A Survey of Crypto Ransomware Attack Detection Methodologies: An Evolving Outlook
Abstract
:1. Introduction
- Identify and discuss existing research related to crypto ransomware attacks, as the more challenging form of ransomware families.
- A comprehensive critical analysis of state-of-the-art detection solutions with the focus on the methods, means and techniques used at every phase of the detection model.
- A focus on existing solutions that adopt machine learning for feature extraction, selection and modeling.
- Identification of open issues as potential directions for further research endeavors.
2. Related Work
3. Crypto Ransomware Detection Approaches
3.1. Data Centric-Based Approaches
3.2. Process-Centric-Based Approach
3.2.1. Event-Based Detection
3.2.2. Machine Learning-Based Detection
Delayed Detection
Early Detection
4. Related Techniques for Building Early Detection Models
5. Feature Extraction Techniques
6. Features Selection Techniques
7. Detection Techniques
8. Limitations of Existing Research in Ransomware Early Detection
9. Limitations Related to Pre-Encryption Features Extraction
10. Limitations Related to Feature Selection
11. Limitations Related to Detection Model Design
12. Discussion and Research Directions
13. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Al-rimy, B.A.S.; Maarof, M.A.; Shaid, S.Z.M. A 0-Day Aware Crypto-Ransomware Early Behavioral Detection Framework; Springer International Publishing: Cham, Germany, 2018. [Google Scholar]
- Al-rimy, B.A.S.; Maarof, M.A.; Prasetyo, Y.A.; Shaid, S.Z.M.; Ariffin, A.F.M. Zero-day aware decision fusion-based model for crypto-ransomware early detection. Int. J. Integr. Eng. 2018, 10. [Google Scholar] [CrossRef]
- Aboaoja, F.A.; Zainal, A.; Ghaleb, F.A.; Al-rimy, B.A.S. Toward an Ensemble Behavioral-based Early Evasive Malware Detection Framework. In Proceedings of the 2021 International Conference on Data Science and Its Applications (ICoDSA), Bandung, Indonesia, 6–7 October 2021; IEEE: Piscataway, NJ, USA, 2021. [Google Scholar]
- Al-rimy, B.A.S.; Maarof, M.A.; Shaid, S.Z.M. Crypto-ransomware early detection model using novel incremental bagging with enhanced semi-random subspace selection. Future Gener. Comput. Syst. 2019, 101, 476–491. [Google Scholar] [CrossRef]
- Al-Rimy, B.A.S.; Maarof, M.A.; Alazab, M.; Shaid, S.Z.M.; Ghaleb, F.A.; Almalawi, A.; Ali, A.M.; Al-Hadhrami, T. Redundancy coefficient gradual up-weighting-based mutual information feature selection technique for crypto-ransomware early detection. Future Gener. Comput. Syst. 2021, 115, 641–658. [Google Scholar] [CrossRef]
- Ahmed, Y.A.; Koçer, B.; Huda, S.; Al-rimy, B.A.S.; Hassan, M.M. A system call refinement-based enhanced Minimum Redundancy Maximum Relevance method for ransomware early detection. J. Netw. Comput. Appl. 2020, 167, 102753. [Google Scholar] [CrossRef]
- Al-Rimy, B.A.S.; Maarof, M.A.; Alazab, M.; Alsolami, F.; Shaid, S.Z.M.; Ghaleb, F.A.; Al-Hadhrami, T.; Ali, A.M. A pseudo feedback-based annotated TF-IDF technique for dynamic crypto-ransomware pre-encryption boundary delineation and features extraction. IEEE Access 2020, 8, 140586–140598. [Google Scholar] [CrossRef]
- Urooj, U.; Maarof, M.A.B.; Al-rimy, B.A.S. A proposed Adaptive Pre-Encryption Crypto-Ransomware Early Detection Model. In Proceedings of the 2021 3rd International Cyber Resilience Conference (CRC), Langkawi Island, Malaysia, 29–31 January 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 1–6. [Google Scholar]
