• Corpus ID: 203610539

Ransomware Analysis using Feature Engineering and Deep Neural Networks

  title={Ransomware Analysis using Feature Engineering and Deep Neural Networks},
  author={Arslan Ashraf and Abdul Aziz and Umme Zahoora and Asifullah Khan},
Detection and Analysis of a potential malware specifically, used for ransom is a challenging task. Recently, intruders are utilizing advance cryptographic techniques to get hold of digital assets and then demand ransom. It is believed that generally, the files comprise of some attributes, states, and patterns that can be recognized by a machine learning technique. This work thus focuses on detection of Ransomware by performing feature engineering, which helps in analyzing vital attributes and… 

A New Method for Ransomware Detection Based on PE Header Using Convolutional Neural Networks

  • F. ManaviA. Hamzeh
  • Computer Science
    2020 17th International ISC Conference on Information Security and Cryptology (ISCISC)
  • 2020
A new method for ransomware detection is proposed that does not require running the program and uses the PE header of the executable files, and an image based on PE header is constructed and achieves 93.33% accuracy.

Detecting ransomware attacks using intelligent algorithms: recent development and next direction from deep learning and big data perspectives

The survey shows that there is a growing interest in recent times on the application of intelligent algorithms for ransomware detection, and future research opportunities from the perspective of deep learning and big data analytics to solve the challenges identified from the survey are outlined.

A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions

A comprehensive survey on ransomware and ransomware defense research with respect to PCs/workstations, mobile devices, and IoT/CPS platforms over the period of 1990-2020 is presented, giving a detailed overview of ransomware evolution and comprehensively analyze the key building blocks of ransomware.

Ransomware Detection Using the Dynamic Analysis and Machine Learning: A Survey and Research Directions

This study provides an ample list of future directions which will pave the way for future research in ransomware detection utilizing machine learning, deep learning, and blend of both techniques while capitalizing on the advantages of dynamic analysis for the ransomware detection.

Ransomware Detection using Process Memory

The study confirms the feasibility of utilizing process memory as a detection mechanism for ransomware and uses the process memory access privileges of the different memory regions of the behavior of an executable to quickly determine its intent before serious harm can occur.

Trends and Future Directions in Automated Ransomware Detection

The chronology of ransomware attacks from its inception in 1989 to the latest attacks occurring in 2021 is presented, which provides readers with an up-to-date knowledge of the state-of-the-art in ransomware detection.

Dwarf Mongoose Optimization with Machine-Learning-Driven Ransomware Detection in Internet of Things Environment

This study presents a new model of dwarf mongoose optimization with machine-learning-driven ransomware detection (DWOML-RWD), mainly developed for the recognition and classification of goodware/ransomware.

A method for detecting false positives in procedure of malware analysis

A model of malicious software based on the “behavioral” attribute of malicious objects is described in the paper and the possibility of determining false positive by the clustering method is discussed.



Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection

EldeRan, a machine learning approach for dynamically analysing and classifying ransomware, is presented, suggesting that dynamic analysis can support ransomware detection, since ransomware samples exhibit a set of characteristic features at run-time that are common across families, and that helps the early detection of new variants.

Intrusion detection using deep sparse auto-encoder and self-taught learning

Self-taught learning-based extracted features, when concatenated with the original features of NSL-KDD dataset, enhance the performance of the sparse auto-encoder and offers good generalization in comparison with the sparse Autoencoder trained on original features alone.

Deep Learning for Classification of Malware System Call Sequences

The increase in number and variety of malware samples amplifies the need for improvement in automatic detection and classification of the malware variants, and neural network methodology has been grown to the state that can surpass limitations of previous machine learning methods.

Deep neural network based malware detection using two dimensional binary program features

A deep neural network based malware detection system that Invincea has developed is introduced, which achieves a usable detection rate at an extremely low false positive rate and scales to real world training example volumes on commodity hardware.

Automated Behavioral Analysis of Malware: A Case Study of WannaCry Ransomware

  • Qian ChenR. Bridges
  • Computer Science
    2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA)
  • 2017
This work introduces a method to identify and rank the most discriminating ransomware features from a set of ambient (non-attack) system logs and at least one log stream containing both ambient and ransomware behavior, which can help automate tedious manual analysis.


The origin, evolution and growth of ransomware is discussed, the various families of ransomware, their attacks and prevention from these attacks have been presented, and various parameters contributing the growth of these attacks in todays’ technologically advanced world are discussed.

Static and Dynamic Malware Analysis Using Machine Learning

The dynamic analysis has some limitations due to controlled network behavior and it cannot be analyzed completely due to limited access of network, so the static analysis is not effective due to tricky and intelligent behaviours of malwares.