Skip to main content

Advertisement

Log in

Detecting ransomware attacks using intelligent algorithms: recent development and next direction from deep learning and big data perspectives

  • Original Research
  • Published:
Journal of Ambient Intelligence and Humanized Computing Aims and scope Submit manuscript

Abstract

Recently, cybercriminals have infiltrated different sectors of the human venture to launch ransomware attacks against information technology infrastructure. They demand ransom from individuals and industries, thereby inflicting significant loss of data. The use of intelligent algorithms for ransomware attack detection began to gain popularity in recent times and proved feasible. However, no comprehensive dedicated literature review on the applications of intelligent machine learning algorithms to detect ransomware attacks on information technology infrastructure. Unlike the previous reviews on ransomware attacks, this paper aims to conduct a comprehensive survey on the detection of ransomware attacks using intelligent machine learning algorithms. The study analysed literature from different perspectives focusing on intelligent algorithms detection of ransomware. The survey shows that there is a growing interest in recent times (2016—date) on the application of intelligent algorithms for ransomware detection. Deep learning algorithms are gaining tremendous attention because of their ability to handle large scale datasets, prominence in the research community, and ability to solve problems better than the conventional intelligent algorithms. To date, the potentials of big data analytics are yet to be fully exploited for the smart detection of ransomware attacks. Future research opportunities from the perspective of deep learning and big data analytics to solve the challenges identified from the survey are outlined to give the research community a new direction in dealing with ransomware attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

References

  • Digital Guardian (2019) A history of ransomware attacks: the biggest and worst ransomware attacks of all time. https://digitalguardian.com/blog/history-ransomware-attacks-biggest-and-worst-ransomware-attacks-all-time. Accessed 17 Dec 2019

  • Abdullahi AU, Ahmad R, Zakaria NM (2016) Big data: performance profiling of meteorological and oceanographic data on hive. In: Paper presented at the 2016 3rd international conference on computer and information sciences (ICCOINS).

  • Acharya UR, Fujita H, Oh SL, Hagiwara Y, Tan JH, Adam M (2017) Application of deep convolutional neural network for automated detection of myocardial infarction using ECG signals. Inf Sci 415:190–198

    Article  Google Scholar 

  • Agrawal R, Stokes JW, Selvaraj K, Marinescu M (2019) Attention in recurrent neural networks for ransomware detection. In: Paper presented at the ICASSP 2019–2019 IEEE international conference on acoustics, speech and signal processing (ICASSP).

  • Ahmadian MM, Shahriari HR (2016) 2entFOX: a framework for high survivable ransomwares detection. In: 2016 13th international iranian society of cryptology conference on information security and cryptology (ISCISC), 7-8 Sept 2016. IEEE, Tehran, Iran, pp 79–84

  • Al-Hawawreh M, Sitnikova E (2019) Leveraging deep learning models for ransomware detection in the industrial internet of things environment. In: Paper presented at the 2019 military communications and information systems conference (MilCIS).

  • Alhawi OM, Baldwin J, Dehghantanha A (2018) Leveraging machine learning techniques for windows ransomware network traffic detection. Cyber Threat Intell 70:93–106

    Article  Google Scholar 

  • Almashhadani AO, Kaiiali M, Sezer S, O’Kane P (2019) A multi-classifier network-based crypto ransomware detection system: a case study of locky ransomware. IEEE Access 7:47053–47067

    Article  Google Scholar 

  • Alrawashdeh K, Purdy C (2018) Ransomware detection using limited precision deep learning structure in fpga. In: Paper presented at the NAECON 2018-IEEE national aerospace and electronics conference.

  • Al-rimy BAS, Maarof MA, Shaid SZM (2018) Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. Comput Secur 74:144–166

    Article  Google Scholar 

  • Al-rimy BAS, Maarof MA, Shaid SZM (2019) Crypto-ransomware early detection model using novel incremental bagging with enhanced semi-random subspace selection. Future Gener Comput Syst 101:476–491

    Article  Google Scholar 

  • Amanullah MA, Habeeb RAA, Nasaruddin FH, Gani A, Ahmed E, Nainar ASM, Imran M (2020) Deep learning and big data technologies for IoT security. Comput Commun. https://doi.org/10.1016/j.comcom.2020.01.016

    Article  Google Scholar 

  • Andronio N, Zanero S, Maggi F (2015) Heldroid: dissecting and detecting mobile ransomware. In: Paper presented at the international symposium on recent advances in intrusion detection.

