Ransomware detection using process mining and classification algorithms
Title | Ransomware detection using process mining and classification algorithms |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Bahrani, Ala, Bidgly, Amir Jalaly |
Conference Name | 2019 16th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) |
Keywords | Classification algorithms, composability, computing power, cryptology, data mining, detection ransomwares, feature extraction, Human Behavior, Internet, Internet users, invasive software, J48, Metrics, pattern classification, policy-based governance, process mining, process mining methods, process model, pubcrawl, Random Forest, random forest algorithms, ransomware, ransomware attacks, ransomware detection, Resiliency, Scalability |
Abstract | The fast growing of ransomware attacks has become a serious threat for companies, governments and internet users, in recent years. The increasing of computing power, memory and etc. and the advance in cryptography has caused the complicating the ransomware attacks. Therefore, effective methods are required to deal with ransomwares. Although, there are many methods proposed for ransomware detection, but these methods are inefficient in detection ransomwares, and more researches are still required in this field. In this paper, we have proposed a novel method for identify ransomware from benign software using process mining methods. The proposed method uses process mining to discover the process model from the events logs, and then extracts features from this process model and using these features and classification algorithms to classify ransomwares. This paper shows that the use of classification algorithms along with the process mining can be suitable to identify ransomware. The accuracy and performance of our proposed method is evaluated using a study of 21 ransomware families and some benign samples. The results show j48 and random forest algorithms have the best accuracy in our method and can achieve to 95% accuracy in detecting ransomwares. |
DOI | 10.1109/ISCISC48546.2019.8985149 |
Citation Key | bahrani_ransomware_2019 |
- pattern classification
- Resiliency
- ransomware detection
- ransomware attacks
- Ransomware
- random forest algorithms
- Random Forest
- Scalability
- pubcrawl
- policy-based governance
- process model
- process mining methods
- process mining
- Classification algorithms
- Metrics
- J48
- invasive software
- Internet users
- internet
- Human behavior
- feature extraction
- detection ransomwares
- Data mining
- cryptology
- computing power
- composability