Visible to the public Detecting Ransomware Using Support Vector Machines

TitleDetecting Ransomware Using Support Vector Machines
Publication TypeConference Paper
Year of Publication2018
AuthorsTakeuchi, Yuki, Sakai, Kazuya, Fukumoto, Satoshi
Conference NameProceedings of the 47th International Conference on Parallel Processing Companion
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-6523-9
Keywordscomposability, malware detection, Metrics, pubcrawl, ransomware, Resiliency, Support vector machines
AbstractRansomeware is the most prevalent malicious software in 2017 that encrypts the files in a victim's machine and demands money, i.e., ransom, for decrypting the files. The global damage cost and financial losses of individuals and organizations due to ransomware is increasing year by year. Therefore, fighting against ransomware is an urgent issue. In this paper, we propose a ransomware detection scheme using support vector machines (SVMs), which is one of supervised machine learning algorithms. The key idea of the proposed scheme is to let a SVM learn the API calls of ransomware as its features so that the SVM detects unseen ransomware. Unlike the existing solutions, our scheme looks into the API call history in more detail. The testbeds using real 276 ransomware with San-box demonstrate that the proposed scheme improves the correct detection rate of ransomware.
URLhttp://doi.acm.org/10.1145/3229710.3229726
DOI10.1145/3229710.3229726
Citation Keytakeuchi_detecting_2018