Cover Image

Ransomware detection based on opcode behaviour using k-nearest neighbours algorithm

Ransomware is a malware that represents a serious threat to a user’s information privacy. By investigating how ransomware works, we may be able to recognise its atomic behaviour. In return, we will be able to detect the ransomware at an earlier stage with better accuracy. In this paper, we propose C...

Full description

Saved in:
Bibliographic Details
Main Authors: Stiawan, Deris, Daely, Somame Morianus, Heryanto, Ahmad, Nurul Afifah, Nurul Afifah, Idris, Mohd. Yazid, Budiarto, Rahmat
Format: Article
Language:English
Published: Kauno Technologijos Universitetas 2021
Subjects:
QA75 Electronic computers. Computer science
Online Access:http://eprints.utm.my/id/eprint/93981/1/MohdYazidIdris2021_RansomwareDetectionBasedonOpcode.pdf
http://eprints.utm.my/id/eprint/93981/
http://dx.doi.org/10.5755/j01.itc.50.3.25816
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.utm.93981
record_format eprints
spelling my.utm.939812022-02-28T13:27:07Z http://eprints.utm.my/id/eprint/93981/ Ransomware detection based on opcode behaviour using k-nearest neighbours algorithm Stiawan, Deris Daely, Somame Morianus Heryanto, Ahmad Nurul Afifah, Nurul Afifah Idris, Mohd. Yazid Budiarto, Rahmat QA75 Electronic computers. Computer science Ransomware is a malware that represents a serious threat to a user’s information privacy. By investigating how ransomware works, we may be able to recognise its atomic behaviour. In return, we will be able to detect the ransomware at an earlier stage with better accuracy. In this paper, we propose Control Flow Graph (CFG) as an extracting opcode behaviour technique, combined with 4-gram (sequence of 4 “words”) to extract opcode sequence to be incorporated into Trojan Ransomware detection method using K-Nearest Neighbors (K-NN) algorithm. The opcode CFG 4-gram can fully represent the detailed behavioural characteristics of Trojan Ran-somware. The proposed ransomware detection method considers the closest distance to a previously identified ransomware pattern. Experimental results show that the proposed technique using K-NN, obtains the best accuracy of 98.86% for 1-gram opcode and using 1-NN classifier. Kauno Technologijos Universitetas 2021-09-24 Article PeerReviewed application/pdf en http://eprints.utm.my/id/eprint/93981/1/MohdYazidIdris2021_RansomwareDetectionBasedonOpcode.pdf Stiawan, Deris and Daely, Somame Morianus and Heryanto, Ahmad and Nurul Afifah, Nurul Afifah and Idris, Mohd. Yazid and Budiarto, Rahmat (2021) Ransomware detection based on opcode behaviour using k-nearest neighbours algorithm. Information Technology and Control, 50 (3). pp. 495-506. ISSN 1392-124X http://dx.doi.org/10.5755/j01.itc.50.3.25816 DOI:10.5755/j01.itc.50.3.25816
institution Universiti Teknologi Malaysia
building UTM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Malaysia
content_source UTM Institutional Repository
url_provider http://eprints.utm.my/
language English
topic QA75 Electronic computers. Computer science
spellingShingle QA75 Electronic computers. Computer science
Stiawan, Deris
Daely, Somame Morianus
Heryanto, Ahmad
Nurul Afifah, Nurul Afifah
Idris, Mohd. Yazid
Budiarto, Rahmat
Ransomware detection based on opcode behaviour using k-nearest neighbours algorithm
description Ransomware is a malware that represents a serious threat to a user’s information privacy. By investigating how ransomware works, we may be able to recognise its atomic behaviour. In return, we will be able to detect the ransomware at an earlier stage with better accuracy. In this paper, we propose Control Flow Graph (CFG) as an extracting opcode behaviour technique, combined with 4-gram (sequence of 4 “words”) to extract opcode sequence to be incorporated into Trojan Ransomware detection method using K-Nearest Neighbors (K-NN) algorithm. The opcode CFG 4-gram can fully represent the detailed behavioural characteristics of Trojan Ran-somware. The proposed ransomware detection method considers the closest distance to a previously identified ransomware pattern. Experimental results show that the proposed technique using K-NN, obtains the best accuracy of 98.86% for 1-gram opcode and using 1-NN classifier.
format Article
author Stiawan, Deris
Daely, Somame Morianus
Heryanto, Ahmad
Nurul Afifah, Nurul Afifah
Idris, Mohd. Yazid
Budiarto, Rahmat
author_facet Stiawan, Deris
Daely, Somame Morianus
Heryanto, Ahmad
Nurul Afifah, Nurul Afifah
Idris, Mohd. Yazid
Budiarto, Rahmat
author_sort Stiawan, Deris
title Ransomware detection based on opcode behaviour using k-nearest neighbours algorithm
title_short Ransomware detection based on opcode behaviour using k-nearest neighbours algorithm
title_full Ransomware detection based on opcode behaviour using k-nearest neighbours algorithm
title_fullStr Ransomware detection based on opcode behaviour using k-nearest neighbours algorithm
title_full_unstemmed Ransomware detection based on opcode behaviour using k-nearest neighbours algorithm
title_sort ransomware detection based on opcode behaviour using k-nearest neighbours algorithm
publisher Kauno Technologijos Universitetas
publishDate 2021
url http://eprints.utm.my/id/eprint/93981/1/MohdYazidIdris2021_RansomwareDetectionBasedonOpcode.pdf
http://eprints.utm.my/id/eprint/93981/
http://dx.doi.org/10.5755/j01.itc.50.3.25816
_version_ 1726791463138754560
score 13.209306

Similar Items