Visible to the public Ransomware detection using process mining and classification algorithms

TitleRansomware detection using process mining and classification algorithms
Publication TypeConference Paper
Year of Publication2019
AuthorsBahrani, Ala, Bidgly, Amir Jalaly
Conference Name2019 16th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)
KeywordsClassification algorithms, composability, computing power, cryptology, data mining, detection ransomwares, feature extraction, Human Behavior, Internet, Internet users, invasive software, J48, Metrics, pattern classification, policy-based governance, process mining, process mining methods, process model, pubcrawl, Random Forest, random forest algorithms, ransomware, ransomware attacks, ransomware detection, Resiliency, Scalability
Abstract

The fast growing of ransomware attacks has become a serious threat for companies, governments and internet users, in recent years. The increasing of computing power, memory and etc. and the advance in cryptography has caused the complicating the ransomware attacks. Therefore, effective methods are required to deal with ransomwares. Although, there are many methods proposed for ransomware detection, but these methods are inefficient in detection ransomwares, and more researches are still required in this field. In this paper, we have proposed a novel method for identify ransomware from benign software using process mining methods. The proposed method uses process mining to discover the process model from the events logs, and then extracts features from this process model and using these features and classification algorithms to classify ransomwares. This paper shows that the use of classification algorithms along with the process mining can be suitable to identify ransomware. The accuracy and performance of our proposed method is evaluated using a study of 21 ransomware families and some benign samples. The results show j48 and random forest algorithms have the best accuracy in our method and can achieve to 95% accuracy in detecting ransomwares.

DOI10.1109/ISCISC48546.2019.8985149
Citation Keybahrani_ransomware_2019