, E. M. (2019). Overview and Case Study for Ransomware Classification Using Deep Neural Network. 2019 2nd IEEE Middle East and North Africa COMMunications Conference (MENACOMM). https://doi.org/10.1109/menacomm46666.2019.8988551
Razaulla, S., Fachkha, C., Markarian, C., Gawanmeh, A., Mansoor, W., Fung, B. C. M., & Assi, C. (2023). The Age of Ransomware: A survey on the evolution, taxonomy, and research directions. IEEE Access, 11, 40698–40723. https://doi.org/10.1109/access.2023.3268535
O'Reilly, K., & Brukhovetskyy, A. CAPE: Malware Configuration And Payload Extraction (Version 2) [Computer software]. https://github.com/kevoreilly/CAPEv2
Oz, H., Aris, A., Levi, A., & Uluagac, A. S. (2022). A survey on Ransomware: Evolution, taxonomy, and defense solutions. ACM Computing Surveys, 54(11s), 1–37. https://doi.org/10.1145/3514229
Sharma, S., Krishna, C. R., & Kumar, R. (2020). Android Ransomware Detection using Machine Learning Techniques: A Comparative Analysis on GPU and CPU (pp. 1–6). 2020 21st International Arab Conference on Information Technology (ACIT). https://doi.org/10.1109/acit50332.2020.9300108
Sharma, N., & Sangal, A. (2023). Machine Learning Approaches for Analysing Static features in Android Malware Detection. In 2023 Third International Conference on Secure Cyber Computing and Communication (ICSCCC) (pp. 93–96). IEEE. https://doi.org/10.1109/icsccc58608.2023.10176445
Sukul, M., Lakshmanan, S. A., & Gowtham, R. (2022). Automated Dynamic Detection of Ransomware using Augmented Bootstrapping. 2022 6th International Conference on Trends in Electronics and Informatics (ICOEI), 787–794. https://doi.org/10.1109/icoei53556.2022.9777099
Alzahrani, A., Alshahrani, H., Alshehri, A., & Fu, H. (2019). An Intelligent Behavior-Based Ransomware Detection System For Android Platform. In 2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). IEEE. https://doi.org/10.1109/tps-isa48467.2019.00013
Anand, P. M., Charan, P. S., & Shukla, S. K. (2022). A Comprehensive API Call Analysis for Detecting Windows-Based Ransomware. In 2022 IEEE International Conference on Cyber Security and Resilience (CSR) Workshops (pp. 337–344). IEEE. https://doi.org/10.1109/csr54599.2022.9850320
Ansel, J., Yang, E., He, H., Gimelshein, N., Jain, A., Voznesensky, M., Bao, B., Bell, P., Berard, D., Burovski, E., Chauhan, G., Chourdia, A., Constable, W., Desmaison, A., DeVito, Z., Ellison, E., Feng, W., Gong, J., Gschwind, M., . . . Chintala, S. (2024). PyTorch 2: Faster machine learning through dynamic Python bytecode transformation and graph compilation (Vol. 5, pp. 929–947). https://doi.org/10.1145/3620665.3640366
Davies, S. R., Macfarlane, R., & Buchanan, W. J. (2021). Review of current ransomware detection techniques. 2021 International Conference on Engineering and Emerging Technologies (ICEET), 1–6. https://doi.org/10.1109/iceet53442.2021.9659643
Ghazi, M. R., & Raghava, N. S. (2022). Detecting Ransomware Attacks in Cloud Environment Using Machine Learning-Based Intelligence System in COVID-19 Chaos. 2022 IEEE Conference on Interdisciplinary Approaches in Technology and Management for Social Innovation (IATMSI). https://doi.org/10.1109/iatmsi56455.2022.10119441
Hirano, M., & Kobayashi, R. (2019). Machine Learning Based Ransomware Detection Using Storage Access Patterns Obtained From Live-forensic Hypervisor (pp. 1–6). 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS). https://doi.org/10.1109/iotsms48152.2019.8939214
