An I/O Request Packet (IRP) Driven Effective Ransomware Detection Scheme using Artificial Neural Network

Md Ahsan Ayub, Andrea Continella, Ambareen Siraj

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

7 Citations (Scopus)
73 Downloads (Pure)

Abstract

In recent times, there has been a global surge of ransomware attacks targeted at industries of various types and sizes from retail to critical infrastructure. Ransomware researchers are constantly coming across new kinds of ransomware samples every day and discovering novel ransomware families out in the wild. To mitigate this ever-growing menace, academia and industry-based security researchers have been utilizing unique ways to defend against this type of cyber-Attacks. I/O Request Packet (IRP), a low-level file system I/O log, is a newly found research paradigm for defense against ransomware that is being explored frequently. As such in this study, to learn granular level, actionable insights of ransomware behavior, we analyze the IRP logs of 272 ransomware samples belonging to 18 different ransomware families captured during individual execution. We further our analysis by building an effective Artificial Neural Network (ANN) structure for successful ransomware detection by learning the underlying patterns of the IRP logs. We evaluate the ANN model with three different experimental settings to prove the effectiveness of our approach. The model demonstrates outstanding performance in terms of accuracy, precision score, recall score, and F1 score, i.e., in the range of 99.7%±0.2%.

Original languageEnglish
Title of host publicationProceedings - 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science, IRI 2020
Place of PublicationPiscataway, NJ
PublisherIEEE
Pages319-324
Number of pages6
ISBN (Electronic)978-1-7281-1054-7
ISBN (Print)978-1-7281-1055-4
DOIs
Publication statusPublished - Aug 2020
Event21st IEEE International Conference on Information Reuse and Integration for Data Science, IRI 2020 - Virtual, Las Vegas, United States
Duration: 11 Aug 202013 Aug 2020
Conference number: 21

Conference

Conference21st IEEE International Conference on Information Reuse and Integration for Data Science, IRI 2020
Abbreviated titleIRI 2020
Country/TerritoryUnited States
CityVirtual, Las Vegas
Period11/08/2013/08/20

Keywords

  • Artificial Neural Network
  • I/O Monitoring
  • Malware
  • Ransomware

Fingerprint

Dive into the research topics of 'An I/O Request Packet (IRP) Driven Effective Ransomware Detection Scheme using Artificial Neural Network'. Together they form a unique fingerprint.

Cite this