- Olaimat, M.N.; Maarof, M.A.; Al-rimy, B.A.S. Ransomware Anti-Analysis and Evasion Techniques: A Survey and Research Directions. In Proceedings of the 2021 3rd International Cyber Resilience Conference (CRC), Langkawi Island, Malaysia, 29–31 January 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 1–6. [Google Scholar]
- Al-rimy, B.A.S.; Maarof, M.A.; Shaid, S.Z.M. Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions. Comput. Secur. 2018, 74, 144–166. [Google Scholar] [CrossRef]
- Herrera Silva, J.A.; Barona López, L.I.; Valdivieso Caraguay, Á.L.; Hernández-Álvarez, M. A survey on situational awareness of ransomware attacks—detection and prevention parameters. Remote Sens. 2019, 11, 1168. [Google Scholar] [CrossRef] [Green Version]
- Moussaileb, R.; Cuppens, N.; Lanet, J.-L.; Bouder, H.L. A Survey on Windows-based Ransomware Taxonomy and Detection Mechanisms. ACM Comput. Surv. (CSUR) 2021, 54, 1–36. [Google Scholar] [CrossRef]
- Tandon, A.; Nayyar, A. A comprehensive survey on ransomware attack: A growing havoc cyberthreat. Data Manag. Anal. Innov. 2019, 403–420. [Google Scholar]
- Sharma, S.; Kumar, R.; Rama Krishna, C. A survey on analysis and detection of Android ransomware. Concurr. Comput. Pract. Exp. 2021, 33, e6272. [Google Scholar] [CrossRef]
- Bello, I.; Chiroma, H.; Abdullahi, U.A.; Gital, A.Y.u.; Jauro, F.; Khan, A.; Okesola, J.O.; Abdulhamid, S.I.M. Detecting ransomware attacks using intelligent algorithms: Recent development and next direction from deep learning and big data perspectives. J. Ambient Intell. Humaniz. Comput. 2021, 12, 8699–8717. [Google Scholar] [CrossRef]
- Urooj, U.; Al-rimy, B.A.S.; Zainal, A.; Ghaleb, F.A.; Rassam, M.A. Ransomware Detection Using the Dynamic Analysis and Machine Learning: A Survey and Research Directions. Appl. Sci. 2022, 12, 172. [Google Scholar] [CrossRef]
- No More Ransome. Available online: https://www.nomoreransom.org/en/index.html (accessed on 11 October 2021).
- Crypto-Ransomware. Available online: https://www.f-secure.com/v-descs/articles/crypto-ransomware.shtml (accessed on 11 October 2021).
- Rhee, J.; Riley, R.; Lin, Z.; Jiang, X.; Xu, D. Data-Centric OS Kernel Malware Characterization. IEEE Trans. Inf. Forensics Secur. 2014, 9, 72–87. [Google Scholar] [CrossRef]
- Morato, D.; Berrueta, E.; Magaña, E.; Izal, M. Ransomware early detection by the analysis of file sharing traffic. J. Netw. Comput. Appl. 2018, 124, 14–32. [Google Scholar] [CrossRef]
- Jung, S.; Won, Y. Ransomware detection method based on context-aware entropy analysis. Soft Comput. 2018, 22, 6731–6740. [Google Scholar] [CrossRef]
- Gomez-Hernandez, J.A.; Alvarez-Gonzalez, L.; Garcia-Teodoro, P. R-Locker: Thwarting ransomware action through a honeyfile-based approach. Comput. Secur. 2018, 73, 389–398. [Google Scholar] [CrossRef] [Green Version]
- Mehnaz, S.; Mudgerikar, A.; Bertino, E. RWGuard: A real-time detection system against cryptographic ransomware. In Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Springer: Berlin/Heidelberg, Germany, 2018; pp. 114–136. [Google Scholar]
- Scaife, N.; Carter, H.; Traynor, P.; Butler, K.R. CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data. In Proceedings of the 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), Nara, Japan, 27–30 June 2016. [Google Scholar]
- Sotelo Monge, M.A.; Vidal, J.M.; García Villalba, L.J. A novel self-organizing network solution towards crypto-ransomware mitigation. In Proceedings of the 13th International Conference on Availability, Reliability and Security, ARES, Hamburg, Germany, 27–30 August 2018; Association for Computing Machinery: New York, NY, USA, 2018; p. 48. [Google Scholar]
