Skip to main content
SpringerLink
Log in

Static Ransomware Analysis Using Machine Learning and Deep Learning Models

  • Conference paper
  • First Online:
Advances in Cyber Security (ACeS 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1347))

Included in the following conference series:

Abstract

Ransomware is a malware which may publish the users data or may block genuine access to it unless a ransom is paid by the user. This kind of malware belongs to cryptovirology. It has become increasingly popular as a cyber threat and is highly destructive, causing an immense loss for unprepared users and businesses. In this work, we use a data set of about 50K samples, out of which, about 23K are ransomware, and 27K are benign. The malware samples are downloaded from publicly available repositories such as Virusshare, and benign files are crawled from online software hosting websites. We design and deploy a static analysis tool using machine learning that scans and gives general information while also detecting the nature of a portable executable file given as input. Our model offers an accuracy of 99.68%. We also provide a command-line based application using Python that shows general file information and characteristics and predicts the malicious nature of the given portable executable.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Pefile (2019). github.com/erocarrera/pefile

  2. Exiftool (2020). https://github.com/exiftool/exiftool

  3. Abbott, L.: Sourceforge (1999). https://sourceforge.net/directory/os:windows/. Accessed 10 May 2020

  4. Ahire, J.B.: The artificial neural networks handbook: Part 1 (2018). https://medium.com/coinmonks/the-artificial-neural-networks-handbook-part-1-f9ceb0e376b4

  5. Aurangzeb, S., Aleem, M., Iqbal, M., Islam, A.: Ransomware: a survey and trends. J. Inf. Assurance Secur. (ESCI - Thomson Reuters Indexed), June 2017. ISSN: 1554–101, 12:2–5

    Google Scholar 

  6. Birant, D., Kut, A.: ST-DBSCAN: an algorithm for clustering spatial-temporal data. Data Knowl. Eng. 60(1), 208–221 (2007)

    Article  Google Scholar 

  7. Ceschin, F., Grégio, A., Menotti, D.: Need for Speed: Analysis of Brazilian Malware Classifiers’ Expiration Date. Ph.D. thesis, February 2018

    Google Scholar 

  8. Diago, T.: Softonic (2004). https://en.softonic.com/windows. Accessed 10 May 2020

  9. Dogru , N., Subasi, A.: Traffic accident detection using random forest classifier. In: 2018 15th Learning and Technology Conference (L&T), pp. 40–45. IEEE (2018)

    Google Scholar 

  10. Gorham, M.: 2019 internet crime report (2019). https://pdf.ic3.gov/2019_IC3Report.pdf/

  11. Guglielmo, C.: CNET (1994). https://download.cnet.com/s/software/windows/?licenseType=Free. Accessed 10 May 2020

  12. Han, K., Kang, B.J., Im, E.G.: Malware classification using instruction frequencies. In: Proceedings of the 2011 ACM Research in Applied Computation Symposium, RACS 2011, December 2011

    Google Scholar 

  13. Hassen, M., Carvalho, M., Chan, P.: Malware classification using static analysis based features, pp. 1–7, November 2017

    Google Scholar 

  14. Kiltz, S., Lang, A., Dittmann, J.: Malware, chapter, January 2007

    Google Scholar 

  15. Kiru, M., Aman, J.: The Age of Ransomware: Understanding Ransomware and Its Countermeasures, pp. 1–37, January 2019

    Google Scholar 

  16. Kujawa, A., et al.: 2020 state of malware report (2020). https://resources.malwarebytes.com/files/2020/02/2020_State-of-Malware-Report.pdf

  17. Lee, K., Lee, S., Yim, K.: Machine learning based file entropy analysis for ransomware detection in backup systems. IEEE Access PP, 1 (2019)

    Google Scholar 

  18. McAfee. Mcafee labs 2017 threats predictions (2017). https://www.mcafee.com/enterprise/en-us/assets/reports/rp-threats-predictions-2017.pdf

  19. Microsoft. Microsoft’s Dumpbin Utility for Windows (2019). https://docs.microsoft.com/en-us/cpp/build/reference/dumpbin-reference?view=vs-2019. Accessed 28 May 28, 2020

