Intelligent Endpoint-based Ransomware Detection Framework

Date

2022-08-18

Authors

Okpongete, Faith

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Over the past couple of decades, ransomware attacks have increased significantly and that calls for more aggressive efforts in building robust detection models to detect and reduce the impact of the attacks. Once attacked, the malware takes over the victims' machines and files by locking or encrypting them. These attacks have also led to huge global financial loss for people, businesses, and government of nations. The cybercriminals who perpetrate these attacks always demand for payment of some ransom in cryptocurrency. Presently, there are three common methods for detecting these ransomware attacks viz static, dynamic, and hybrid detections. Static detection is known to evade detection easily by cryptographic techniques and that is why the dynamic detection was adopted for this project. We trained and tested offline a detection model using the ISOT Ransomware dataset and implemented the proposed model as a standalone endpoint detector. The detector was deployed and evaluated online using new samples from the wild, whereby Cuckoo Sandbox was used to execute and extract the malware features during the experiment. The online evaluation confirmed the offline performance results, which were very encouraging.

Description

Keywords

endpoint detection

Citation