- Cabaj, K.; Gregorczyk, M.; Mazurczyk, W. Software-Defined Networking-based Crypto Ransomware Detection Using HTTP Traffic Characteristics. arXiv 2016, arXiv:1611.08294. [Google Scholar] [CrossRef] [Green Version]
- Kharraz, A.; Arshad, S.; Mulliner, C.; Robertson, W.; Kirda, E. UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware; 2016. In Proceedings of the 25th USENIX Security Symposium (USENIX Security 16), Austin, TX, USA, 10–12 August 2016. [Google Scholar]
- Rhode, M.; Burnap, P.; Jones, K. Early-stage malware prediction using recurrent neural networks. Comput. Secur. 2018, 77, 578–594. [Google Scholar] [CrossRef]
- Conti, M.; Gangwal, A.; Ruj, S. On the economic significance of ransomware campaigns: A Bitcoin transactions perspective. Comput. Secur. 2018, 79, 162–189. [Google Scholar] [CrossRef] [Green Version]
- Zhang, H.Q.; Xiao, X.; Mercaldo, F.; Ni, S.G.; Martinelli, F.; Sangaiah, A.K. Classification of ransomware families with machine learning based on N-gram of opcodes. Future Gener. Comput. Syst.-Int. J. Escience 2019, 90, 211–221. [Google Scholar] [CrossRef]
- Homayoun, S.; Dehghantanha, A.; Ahmadzadeh, M.; Hashemi, S.; Khayami, R.; Choo, K.K.R.; Newton, D.E. DRTHIS: Deep ransomware threat hunting and intelligence system at the fog layer. Future Gener. Comput. Syst.-Int. J. Escience 2019, 90, 94–104. [Google Scholar] [CrossRef]
- Wan, Y.-L.; Chang, J.-C.; Chen, R.-J.; Wang, S.-J. Feature-Selection-Based Ransomware Detection with Machine Learning of Data Analysis. In Proceedings of the 3rd International Conference on Computer and Communication Systems, Nagoya, Japan, 27–30 April 2018; IEEE: Piscataway, NJ, USA, 2018; pp. 85–88. [Google Scholar]
- Nissim, N.; Lapidot, Y.; Cohen, A.; Elovici, Y. Trusted system-calls analysis methodology aimed at detection of compromised virtual machines using sequential mining. Knowl. Based Syst. 2018, 153, 147–175. [Google Scholar] [CrossRef]
- Cusack, G.; Michel, O.; Keller, E. Machine Learning-Based Detection of Ransomware Using SDN. In Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, Tempe, AZ, USA, 28 April 2018; pp. 1–6. [Google Scholar]
- Cohen, A.; Nissim, N. Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory. Expert Syst. Appl. 2018, 102, 158–178. [Google Scholar] [CrossRef]
- Alhawi, O.M.K.; Baldwin, J.; Dehghantanha, A. Leveraging machine learning techniques for windows ransomware network traffic detection. In Advances in Information Security; Springer: New York, NY, USA, 2018; Volume 70, pp. 93–106. [Google Scholar]
- Vinayakumar, R.; Soman, K.P.; Velan, K.K.S.; Ganorkar, S. Evaluating shallow and deep networks for ransomware detection and classification. In Proceedings of the 2017 International Conference on Advances in Computing, Communications and Informatics, ICACCI 2017, Karnataka, India, 13–16 September 2017; pp. 259–265. [Google Scholar]
- Taylor, M. Ransomware Detection Using Machine Learning and Physical Sensor Data. Master’s Thesis, Southern Methodist University, Ann Arbor, MI, USA, 2017. [Google Scholar]
- Maniath, S.; Ashok, A.; Poornachandran, P.; Sujadevi, V.G.; Sankar, A.U.P.; Jan, S. Deep learning LSTM based ransomware detection. In Proceedings of the 2017 Recent Developments in Control, Automation & Power Engineering (RDCAPE), Noida, India, 26–27 October 2017; pp. 442–446. [Google Scholar]
- Homayoun, S.; Dehghantanha, A.; Ahmadzadeh, M.; Hashemi, S.; Khayami, R. Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence. IEEE Trans. Emerg. Top. Comput. 2017, 8, 341–351. [Google Scholar] [CrossRef]
