AI-Powered Ransomware Detection Framework
|
Abstract Ransomware attacks are taking advantage of the ongoing pandemics and attacking the vulnerable systems in business, health sector, education, insurance, bank, and government sectors. Various approaches have been proposed to combat ransomware, but the dynamic nature of malware writers often bypasses the security checkpoints. There are commercial tools available in the market for ransomware analysis and detection, but their performance is questionable. This paper aims at proposing an AI-based ransomware detection framework and designing a detection tool (AIRaD) using a combination of both static and dynamic malware analysis techniques. Dynamic binary instrumentation is done using PIN tool, function call trace is analyzed leveraging Cuckoo sandbox and Ghidra. Features extracted at DLL, function call, and assembly level are processed with NLP, association rule mining techniques and fed to different machine learning classifiers. Support vector machine and Adaboost with J48 algorithms achieved the highest accuracy of 99.54% with 0.005 false-positive rates for a multi-level combined term frequency approach. |
BIO
Mr. Subash Poudyal is a cybersecurity researcher with a focus on malware analysis, data science and software engineering. He is a Ph.D. candidate at the department of computer science at The University of Memphis, Tennessee, USA. After completion of his undergraduate studies in computer science and information technology in 2011 from St. Xavier’s College, Tribhuvan University, he worked for around 5 years in the software industry being a software engineer. Mr. Poudyal joined The University of Memphis in Spring 2017. His research interests include malware analysis, reverse engineering, data mining, big data, natural language processing and AI. He has published several works in different conferences and journals. He also serves as a technical cybersecurity reviewer for various journals and conferences. Besides, he also conducts hands-on lab in topics related to web security, network analysis and malware analysis for both graduate and undergraduate students.