Behavioral-based classification and identification of ransomware variants using machine learning

  • Author(s) / Creator(s)
  • Due to the changing behavior of ransomware, traditional classification and detection techniques do not accurately detect new variants of ransomware. Attackers use polymorphic and
    metamorphic techniques to avoid detection of signature -based systems. We use machine learning classification to identify modified variants of ransomware based on their behavior. To conduct our
    study, we used behavioral reports of 150 ransomware samples from 10 different ransomware families. Our data-set includes some of the newest ransomware samples available, providing an evaluation of the classification accuracy of machine learning algorithms on the current evolving status of ransomware. An iterative approach is used to identify optimum behavioral attributes used to achieve best classification accuracy. During behavioral attributes selection process, accuracy of machine learning algorithms has been used to verify improvements on the results of classification. Two main parts of this study are identification of the behavioral attributes which can be used for optimal classification accuracy and classification of ransomware using machine learning algorithms. We have evaluated classification accuracy of three machine learning classification algorithms.

  • Date created
  • Subjects / Keywords
  • Type of Item
    Research Material
  • DOI
  • License
    Attribution-NonCommercial 4.0 International