  • Ashraf A, Aziz A, Zahoora U, Khan A (2019) Ransomware analysis using feature engineering and deep neural networks. arXiv preprint. http://arxiv.org/abs/1910.00286

  • Aurangzeb S, Aleem M, Iqbal MA, Islam MA (2017) Ransomware: a survey and trends. J Inf Assur Secur 6(2):48–58

    Google Scholar 

  • Bae SI, Lee GB, Im EG (2019) Ransomware detection using machine learning algorithms. Concurr Comput Pract Exp 32:e5422

    Google Scholar 

  • Berrueta E, Morato D, Magaña E, Izal M (2019) A survey on detection techniques for cryptographic ransomware. IEEE Access 7:144925–144944

    Article  Google Scholar 

  • Bhardwaj A, Avasthi V, Sastry H, Subrahmanyam G (2016) Ransomware digital extortion: a rising new age threat. Indian J Sci Technol 9(14):1–5

    Article  Google Scholar 

  • Bibi I, Akhunzada A, Malik J, Ahmed G, Raza M (2019) An effective android ransomware detection through multi-factor feature filtration and recurrent neural network. In: Paper presented at the 2019 UK/China Emerging Technologies (UCET).

  • Breiman L (2001) Random forests. Mach Learn 45(1):5–32

    Article  MATH  Google Scholar 

  • Chaudhary R, Aujla GS, Kumar N, Zeadally S (2018) Lattice based public key cryptosystem for internet of things environment: challenges and solutions. IEEE Internet Things J 6:4897–4909

    Article  Google Scholar 

  • Chen J, Wang C, Zhao Z, Chen K, Du R, Ahn G-J (2017a) Uncovering the face of android ransomware: characterization and real-time detection. IEEE Trans Inf Forensics Secur 13(5):1286–1300

    Article  Google Scholar 

  • Chen Y-C, Li Y-J, Tseng A, Lin T (2017b) Deep learning for malicious flow detection. In: Paper presented at the 2017 IEEE 28th annual international symposium on personal, indoor, and mobile radio communications (PIMRC).

  • Chong H (2017) SeCBD: the application idea from study evaluation of ransomware attack method in big data architecture. Procedia Comput Sci 116:358–364

    Article  Google Scholar 

  • Cohen A, Nissim N (2018) Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory. Expert Syst Appl 102:158–178

    Article  Google Scholar 

  • Connolly LY, Wall DS (2019) The rise of crypto-ransomware in a changing cybercrime landscape: taxonomising countermeasures. Comput Secur 87:101568

    Article  Google Scholar 

  • Conti M, Gangwal A, Ruj S (2018) On the economic significance of ransomware campaigns: a bitcoin transactions perspective. Comput Secur 79:162–189

    Article  Google Scholar 

  • Cusack G, Michel O, Keller E (2018) Machine learning-based detection of ransomware using SDN, pp 1–6. https://doi.org/10.1145/3180465.3180467. Accessed 17 Dec 2019

  • Daku H, Zavarsky P, Malik Y (2018) Behavioral-based classification and identification of ransomware variants using machine learning. In: Paper presented at the 2018 17th IEEE international conference on trust, security and privacy in computing and communications/12th IEEE international conference on big data science and engineering (TrustCom/BigDataSE).

  • Damshenas M, Dehghantanha A, Mahmoud R (2013) A survey on malware propagation, analysis, and detection. Int J Cyber Secur Digit Forensics 2(4):10–30

    Google Scholar 

  • Druva (2017) Druva releases annual enterprise ransomware report. https://www.globenewswire.com/news-release/2017/06/28/1217348/0/en/Druva-Releases-Annual-Enterprise-Ransomware-Report.html. Accessed 17 Dec 2019

  • Feizollah A, Anuar NB, Salleh R, Wahab AWA (2015) A review on feature selection in mobile malware detection. Digit Investig 13:22–37

    Article  Google Scholar 

  • Fernandez Maimo L, Huertas Celdran A, Perales Gomez AL, Clemente G, Félix J, Weimer J, Lee I (2019) Intelligent and dynamic ransomware spread detection and mitigation in integrated clinical environments. Sensors 19(5):1114

    Article  Google Scholar 

  • Frank E, Hall MA, Witten IH (2016) The WEKA workbench. Morgan Kaufmann

  • Gómez-Hernández J, Álvarez-González L, García-Teodoro P (2018) R-Locker: thwarting ransomware action through a honeyfile-based approach. Comput Secur 73:389–398

    Article  Google Scholar 

  • Hansen SS, Larsen TMT, Stevanovic M, Pedersen JM (2016) An approach for detection and family classification of malware based on behavioral analysis. In: Paper presented at the 2016 international conference on computing, networking and communications (ICNC).

  • Haque IRI, Neubert J (2020) Deep learning approaches to biomedical image segmentation. Inform Med Unlocked 18:100297

    Article  Google Scholar 

  • Harikrishnan N, Soman K (2018) Detecting ransomware using GURLS. In: Paper presented at the 2018 second international conference on advances in electronics, computers and communications (ICAECC).

