Abstract
Ransomware is one of the most dangerous types of malware, which is frequently intended to spread through a network to damage the designated client by encrypting the client’s vulnerable data. Conventional signature-based ransomware detection technique falls behind because it can only detect known anomalies. When it comes to new and non-familiar ransomware traditional system unveils huge shortcomings. For detecting unknown patterns and sorts of new ransomware families, behavior-based anomaly detection approaches are likely to be the most efficient approach. In the wake of this alarming condition, this paper presents an ensemble classification model consisting of three widely used machine learning techniques that include decision tree (DT), random forest (RF), and K-nearest neighbor (KNN). To achieve the best outcome, ensemble soft voting and hard voting techniques are used while classifying ransomware families based on attack attributes. Performance analysis is done by comparing our proposed ensemble models with standalone models on behavioral attributes-based ransomware dataset.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Alaeiyan M, Parsa S, Conti M (2019) Analysis and classification of context-based malware behavior. Comput Commun 136:76–90
Bazrafshan Z, Hashemi H, Fard SMH, Hamzeh A (2013) A survey on heuristic malware detection techniques. In: The 5th conference on information and knowledge technology. IEEE, pp 113–120
Bendovschi A (2015) Cyber-attacks-trends, patterns and security countermeasures. Proced Econom Finance 28:24–31
Brewer R (2016) Ransomware attacks: detection, prevention and cure. Netw Secur 2016(9):5–9
Canfora G, Di Sorbo A, Mercaldo F, Visaggio CA (2015) Obfuscation techniques against signature-based detection: a case study. In: 2015 Mobile systems technologies workshop (MST). IEEE, pp 21–26
Chen Q, Bridges RA (2017) Automated behavioral analysis of malware: a case study of wannacry ransomware. In: 2017 16th IEEE international conference on machine learning and applications (ICMLA). IEEE, pp 454–460
Daku H, Zavarsky P, Malik Y (2018) Behavioral-based classification and identification of ransomware variants using machine learning. In: 2018 17th IEEE international conference on trust, security and privacy in computing and communications/12th IEEE international conference on big data science and engineering (TrustCom/BigDataSE). IEEE, pp 1560–1564
Ferrag MA, Maglaras L, Moschoyiannis S, Janicke H (2020) Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. J Inf Secur Appl 50:102419
Galal HS, Mahdy YB, Atiea MA (2016) Behavior-based features model for malware detection. J Comput Virology Hack Tech 12(2):59–67
Kruegel C, Vigna G (2003) Anomaly detection of web-based attacks. In: Proceedings of the 10th ACM conference on computer and communications security, pp 251–261
Lee C, Lee GG (2006) Information gain and divergence-based feature selection for machine learning-based text categorization. Inf Proc Manage 42(1):155–165
Patcha A, Park JM (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput Netw 51(12):3448–3470
Pektaş A, Acarman T (2017) Classification of malware families based on runtime behaviors. J Inf Secur Appl 37:91–100
Pirscoveanu RS, Hansen SS, Larsen TM, Stevanovic M, Pedersen JM, Czech A (2015) Analysis of malware behavior: type classification using machine learning. In: 2015 International conference on cyber situational awareness, data analytics and assessment (CyberSA), IEEE, pp 1–7
Roobaert D, Karakoulas G, Chawla NV (2006) Information gain, correlation and support vector machines. In: Feature extraction. Springer, pp 463–470
Sarker IH (2021) Cyberlearning: effectiveness analysis of machine learning security modeling to detect cyber-anomalies and multi-attacks. Internet of Things 14:100393
Sarker IH (2021) Deep learning: a comprehensive overview on techniques, taxonomy, applications and research directions. SN Comput Sci 2(6):1–20
Sarker IH (2021) Machine learning: algorithms, real-world applications and research directions. SN Comput Sci 2(3):1–21
Sarker IH, Furhad MH, Nowrozy R (2021) Ai-driven cybersecurity: an overview, security intelligence modeling and research directions. SN Comput Sci 2(3):1–18
Zhang H, **ao X, Mercaldo F, Ni S, Martinelli F, Sangaiah AK (2019) Classification of ransomware families with machine learning based on n-gram of opcodes. Future Generat Comput Syst 90:211–221
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Tasnim, N., Shahriar, K.T., Alqahtani, H., Sarker, I.H. (2022). Ransomware Family Classification with Ensemble Model Based on Behavior Analysis. In: Skala, V., Singh, T.P., Choudhury, T., Tomar, R., Abul Bashar, M. (eds) Machine Intelligence and Data Science Applications. Lecture Notes on Data Engineering and Communications Technologies, vol 132. Springer, Singapore. https://doi.org/10.1007/978-981-19-2347-0_48
Download citation
DOI: https://doi.org/10.1007/978-981-19-2347-0_48
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-2346-3
Online ISBN: 978-981-19-2347-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)