- Shahriari, M.M.A.H.R. 2entFOX: A Framework for High Survivable Ransomwares Detection. In Proceedings of the 2015 12th International Iranian Society of Cryptology Conference on Information Security and Cryptology, Guilan, Iran, 8–10 September 2015; University of Guilan: Rasht, Iran, 2015; pp. 79–84. [Google Scholar]
- Sgandurra, D.; Muñoz-González, L.; Mohsen, R.; Lupu, E.C. Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection. arXiv 2016, arXiv:1609.03020. [Google Scholar]
- Chen, Q.; Bridges, R.A. Automated Behavioral Analysis of Malware A Case Study of WannaCry Ransomware. arXiv 2017, arXiv:1709.08753. [Google Scholar]
- Daku, H.; Zavarsky, P.; Malik, Y. Behavioral-Based Classification and Identification of Ransomware Variants Using Machine Learning. In Proceedings of the 2018 17th IEEE International Conference On Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), New York, USA, USA, 1–3 August 2018; pp. 1560–1564. [Google Scholar]
- Krawczyk, B.; Minku, L.L.; Gama, J.; Stefanowski, J.; Woźniak, M. Ensemble learning for data stream analysis: A survey. Inf. Fusion 2017, 37 (Suppl. C), 132–156. [Google Scholar] [CrossRef] [Green Version]
- Jabbar, M.A.; Aluvalu, R.; Reddy, S.S.S. Cluster Based Ensemble Classification for Intrusion Detection System. In Proceedings of the 9th International Conference on Machine Learning and Computing, Singapore, 24–26 February 2017; pp. 253–257. [Google Scholar]
- Bai, J.R.; Wang, J.F. Improving malware detection using multi-view ensemble learning. Secur. Commun. Netw. 2016, 9, 4227–4241. [Google Scholar] [CrossRef]
- Parikh, D.; Polikar, R. An Ensemble-Based Incremental Learning Approach to Data Fusion. IEEE Trans. Syst. Man Cybern. Part B (Cybern.) 2007, 37, 437–450. [Google Scholar] [CrossRef] [Green Version]
- Taylor, M.A.; Smith, K.N.; Thornton, M.A. Sensor-based Ransomware Detection. In Proceedings of the Future Technologies Conference (FTC), Vancouver, BC, Canada, 29–30 November 2017; pp. 1–8. [Google Scholar]
- Lokuketagoda, B.; Weerakoon, M.; Madushan, U.; Senaratne, A.; Abeywardena, K. R-Killer: An Email Based Ransomware Protection Tool. World Acad. Sci. Eng. Technol. Int. J. Comput. Inf. Eng. 2018, 5, 1–7. [Google Scholar]
- Aragorn, T.; YunChun, C.; YiHsiang, K.; Tsungnan, L. Deep Learning for Ransomware Detection. IEICE Tech. Rep. 2016, 116, 87–92. [Google Scholar]
- Abaid, Z.; Sarkar, D.; Kaafar, M.A.; Jha, S. The Early Bird Gets the Botnet: A Markov Chain Based Early Warning System for Botnet Attacks. In Proceedings of the 2016 IEEE 41st Conference on Local Computer Networks (LCN), Dubai, United Arab Emirates, 7–10 November 2016; pp. 61–68. [Google Scholar]
- Mohurle, S.; Patil, M. A brief study of Wannacry Threat: Ransomware Attack 2017. Int. J. Adv. Res. Comput. Sci. 2017, 8, 3. [Google Scholar]
- Che, J.; Yang, Y.; Li, L.; Bai, X.; Zhang, S.; Deng, C. Maximum relevance minimum common redundancy feature selection for nonlinear data. Inf. Sci. 2017, 409, 68–86. [Google Scholar] [CrossRef]
- Das, S.; Liu, Y.; Zhang, W.; Chandramohan, M. Semantics-Based Online Malware Detection: Towards Efficient Real-Time Protection Against Malware. IEEE Trans. Inf. Forensics Secur. 2016, 11, 289–302. [Google Scholar] [CrossRef]
- Chen, K.; Zhang, Z.; Long, J.; Zhang, H. Turning from TF-IDF to TF-IGM for term weighting in text classification. Expert Syst. Appl. 2016, 66, 245–260. [Google Scholar] [CrossRef]
- Li, J.; Cheng, K.; Wang, S.; Morstatter, F.; Trevino, R.P.; Tang, J.; Liu, H. Feature Selection: A Data Perspective. ACM Comput. Surv. 2017, 50, 1–45. [Google Scholar] [CrossRef]