  • Hatcher WG, Yu W (2018) A survey of deep learning: platforms, applications and emerging research trends. IEEE Access 6:24411–24432

    Article  Google Scholar 

  • Homayoun S, Dehghantanha A, Ahmadzadeh M, Hashemi S, Khayami R, Choo K-KR, Newton DE (2019) DRTHIS: Deep ransomware threat hunting and intelligence system at the fog layer. Future Gener Comput Syst 90:94–104. https://doi.org/10.1016/j.future.2018.07.045

    Article  Google Scholar 

  • Javaheri D, Hosseinzadeh M, Rahmani AM (2018) Detection and elimination of spyware and ransomware by intercepting Kernel-Level system routines. IEEE Access 6:78321–78332

    Article  Google Scholar 

  • Joseph DP, Norman J (2020) A review and analysis of ransomware using memory forensics and its tools. Smart intelligent computing and applications. Springer, Berlin, pp 505–514

    Chapter  Google Scholar 

  • Kharraz A, Robertson W, Balzarotti D, Bilge L, Kirda E (2015) Cutting the gordian knot: a look under the hood of ransomware attacks. In: Paper presented at the international conference on detection of intrusions and malware, and vulnerability assessment.

  • King D (2017) Detect and protect. ITNOW 59(4):54–55

    Article  Google Scholar 

  • Kok S, Abdullah A, Jhanjhi N, Supramaniam M (2019) Ransomware, threat and detection techniques: a review. Int J Comput Sci Netw Secur 19(2):136

    Google Scholar 

  • Lachtar N, Ibdah D, Bacha A (2019) The case for native instructions in the detection of mobile ransomware. IEEE Lett Comput Soc 2:16–196

    Article  Google Scholar 

  • LeCun Y, Bengio Y, Hinton G (2015) Deep learning. Nature 521(7553):436–444

    Article  Google Scholar 

  • Lee S, Kim HK, Kim K (2019) Ransomware protection using the moving target defense perspective. Comput Electr Eng 78:288–299

    Article  Google Scholar 

  • Lu T, Zhang L, Wang S, Gong Q (2017) Ransomware detection based on v-detector negative selection algorithm. In: Paper presented at the 2017 international conference on security, pattern analysis, and cybernetics (SPAC).

  • Maigida AM, Olalere M, Alhassan JK, Chiroma H, Dada EG (2019) Systematic literature review and metadata analysis of ransomware attacks and detection mechanisms. J Reliab Intell Environ 5(2):67–89

    Article  Google Scholar 

  • Maniath S, Ashok A, Poornachandran P, Sujadevi V, Sankar AP, Jan S (2017) Deep learning LSTM based ransomware detection. In: Paper presented at the 2017 recent developments in control, automation and power engineering (RDCAPE).

  • Martín A, Hernandez-Castro J, Camacho D (2018) An in-depth study of the Jisut family of android ransomware. IEEE Access 6:57205–57218

    Article  Google Scholar 

  • Min D, Park D, Ahn J, Walker R, Lee J, Park S, Kim Y (2018) Amoeba: an autonomous backup and recovery SSD for ransomware attack defense. IEEE Comput Archit Lett 17(2):245–248

    Article  Google Scholar 

  • Mohammadi M, Al-Fuqaha A, Sorour S, Guizani M (2018) Deep learning for IoT big data and streaming analytics: a survey. IEEE Commun Surv Tutor 20(4):2923–2960

    Article  Google Scholar 

  • Muna A-H, den Hartog F, Sitnikova E (2019) Targeted ransomware: a new cyber threat to edge system of brownfield industrial internet of things. IEEE Internet Things J 6:7137–7151

    Article  Google Scholar 

  • National Vulnerability Databasa (2017) CVE-2017-0144 Detail. https://nvd.nist.gov/vuln/detail/CVE-2017-0144. Accessed 17 Dec 2019

  • O’Kane P, Sezer S, Carlin D (2018) Evolution of ransomware. IET Networks 7(5):321–327

    Article  Google Scholar 

  • Pathak P, Nanded YM (2016) A dangerous trend of cybercrime: ransomware growing challenge. Int J Adv Res Comput Eng Technol 5(2):371–373

    Google Scholar 

  • Pluskal O (2015) Behavioural malware detection using efficient SVM implementation. In: Paper presented at the proceedings of the 2015 conference on research in adaptive and convergent systems.

  • Poudyal S, Subedi KP, Dasgupta D (2018) A framework for analyzing ransomware using machine learning. In: Paper presented at the 2018 IEEE symposium series on computational intelligence (SSCI).

