Ransomware detection based on opcode behaviour using k-nearest neighbours algorithm
Ransomware is a malware that represents a serious threat to a user’s information privacy. By investigating how ransomware works, we may be able to recognise its atomic behaviour. In return, we will be able to detect the ransomware at an earlier stage with better accuracy. In this paper, we propose C...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Kauno Technologijos Universitetas
2021
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/93981/1/MohdYazidIdris2021_RansomwareDetectionBasedonOpcode.pdf http://eprints.utm.my/id/eprint/93981/ http://dx.doi.org/10.5755/j01.itc.50.3.25816 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Ransomware is a malware that represents a serious threat to a user’s information privacy. By investigating how ransomware works, we may be able to recognise its atomic behaviour. In return, we will be able to detect the ransomware at an earlier stage with better accuracy. In this paper, we propose Control Flow Graph (CFG) as an extracting opcode behaviour technique, combined with 4-gram (sequence of 4 “words”) to extract opcode sequence to be incorporated into Trojan Ransomware detection method using K-Nearest Neighbors (K-NN) algorithm. The opcode CFG 4-gram can fully represent the detailed behavioural characteristics of Trojan Ran-somware. The proposed ransomware detection method considers the closest distance to a previously identified ransomware pattern. Experimental results show that the proposed technique using K-NN, obtains the best accuracy of 98.86% for 1-gram opcode and using 1-NN classifier. |
|---|