A Digital DNA Sequencing Engine for Ransomware Detection Using Machine Learning

Firoz Khan, Cornelius Ncube, R.Lakshmana Kumar, Seifedine Kadry, Yunyoung Nam
2020 IEEE Access  
Malware is 'malicious software' programs that carry out many of the cyberattacks on the Internet, including cybercrime, fraud, scams and nation-state cyberwar. These malicious software programs come in a wide range of different classifications such as viruses, Trojans, worms, spyware, botnet malware, ransomware, Rootkit, etc. Ransomware is class of malware that holds the victim's data hostage by encrypting the data on a user's computer to make it unavailable to the user and only decrypt it
more » ... nly decrypt it after the user pays a ransom in the form of a sum of money. To avoid detection, different variants of ransomware utilise one or more techniques in their attack flow including Machine Learning (ML) algorithms. There is, therefore, a need to understand the techniques used ransomware development and their deployment strategy in order to understand their attack flow better to develop appropriate countermeasures. In this paper, we propose DNAact-Ran, A Digital DNA Sequencing Engine for Ransomware Detection Using Machine Learning. DNAact-Ran utilises Digital DNA sequencing design constraints and k-mer frequency vector. To measure the efficacy of the proposed approach, we evaluated DNAact-Run on 582 ransomware and 942 goodware instances to measure the performance of precision, recall, f-measure and accuracy. Compared to other methods, the evaluation results show that DNAact-Run can predict and detect ransomware accurately and effectively. INDEX TERMS Ransomware, digital DNA sequence, machine learning, active learning.
doi:10.1109/access.2020.3003785 fatcat:mvpaco4hzbbhzkzrmwkue5nlsm