  • Richardson R, North MM (2017) Ransomware: evolution, mitigation and prevention. Int Manag Rev 13(1):10

    Google Scholar 

  • Sabharwal S, Sharma S (2020) Ransomware attack: India issues red alert. Emerging technology in modelling and graphics. Springer, Berlin, pp 471–484

    Chapter  Google Scholar 

  • Savage K, Coogan P, Lau H (2015) The evolution of ransomware. Symantec, Mountain View

    Google Scholar 

  • Scaife N, Carter H, Traynor P, Butler KR (2016) Cryptolock (and drop it): stopping ransomware attacks on user data. In: Paper presented at the 2016 IEEE 36th international conference on distributed computing systems (ICDCS).

  • Scalas M, Maiorca D, Mercaldo F, Visaggio CA, Martinelli F, Giacinto G (2019) On the effectiveness of system API-related information for android ransomware detection. Comput Secur 86:168–182

    Article  Google Scholar 

  • Sgandurra D, Muñoz-González L, Mohsen R, Lupu EC (2016) Automated dynamic analysis of ransomware: benefits, limitations and use for detection. arXiv preprint. http://arxiv.org/abs/1609.03020

  • Shakir HA, Jaber AN (2017) A short review for ransomware: pros and cons. In: Paper presented at the international conference on P2P, parallel, grid, cloud and internet computing.

  • Sharmeen S, Ahmed YA, Huda S, Koçer B, Hassan MM (2020) Avoiding future digital extortion through robust protection against ransomware threats using deep learning based adaptive approaches. IEEE Access. 8:24522–24534

    Article  Google Scholar 

  • Shaukat SK, Ribeiro VJ (2018) RansomWall: a layered defense system against cryptographic ransomware attacks using machine learning. In: Paper presented at the 2018 10th international conference on communication systems and networks (COMSNETS).

  • Shukla M, Mondal S, Lodha S (2016) Poster: locally virtualized environment for mitigating ransomware threat. In: Paper presented at the proceedings of the 2016 ACM SIGSAC conference on computer and communications security.

  • Song S, Kim B, Lee S (2016) The effective ransomware prevention technique using process monitoring on android platform. Mobile Inf Syst 2016:9

    Google Scholar 

  • Su D, Liu J, Wang X, Wang W (2018) Detecting android locker-ransomware on chinese social networks. IEEE Access 7:20381–20393

    Article  Google Scholar 

  • Symantec (2019) 2019 internet security threat report. https://www.symantec.com/en/uk/security-center/threat-report. Accessed 17 Dec 2019

  • Verma M, Kumarguru P, Deb SB, Gupta A (2018) Analysing indicator of compromises for ransomware: leveraging IOCs with machine learning techniques. In: Paper presented at the 2018 IEEE international conference on intelligence and security informatics (ISI).

  • Villalba LJG, Orozco ALS, Vivar AL, Vega EAA, Kim T-H (2018) Ransomware automatic data acquisition tool. IEEE Access 6:55043–55052

    Article  Google Scholar 

  • Vinayakumar R, Soman K, Velan KS, Ganorkar S (2017) Evaluating shallow and deep networks for ransomware detection and classification. In: Paper presented at the 2017 international conference on advances in computing, communications and informatics (ICACCI).

  • Vinayakumar R, Alazab M, Jolfaei A, Soman K, Poornachandran P (2019) Ransomware triage using deep learning: twitter as a case study. In: Paper presented at the 2019 cybersecurity and cyberforensics conference (CCC).

  • Wan Y-L, Chang J-C, Chen R-J, Wang S-J (2018) Feature-selection-based ransomware detection with machine learning of data analysis. In: Paper presented at the 2018 3rd international conference on computer and communication systems (ICCCS).

  • Yaqoob I, Ahmed E, Rehman MH, Ahmed AIA, Al-garadi MA, Imran M, Guizani M (2017) The rise of ransomware and emerging security challenges in the internet of things. Comput Netw 129:444–458

    Article  Google Scholar 

  • Zhang B, Xiao W, Xiao X, Sangaiah AK, Zhang W, Zhang J (2019) Ransomware classification using patch-based CNN and self-attention network on embedded N-grams of opcodes. Future Gener Comput Syst 110:708–720

    Article  Google Scholar 

  • Zhang H, Xiao X, Mercaldo F, Ni S, Martinelli F, Sangaiah AK (2019) Classification of ransomware families with machine learning based on N-gram of opcodes. Future Gener Comput Syst 90:211–221. https://doi.org/10.1016/j.future.2018.07.052

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Haruna Chiroma.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bello, I., Chiroma, H., Abdullahi, U.A. et al. Detecting ransomware attacks using intelligent algorithms: recent development and next direction from deep learning and big data perspectives. J Ambient Intell Human Comput 12, 8699–8717 (2021). https://doi.org/10.1007/s12652-020-02630-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12652-020-02630-7

Keywords

Navigation