- Ye, Y.; Li, T.; Adjeroh, D.; Iyengar, S.S. A Survey on Malware Detection Using Data Mining Techniques. ACM Comput. Surv. 2017, 50, 1–40. [Google Scholar] [CrossRef]
- Stiborek, J.; Pevny, T.; Rehak, M. Multiple instance learning for malware classification. Expert Syst. Appl. 2018, 93, 346–357. [Google Scholar] [CrossRef] [Green Version]
- Lin, C.-T.; Wang, N.-J.; Xiao, H.; Eckert, C. Feature selection and extraction for malware classification. J. Inf. Sci. Eng. 2015, 31, 965–992. [Google Scholar]
- Fujino, A.; Murakami, J.; Mori, T. Discovering similar malware samples using API call topics. In Proceedings of the 2015 12th Annual IEEE Consumer Communications and Networking Conference, CCNC 2015, Las Vegas, NV, USA, 9–12 January 2015; pp. 140–147. [Google Scholar]
- Yu, B.; Fang, Y.; Yang, Q.; Tang, Y.; Liu, L. A survey of malware behavior description and analysis. Front. Inf. Technol. Electron. Eng. 2018, 19, 583–603. [Google Scholar] [CrossRef]
- Wang, X.; Yang, Y.; Zeng, Y.; Tang, C.; Shi, J.; Xu, K. A Novel Hybrid Mobile Malware Detection System Integrating Anomaly Detection With Misuse Detection. In Proceedings of the 6th International Workshop on Mobile Cloud Computing and Services, Daejeon, South Korea, 5–10 October 2015; ACM: Paris, France, 2015; pp. 15–22. [Google Scholar]
- Damodaran, A.; Troia, F.D.; Visaggio, C.A.; Austin, T.H.; Stamp, M. A comparison of static, dynamic, and hybrid analysis for malware detection. J. Comput. Virol. Hacking Tech. 2015, 1–12. [Google Scholar] [CrossRef]
- Caporusso, N.; Chea, S.; Abukhaled, R. A Game-Theoretical Model of Ransomware. In Proceedings of the International Conference on Applied Human Factors and Ergonomics, Washington, DC, USA, 24–28 July 2019; Springer International Publishing: Cham, Germany, 2019; pp. 69–78. [Google Scholar]
- Tripathy, A.; Agrawal, A.; Rath, S.K. Classification of sentiment reviews using n-gram machine learning approach. Expert Syst. Appl. 2016, 57, 117–126. [Google Scholar] [CrossRef]
- Uppal, D.; Sinha, R.; Mehra, V.; Jain, V. IEEE. Malware Detection and Classification Based on Extraction of API Sequences. In Proceedings of the 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Delhi, India, 24–27 September 2014; pp. 2337–2342. [Google Scholar]
- Alazab, M.; Layton, R.; Venkataraman, S.; Watters, P. Malware detection based on structural and behavioural features of api calls. In Proceedings of the 1st International Cyber Resilience Conference, Perth, Australia, 23–24 August 2010; Edith Cowan University: Perth, Australia, 2010; pp. 1–10. [Google Scholar]
- Canali, D.; Lanzi, A.; Balzarotti, D.; Kruegel, C.; Christodorescu, M.; Kirda, E. A quantitative study of accuracy in system call-based malware detection. In Proceedings of the 21st International Symposium on Software Testing and Analysis, ISSTA, Minneapolis, MN, USA, 16–18 April 2012; pp. 122–132. [Google Scholar]
- Ucci, D.; Aniello, L.; Baldoni, R. Survey on the Usage of Machine Learning Techniques for Malware Analysis. arXiv 2017, arXiv:1710.08189. [Google Scholar]
- Miao, Q.; Liu, J.; Cao, Y.; Song, J. Malware detection using bilayer behavior abstraction and improved one-class support vector machines. Int. J. Inf. Secur. 2016, 15, 361–379. [Google Scholar] [CrossRef]
- Ahmed, Y.A.; Huda, S.; Al-rimy, B.A.S.; Alharbi, N.; Saeed, F.; Ghaleb, F.A.; Ali, I.M. A Weighted Minimum Redundancy Maximum Relevance Technique for Ransomware Early Detection in Industrial IoT. Sustainability 2022, 14, 1231. [Google Scholar] [CrossRef]
- Usha, M.; Kavitha, P. Anomaly based intrusion detection for 802.11 networks with optimal features using SVM classifier. Wirel. Netw. 2016, 1–16. [Google Scholar] [CrossRef]
