RENTAKA: A novel machine learning framework for crypto-ransomware pre-encryption detection

S. M. M Yassin, S. M. Warusia Mohamed and Abdollah, Mohd Faizal and Mohd, Othman and Ariffin, Aswami (2022) RENTAKA: A novel machine learning framework for crypto-ransomware pre-encryption detection. International Journal of Advanced Computer Science and Applications, 13 (5). pp. 378-385. ISSN 2158-107X

Text
RENTAKA.PDF
Download (879kB)

Official URL: https://thesai.org/Downloads/Volume13No5/Paper_45-...

Abstract

Crypto ransomware is malware that locks its victim’s file for ransom using an encryption algorithm. Its popularity has risen at an alarming rate among the cyber community due to several successful worldwide attacks. The encryption employed had caused irreversible damage to the victim’s digital files, even when the victim chose to pay the ransom. As a result, cybercriminals have found ransomware a lucrative and profitable cyber-extortion approach. The increasing computing power, memory, cryptography, and digital currency advancement have caused ransomware attacks. It spreads through phishing emails, encrypting sensitive data, and causing harm to the designated client. Most research in ransomware detection focuses on detecting during the encryption and post-attack phase. However, the damage done by crypto-ransomware is almost impossible to reverse, and there is a need for an early detection mechanism. For early detection of crypto-ransomware, behavior-based detection techniques are the most effective. This work describes RENTAKA, a framework based on machine learning for the early detection of crypto-ransomware.The features extracted are based on the phases of the ransomware lifecycle. This experiment included five widely used machine learning classifiers: Naïve Bayes, kNN, Support Vector Machines, Random Forest, and J48. This study proposed a pre-encryption detection framework for crypto-ransomware using a machine learning approach. Based on our experiments, support vector machines (SVM) performed with the best accuracy and TPR, 97.05% and 0.995, respectively.

Item Type:	Article
Uncontrolled Keywords:	Ransomware, crypto-ransomware, ransomware early detection, pre-encryption, pre-attack, ransomware lifecycle
Divisions:	Faculty of Information and Communication Technology
Depositing User:	Norfaradilla Idayu Ab. Ghafar
Date Deposited:	12 Apr 2023 10:21
Last Modified:	12 Apr 2023 10:21
URI:	http://eprints.utem.edu.my/id/eprint/26529
Statistic Details:	View Download Statistic

Actions (login required)

View Item