S. M. M Yassin, S. M. Warusia Mohamed and Abdollah, Mohd Faizal and Mohd, Othman and Ariffin, Aswami (2022) RENTAKA: A novel machine learning framework for crypto-ransomware pre-encryption detection. International Journal of Advanced Computer Science and Applications, 13 (5). pp. 378-385. ISSN 2158-107X
Text
RENTAKA.PDF Download (879kB) |
Abstract
Crypto ransomware is malware that locks its victim’s file for ransom using an encryption algorithm. Its popularity has risen at an alarming rate among the cyber community due to several successful worldwide attacks. The encryption employed had caused irreversible damage to the victim’s digital files, even when the victim chose to pay the ransom. As a result, cybercriminals have found ransomware a lucrative and profitable cyber-extortion approach. The increasing computing power, memory, cryptography, and digital currency advancement have caused ransomware attacks. It spreads through phishing emails, encrypting sensitive data, and causing harm to the designated client. Most research in ransomware detection focuses on detecting during the encryption and post-attack phase. However, the damage done by crypto-ransomware is almost impossible to reverse, and there is a need for an early detection mechanism. For early detection of crypto-ransomware, behavior-based detection techniques are the most effective. This work describes RENTAKA, a framework based on machine learning for the early detection of crypto-ransomware.The features extracted are based on the phases of the ransomware lifecycle. This experiment included five widely used machine learning classifiers: Naïve Bayes, kNN, Support Vector Machines, Random Forest, and J48. This study proposed a pre-encryption detection framework for crypto-ransomware using a machine learning approach. Based on our experiments, support vector machines (SVM) performed with the best accuracy and TPR, 97.05% and 0.995, respectively.
Item Type: | Article |
---|---|
Uncontrolled Keywords: | Ransomware, crypto-ransomware, ransomware early detection, pre-encryption, pre-attack, ransomware lifecycle |
Divisions: | Faculty of Information and Communication Technology |
Depositing User: | Norfaradilla Idayu Ab. Ghafar |
Date Deposited: | 12 Apr 2023 10:21 |
Last Modified: | 12 Apr 2023 10:21 |
URI: | http://eprints.utem.edu.my/id/eprint/26529 |
Statistic Details: | View Download Statistic |
Actions (login required)
View Item |