Abstract
In recent times, there has been a global surge of ransomware attacks targeted at industries of various types and sizes from retail to critical infrastructure. Ransomware researchers are constantly coming across new kinds of ransomware samples every day and discovering novel ransomware families out in the wild. To mitigate this ever-growing menace, academia and industry-based security researchers have been utilizing unique ways to defend against this type of cyber-Attacks. I/O Request Packet (IRP), a low-level file system I/O log, is a newly found research paradigm for defense against ransomware that is being explored frequently. As such in this study, to learn granular level, actionable insights of ransomware behavior, we analyze the IRP logs of 272 ransomware samples belonging to 18 different ransomware families captured during individual execution. We further our analysis by building an effective Artificial Neural Network (ANN) structure for successful ransomware detection by learning the underlying patterns of the IRP logs. We evaluate the ANN model with three different experimental settings to prove the effectiveness of our approach. The model demonstrates outstanding performance in terms of accuracy, precision score, recall score, and F1 score, i.e., in the range of 99.7%±0.2%.
Original language | English |
---|---|
Title of host publication | Proceedings - 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science, IRI 2020 |
Place of Publication | Piscataway, NJ |
Publisher | IEEE |
Pages | 319-324 |
Number of pages | 6 |
ISBN (Electronic) | 978-1-7281-1054-7 |
ISBN (Print) | 978-1-7281-1055-4 |
DOIs | |
Publication status | Published - Aug 2020 |
Event | 21st IEEE International Conference on Information Reuse and Integration for Data Science, IRI 2020 - Virtual, Las Vegas, United States Duration: 11 Aug 2020 → 13 Aug 2020 Conference number: 21 |
Conference
Conference | 21st IEEE International Conference on Information Reuse and Integration for Data Science, IRI 2020 |
---|---|
Abbreviated title | IRI 2020 |
Country/Territory | United States |
City | Virtual, Las Vegas |
Period | 11/08/20 → 13/08/20 |
Keywords
- Artificial Neural Network
- I/O Monitoring
- Malware
- Ransomware