Hossain, M. S., Hasan, N., Samad, M. A., Shakhawat, H. M., Karmoker, J., Ahmed, F., Fuad, K. F. M. N., & Choi, K. (2022). Android ransomware detection from traffic analysis using metaheuristic feature selection. IEEE Access, 10, 128754–128763. https://doi.org/10.1109/access.2022.3227579
Hsu, C., Yang, C., Cheng, H., Setiasabda, P. E., & Leu, J. (2021). Enhancing file entropy analysis to improve machine learning detection rate of ransomware. IEEE Access, 9, 138345–138351. https://doi.org/10.1109/access.2021.3114148
Iqbal, M. J., Aurangzeb, S., Aleem, M., Srivastava, G., & Lin, J. C. (2022). RTHREatDroid: A ransomware detection approach to secure IoT based healthcare systems. IEEE Transactions on Network Science and Engineering, 10(5), 2574–2583. https://doi.org/10.1109/tnse.2022.3188597
Masum, M., Faruk, M. J. H., Shahriar, H., Qian, K., Lo, D., & Adnan, M. I. (2022). Ransomware classification and detection with machine learning algorithms. 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC), 0316–0322. https://doi.org/10.1109/ccwc54503.2022.9720869
Melaragno, A., & Casey, W. (2022). Change Point Detection with Machine Learning for Rapid Ransomware Detection. 2021 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), 1–9. https://doi.org/10.1109/dasc/picom/cbdcom/cy55231.2022.9927828
Moussaileb, R., Cuppens, N., Lanet, J., & Bouder, H. L. (2021). A survey on Windows-based ransomware taxonomy and detection Mechanisms. ACM Computing Surveys, 54(6), 1–36. https://doi.org/10.1145/3453153
Nurnoby, M. F., & El-Alfy, E. M. (2019). Overview and Case Study for Ransomware Classification Using Deep Neural Network. 2019 2nd IEEE Middle East and North Africa COMMunications Conference (MENACOMM). https://doi.org/10.1109/menacomm46666.2019.8988551
Razaulla, S., Fachkha, C., Markarian, C., Gawanmeh, A., Mansoor, W., Fung, B. C. M., & Assi, C. (2023). The Age of Ransomware: A survey on the evolution, taxonomy, and research directions. IEEE Access, 11, 40698–40723. https://doi.org/10.1109/access.2023.3268535
O'Reilly, K., & Brukhovetskyy, A. CAPE: Malware Configuration And Payload Extraction (Version 2) [Computer software]. https://github.com/kevoreilly/CAPEv2
Oz, H., Aris, A., Levi, A., & Uluagac, A. S. (2022). A survey on Ransomware: Evolution, taxonomy, and defense solutions. ACM Computing Surveys, 54(11s), 1–37. https://doi.org/10.1145/3514229
Sharma, S., Krishna, C. R., & Kumar, R. (2020). Android Ransomware Detection using Machine Learning Techniques: A Comparative Analysis on GPU and CPU (pp. 1–6). 2020 21st International Arab Conference on Information Technology (ACIT). https://doi.org/10.1109/acit50332.2020.9300108
Sharma, N., & Sangal, A. (2023). Machine Learning Approaches for Analysing Static features in Android Malware Detection. In 2023 Third International Conference on Secure Cyber Computing and Communication (ICSCCC) (pp. 93–96). IEEE. https://doi.org/10.1109/icsccc58608.2023.10176445
Sukul, M., Lakshmanan, S. A., & Gowtham, R. (2022). Automated Dynamic Detection of Ransomware using Augmented Bootstrapping. 2022 6th International Conference on Trends in Electronics and Informatics (ICOEI), 787–794. https://doi.org/10.1109/icoei53556.2022.9777099
Downloads
Published
2025-03-14
Issue
Section
Articles
How to Cite
[1]
“Testing Deep Learning Methods to Predict Ransowmare Activity from Hybrid Analysis”, Int. J. Inform. Inf. Sys. and Comp. Eng., vol. 7, no. 1, pp. 32–43, Mar. 2025, Accessed: Apr. 19, 2025. [Online]. Available: https://ojs.unikom.ac.id/index.php/injiiscom/article/view/14803