  20. Mohammed, M., Khan, M., Bashier, E.: Machine Learning: Algorithms and Applications, June 2016

    Google Scholar 

  21. Nagpal, B., Wadhwa, V.: Cryptoviral extortion: evolution, scenarios, and analysis. In: Lobiyal, D.K., Mohapatra, D.P., Nagar, A., Sahoo, M.N. (eds.) Proceedings of the International Conference on Signal, Networks, Computing, and Systems. LNEE, vol. 396, pp. 309–316. Springer, New Delhi (2016). https://doi.org/10.1007/978-81-322-3589-7_34

    Chapter  Google Scholar 

  22. Nielsen, M.A.: Neural networks and deep learning, volume 2018. Determination press San Francisco, CA (2015)

    Google Scholar 

  23. Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., Duchesnay, E.: Scikit-learn: machine learning in python. J. Mach. Learn. Res. 12, 2825–2830 (2011)

    MathSciNet  MATH  Google Scholar 

  24. Pickle. Python’s pickle library (2011). github.com/python/cpython/blob/master/Lib/pickle.py

  25. Raman, K., et al.: Selecting features to classify malware. InfoSec Southwest (2012)

    Google Scholar 

  26. Seghouane, A.-K., Fleury, G.: A cost function for learning feedforward neural networks subject to noisy inputs, vol. 2, pp. 386–389, February 2001

    Google Scholar 

  27. Sgandurra, D., Muñoz-González, L., Mohsen, R., Lupu, E.: Automated dynamic analysis of ransomware: benefits, limitations and use for detection, September 2016

    Google Scholar 

  28. Shah, N., Farik, M.: Ransomware-threats, vulnerabilities and recommendations. Int. J. Sci. Technol. Res. 6, 307–309 (2017)

    Google Scholar 

  29. Nir Sofer. Hashmyfiles v2.17 (2015). https://github.com/foreni-packages/hashmyfiles

  30. Soucy, P., Mineau,G.W.: A simple knn algorithm for text categorization. In: Proceedings 2001 IEEE International Conference on Data Mining, pp. 647–648. IEEE (2001)

    Google Scholar 

  31. Suykens, J.A.K., Vandewalle, J.: Least squares support vector machine classifiers. Neural Process. Lett. 9(3), 293–300 (1999)

    Article  Google Scholar 

  32. Taha, A., Praptodiyono, S., Almomani, A., Anbar, M., Ramadass, S.: Malware detection based on evolving clustering method for classification. 7, 2031–2036 (2012)

    Google Scholar 

  33. Trautman, L., Ormerod, P.: Wannacry, ransomware, and the emerging threat to corporations. SSRN Electron. J.01 2018

    Google Scholar 

  34. VirusShare. Malware Repository. https://virusshare.com/, 2011

  35. Wang, X., Wang, Z., Shao, W., Jia, C., Li, X.: Explaining concept drift of deep learning models, pp. 524–534, January 2020

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. JSS Academy of Technical Education, Noida, India

    Kartikeya Gaur

  2. C3i Center, Department of CSE, Indian Institute of Technology, Kanpur, India

    Nitesh Kumar, Anand Handa & Sandeep K. Shukla

Authors
  1. Kartikeya Gaur
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nitesh Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Anand Handa
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sandeep K. Shukla
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Anand Handa .

Editor information

Editors and Affiliations

  1. National Advanced IPv6 Centre, Universiti Sains Malaysia, Penang, Malaysia

    Mohammed Anbar

  2. Hodeidah University, Hodeidah, Yemen

    Nibras Abdullah

  3. National Advanced IPv6 Centre, Universiti Sains Malaysia, Penang, Malaysia

    Selvakumar Manickam

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gaur, K., Kumar, N., Handa, A., Shukla, S.K. (2021). Static Ransomware Analysis Using Machine Learning and Deep Learning Models. In: Anbar, M., Abdullah, N., Manickam, S. (eds) Advances in Cyber Security. ACeS 2020. Communications in Computer and Information Science, vol 1347. Springer, Singapore. https://doi.org/10.1007/978-981-33-6835-4_30

Download citation

  • DOI: https://doi.org/10.1007/978-981-33-6835-4_30

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-33-6834-7

  • Online ISBN: 978-981-33-6835-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation