Ransomware Analysis using Feature Engineering and Deep Neural Networks

内容摘要

Detection and analysis of a potential malware specifically, used for ransom is a challenging task. Recently, intruders are utilizing advanced cryptographic techniques to get hold of digital assets and then demand a ransom. It is believed that generally, the files comprise of some attributes, states, and patterns that can be recognized by a machine learning technique. This work thus focuses on the detection of Ransomware by performing feature engineering, which helps in analyzing vital attributes and behaviors of the malware. The main contribution of this work is the identification of important and distinct characteristics of Ransomware that can help in detecting them. Finally, based on the selected features, both conventional machine learning techniques and Transfer Learning based Deep Convolutional Neural Networks have been used to detect Ransomware. In order to perform feature engineering and analysis, two separate datasets (static and dynamic) were generated. The static dataset has 3646 samples (1700 Ransomware and 1946 Goodware). On the other hand, the dynamic dataset comprised of 3444 samples (1455 Ransomware and 1989 Goodware). Through various experiments, it is observed that