Skip to main content
SpringerLink
Log in

Explainable Ransomware Detection with Deep Learning Techniques

  • Invited Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

Globally, the number of internet users increases every year. As a matter of fact, we use technological devices to surf the internet, for online shopping, or just to relax and keep our relationships by spending time on social networks. By doing any of those actions, we release information that can be used in many ways, such as targeted advertising via cookies but also abused by malicious users for scams or theft. On the other hand, many detection systems have been developed with the aim to counteract malicious actions. In particular, special attention has been paid to the malware, designed to perpetrate malicious actions inside software systems and widespread through internet networks or e-mail messages. In this paper, we propose a deep learning model aimed to detect ransomware. We propose a set of experiments aimed to demonstrate that the proposed method obtains good accuracy during the training and test phases across a dataset of over 15,000 elements. Moreover, to improve our results and interpret the output obtained from the models, we have also exploited the Gradient-weighted Class Activation Mapping.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

Notes

  1. https://www.statista.com/statistics/223517/malware-infection-weekly-industries/

  2. https://www.statista.com/statistics/204457/businesses-ransomware-attack-rate/

  3. https://uploads-ssl.webflow.com/62134ca7dcc4330f8bb971b2/63e62dfd5068cfd7ce198e52_Ransomware%20Intelligence%20Global%20Report%202023.pdf

  4. https://www.welivesecurity.com/2023/02/24/year-wiper-attacks-ukraine/

  5. https://www.welivesecurity.com/2023/01/27/swiftslicer-new-destructive-wiper-malware-ukraine/

  6. https://man7.org/linux/man-pages/man1/objdump.1.html

  7. https://virusshare.com/

  8. https://www.virustotal.com/

  9. https://virusscan.jotti.org/

  10. https://martellone.iit.cnr.it/index.php/s/qdwneKipS9QtKjm

  11. https://www.virustotal.com/

  12. https://www.virustotal.com/gui/file/c4064fca94d8cfe4e9cc9cd4575d8f43

  13. https://www.virustotal.com/gui/file/c5986abc22457e7ef90a45979bfc237e

  14. https://www.virustotal.com/gui/file/d948b62659723aa3160b8b9f4f9f9377

  15. https://www.swig.org/

  16. https://www.virustotal.com/gui/file/c7d55a1bca26752f3846c85b43c1a69c

  17. https://www.virustotal.com/gui/file/cd09aa5e6d35ff7ee4f1af4aa2008452

References

  1. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.: Drebin: Effective and explainable detection of android malware in your pocket. In: Ndss, vol. 14, pp. 23–26 (2014)

  2. Bae, S.I., Lee, G.B., Im, E.G.: Ransomware detection using machine learning algorithms. Concurr. Comput. Pract. Exper. 32(18), e5422 (2020)

    Article  Google Scholar 

  3. Chen, Z.G., Kang, H.S., Yin, S.N., Kim, S.R.: Automatic ransomware detection and analysis based on dynamic api calls flow graph. In: Proceedings of the International Conference on Research in Adaptive and Convergent Systems, pp. 196–201 (2017)

  4. Cimitile, A., Martinelli, F., Mercaldo, F.: Machine learning meets ios malware: identifying malicious applications on apple environment. In: ICISSP, pp. 487–492 (2017)

  5. Cimitile, A., Martinelli, F., Mercaldo, F., Nardone, V., Santone, A.: Formal methods meet mobile code obfuscation identification of code reordering technique. In: 2017 IEEE 26th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), pp. 263–268. IEEE (2017)

  6. Elsersy, W.F., Feizollah, A., Anuar, N.B.: The rise of obfuscated android malware and impacts on detection methods. PeerJ Comput. Sci. 8, e907 (2022)

    Article  Google Scholar 

  7. Fan, M., Wei, W., Xie, X., Liu, Y., Guan, X., Liu, T.: Can we trust your explanations? sanity checks for interpreters in android malware analysis. IEEE Trans. Inf. Forensics Secur. 16, 838–853 (2020)

    Article  Google Scholar 

  8. Ferrante, A., Malek, M., Martinelli, F., Mercaldo, F., Milosevic, J.: Extinguishing ransomware-a hybrid approach to android ransomware detection. In: International Symposium on Foundations and Practice of Security, pp. 242–258. Springer (2017)

  9. Gharib, A., Ghorbani, A.: Dna-droid: A real-time android ransomware detection framework. In: International Conference on Network and System Security, pp. 184–198. Springer (2017)

  10. Gong, W., Zhang, X., Deng, B., Xu, X.: Palmprint recognition based on convolutional neural network-alexnet. In: 2019 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 313–316. IEEE (2019)

  11. Iadarola, G., Mercaldo, F., Martinelli, F., Santone, A.: Assessing deep learning predictions in image-based malware detection with activation maps. In: Security and Trust Management: 18th International Workshop, STM 2022, Copenhagen, Denmark, September 29, 2022, Proceedings, pp. 104–114. Springer (2023)

  12. Jeng, T.H., Chang, Y.C., Yang, H.H., Chen, L.K., Chen, Y.M.: A novel deep learning based attention mechanism for android malware detection and explanation. In: Proceedings of the 10th International Conference on Computer and Communications Management, pp. 226–232 (2022)