- Onan, A.; Korukoğlu, S. A feature selection model based on genetic rank aggregation for text sentiment classification. J. Inf. Sci. 2017, 43, 25–38. [Google Scholar] [CrossRef]
- Shukla, M.; Mondal, S.; Lodha, S. POSTER: Locally Virtualized Environment for Mitigating Ransomware Threat. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–26 October 2016; ACM: Vienna, Austria, 2016; pp. 1784–1786. [Google Scholar]
- Peng, H.; Wei, J.; Guo, W. Micro-architectural Features for Malware Detection. In Proceedings of the Conference on Advanced Computer Architecture, Weihai, China, 22–23 August 2016; pp. 48–60. [Google Scholar]
- Fallahpour, S.; Lakvan, E.N.; Zadeh, M.H. Using an ensemble classifier based on sequential floating forward selection for financial distress prediction problem. J. Retail. Consum. Serv. 2017, 34, 159–167. [Google Scholar] [CrossRef]
- Yan, P.; Yan, Z. A survey on dynamic mobile malware detection. Softw. Qual. J. 2017, 1–29. [Google Scholar] [CrossRef]
- Hasan, M.M.; Rahman, M.M. RansHunt: A support vector machines based ransomware analysis framework with integrated feature set. In Proceedings of the 2017 20th International Conference of Computer and Information Technology (ICCIT), Dhaka, Bangladesh, 22–24 December 2017; pp. 1–7. [Google Scholar]
- Duda, R.O.; Hart, P.E.; Stork, D.G. Pattern Classification; John Wiley & Sons: Hoboken, NJ, USA, 2012. [Google Scholar]
- He, X.; Cai, D.; Niyogi, P. Laplacian score for feature selection. In Proceedings of the Advances in Neural Information Processing Systems, Vancouver, BC, Canada, 4–7 December 2006; pp. 507–514. [Google Scholar]
- Nie, F.; Xiang, S.; Jia, Y.; Zhang, C.; Yan, S. Trace ratio criterion for feature selection. In Proceedings of the AAAI, Chicago, IL, USA, 13–17 July 2008; pp. 671–676. [Google Scholar]
- Nie, F.; Huang, H.; Cai, X.; Ding, C.H. Efficient and robust feature selection via joint ℓ2, 1-norms minimization. In Proceedings of the Advances in Neural Information Processing Systems, Vancouver, BC, Canada, 6–9 December 2010; pp. 1813–1821. [Google Scholar]
- Cai, D.; Zhang, C.; He, X. Unsupervised feature selection for multi-cluster data. In Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Washington, DC, USA, 24–28 July 2010; ACM: Washington, DC, USA, 2010; pp. 333–342. [Google Scholar]
- Yang, Y.; Shen, H.T.; Ma, Z.; Huang, Z.; Zhou, X. l2, 1-norm regularized discriminative feature selection for unsupervised learning. In Proceedings of the International Joint Conference on Artificial Intelligence, IJCAI Proceedings, Barcelona, Spain, 16–22 July 2011; p. 1589. [Google Scholar]
- Huan, L.; Setiono, R. Chi2: Feature selection and discretization of numeric attributes. In Proceedings of the 7th IEEE International Conference on Tools with Artificial Intelligence, Herndon, VA, USA, 5–8 November 1995; pp. 388–391. [Google Scholar]
- Battiti, R. Using mutual information for selecting features in supervised neural net learning. IEEE Trans. Neural Netw. 1994, 5, 537–550. [Google Scholar] [CrossRef] [Green Version]
- Yang, H.; Moody, J. Feature selection based on joint mutual information. In Proceedings of the International ICSC Symposium on Advances in Intelligent Data Analysis, Rochester, NY, USA, 22–25 June 1999; pp. 22–25. [Google Scholar]
- Hanchuan, P.; Fuhui, L.; Ding, C. Feature selection based on mutual information criteria of max-dependency, max-relevance, and min-redundancy. IEEE Trans. Pattern Anal. Mach. Intell. 2005, 27, 1226–1238. [Google Scholar] [CrossRef] [PubMed]
