RENTAKA: A Novel Machine Learning Framework for Crypto-Ransomware Pre-encryption Detection

Wira Z. A. Zakaria, Mohd Faizal Abdollah, Othman Mohd, S. M. Warusia Mohamed S. M. M Yassin, Aswami Ariffin
2022 International Journal of Advanced Computer Science and Applications  
Crypto ransomware is malware that locks its victim's file for ransom using an encryption algorithm. Its popularity has risen at an alarming rate among the cyber community due to several successful worldwide attacks. The encryption employed had caused irreversible damage to the victim's digital files, even when the victim chose to pay the ransom. As a result, cybercriminals have found ransomware a lucrative and profitable cyber-extortion approach. The increasing computing power, memory,
more » ... phy, and digital currency advancement have caused ransomware attacks. It spreads through phishing emails, encrypting sensitive data, and causing harm to the designated client. Most research in ransomware detection focuses on detecting during the encryption and post-attack phase. However, the damage done by cryptoransomware is almost impossible to reverse, and there is a need for an early detection mechanism. For early detection of cryptoransomware, behavior-based detection techniques are the most effective. This work describes RENTAKA, a framework based on machine learning for the early detection of crypto-ransomware. The features extracted are based on the phases of the ransomware lifecycle. This experiment included five widely used machine learning classifiers: Naïve Bayes, kNN, Support Vector Machines, Random Forest, and J48. This study proposed a preencryption detection framework for crypto-ransomware using a machine learning approach. Based on our experiments, support vector machines (SVM) performed with the best accuracy and TPR, 97.05% and 0.995, respectively.
doi:10.14569/ijacsa.2022.0130545 fatcat:bzaelbeyrfahzgbvkcqgvwjw7u