  13. Kamil, S., Norul, H.S.A.S., Firdaus, A., Usman, O.L.: The rise of ransomware: A review of attacks, detection techniques, and future challenges. In: 2022 International Conference on Business Analytics for Technology and Security (ICBATS), pp. 1–7. IEEE (2022)

  14. Khan, S., Rahmani, H., Shah, S.A.A., Bennamoun, M.: A guide to convolutional neural networks for computer vision. Comput. Vis. 8(1), 1–207 (2018)

    Google Scholar 

  15. Kinkead, M., Millar, S., McLaughlin, N., OKane, P.: Towards explainable cnns for android malware detection. Procedia Comput. Sci. 184, 959–965 (2021)

    Article  Google Scholar 

  16. Krizhevsky, A., Sutskever, I., Hinton, G.E.: Imagenet classification with deep convolutional neural networks. Adv. Neural. Inf. Process. Syst. 25, 1097–1105 (2012)

    Google Scholar 

  17. LeCun, Y., Bottou, L., Bengio, Y., Haffner, P.: Gradient-based learning applied to document recognition. Proc. IEEE 86(11), 2278–2324 (1998)

  18. Liao, K., Zhao, Z., Doupé, A., Ahn, G.J.: Behind closed doors: measurement and analysis of cryptolocker ransoms in bitcoin. In: 2016 APWG symposium on electronic crime research (eCrime), pp. 1–13. IEEE (2016)

  19. Liu, Y., Tantithamthavorn, C., Li, L., Liu, Y.: Explainable ai for android malware detection: Towards understanding why the models perform so well? In: 2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE), pp. 169–180. IEEE (2022)

  20. Martinelli, F., Mercaldo, F., Santone, A.: Water meter reading for smart grid monitoring. Sensors 23(1), 75 (2023)

    Article  Google Scholar 

  21. Mercaldo, F., Nardone, V., Santone, A., Visaggio, C.A.: Hey malware, i can find you! In: 2016 IEEE 25th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), pp. 261–262. IEEE (2016)

  22. Mercaldo, F., Santone, A.: Transfer learning for mobile real-time face mask detection and localization. J. Am. Med. Inform. Assoc. 28(7), 1548–1554 (2021)

    Article  Google Scholar 

  23. Mohammad, A.H.: Ransomware evolution, growth and recommendation for detection. Mod. Appl. Sci. 14(3), 68 (2020)

    Article  Google Scholar 

  24. Ribeiro, M., Singh, S., Guestrin, C.: Why should i trust you?: explaining the predictions of any classifier. arxiv:1602.04938 cs stat. 2016 (2019)

  25. Selvaraju, R.R., Cogswell, M., Das, A., Vedantam, R., Parikh, D., Batra, D.: Grad-cam: Visual explanations from deep networks via gradient-based localization. In: Proceedings of the IEEE international conference on computer vision, pp. 618–626 (2017)

  26. Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)

  27. Vinayakumar, R., Soman, K., Velan, K.S., Ganorkar, S.: Evaluating shallow and deep networks for ransomware detection and classification. In: 2017 international conference on advances in computing, communications and informatics (ICACCI), pp. 259–265. IEEE (2017)

  28. Wu, B., Chen, S., Gao, C., Fan, L., Liu, Y., Wen, W., Lyu, M.R.: Why an android app is classified as malware: toward malware classification interpretation. ACM Trans. Softw. Eng. Methodol. 30(2), 1–29 (2021)

    Article  Google Scholar 

  29. Xing, X., Jin, X., Elahi, H., Jiang, H., Wang, G.: A malware detection approach using autoencoder in deep learning. IEEE Access 10, 25696–25706 (2022)

  30. Zhou, B., Khosla, A., Lapedriza, A., Oliva, A., Torralba, A.: Learning deep features for discriminative localization. In: Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 2921–2929 (2016)

Download references

Acknowledgements

This work has been partially supported by EU DUCA, EU CyberSecPro, EU E-CORRIDOR, PTR 22-24 P2.01 (Cybersecurity) and SERICS (PE00000014) under the MUR National Recovery and Resilience Plan funded by the EU - NextGenerationEU projects.

Author information

Authors and Affiliations

  1. Istituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Pisa, Italy

    Giovanni Ciaramella, Giacomo Iadarola, Fabio Martinelli & Francesco Mercaldo

  2. Department of Medicine and Health Sciences “Vincenzo Tiberio”, University of Molise, Campobasso, Italy

    Francesco Mercaldo & Antonella Santone

Authors
  1. Giovanni Ciaramella
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Giacomo Iadarola
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fabio Martinelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Francesco Mercaldo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Antonella Santone
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Francesco Mercaldo.

Ethics declarations

Conflict of interest

All authors confirm that there are not potential conflicts of interest include employment, consultancies, stock ownership, honoraria, paid expert testimony, patent applications/registrations, and grants or other funding.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ciaramella, G., Iadarola, G., Martinelli, F. et al. Explainable Ransomware Detection with Deep Learning Techniques. J Comput Virol Hack Tech 20, 317–330 (2024). https://doi.org/10.1007/s11416-023-00501-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-023-00501-1

Keywords

Search

Navigation