- Chen, Z.-G.; Kang, H.-S.; Yin, S.-N.; Kim, S.-R. Automatic Ransomware Detection and Analysis Based on Dynamic API Calls Flow Graph. In Proceedings of the International Conference on Research in Adaptive and Convergent Systems, Krakow Poland, 28–30 September 2017; ACM: Krakow, Poland, 2017; pp. 196–201. [Google Scholar]
- Brown, G.; Pocock, A.; Zhao, M.J.; Luján, M. Conditional likelihood maximisation: A unifying framework for information theoretic feature selection. J. Mach. Learn. Res. 2012, 13, 27–66. [Google Scholar]
- Xu, Y.; Wu, C.; Zheng, K.; Wang, X.; Niu, X.; Lu, T. Computing Adaptive Feature Weights with PSO to Improve Android Malware Detection. Secur. Commun. Netw. 2017, 2017, 14. [Google Scholar] [CrossRef] [Green Version]
- Aburomman, A.A.; Reaz, M.B.I. A survey of intrusion detection systems based on ensemble and hybrid classifiers. Comput. Secur. 2017, 65, 135–152. [Google Scholar] [CrossRef]
- Mehetrey, P.; Shahriari, B.; Moh, M. Collaborative Ensemble-Learning Based Intrusion Detection Systems for Clouds. In Proceedings of the 2016 International Conference on Collaboration Technologies and Systems (CTS), Orlando, FL, USA, 31 October–4 November 2016; pp. 404–411. [Google Scholar]
- Woźniak, M.; Graña, M.; Corchado, E. A survey of multiple classifier systems as hybrid systems. Inf. Fusion 2014, 16, 3–17. [Google Scholar] [CrossRef] [Green Version]
- Mao, S.; Lin, W.; Chen, J.; Xiong, L. Optimising ensemble combination based on maximisation of diversity. Electron. Lett. 2017, 53, 1042–1044. [Google Scholar] [CrossRef]
- Reineking, T. Active classification using belief functions and information gain maximization. Int. J. Approx. Reason. 2016, 72, 43–54. [Google Scholar] [CrossRef]
- Bennasar, M.; Hicks, Y.; Setchi, R. Feature selection using Joint Mutual Information Maximisation. Expert Syst. Appl. 2015, 42, 8520–8532. [Google Scholar] [CrossRef] [Green Version]
- Yang, M.; Bao, J.; Ji, G.L. Semi-random subspace sampling for classification. In Proceedings of the 2010 6th International Conference on Natural Computation, ICNC’10, Yantai, China, 10–12 August 2010; pp. 3420–3424. [Google Scholar]
- Koziarski, M.; Krawczyk, B.; Woźniak, M. The deterministic subspace method for constructing classifier ensembles. Pattern Anal. Appl. 2017, 20, 981–990. [Google Scholar] [CrossRef] [Green Version]
- Peddabachigari, S.; Abraham, A.; Grosan, C.; Thomas, J. Modeling intrusion detection system using hybrid intelligent systems. J. Netw. Comput. Appl. 2007, 30, 114–132. [Google Scholar] [CrossRef]
- Turaev, H.; Zavarsky, P.; Swar, B. Prevention of ransomware execution in enterprise environment on windows os: Assessment of application whitelisting solutions. In Proceedings of the 1st International Conference on Data Intelligence and Security, ICDIS, Padre Island, TX, USA, 8–10 April 2018; pp. 110–118. [Google Scholar]
- Ganame, K.; Allaire, M.A.; Zagdene, G.; Boudar, O. Network Behavioral Analysis for Zero-Day Malware Detection—A Case Study. In Proceedings of the 1st International Conference on Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments, ISDDC 2017, Vancouver, BC, Canada, 26–28 October 2017; Springer: Berlin/Heidelberg, Germany, 2017; pp. 169–181. [Google Scholar]
- Grill, M.; Pevný, T.; Rehak, M. Reducing false positives of network anomaly detection by local adaptive multivariate smoothing. J. Comput. Syst. Sci. 2017, 83, 43–57. [Google Scholar] [CrossRef]
- Kharraz, A.; Robertson, W.; Kirda, E. Protecting against Ransomware: A New Line of Research or Restating Classic Ideas? IEEE Secur. Priv. 2018, 16, 103–107. [Google Scholar] [CrossRef]
Authors | Technique | Limitation | ||
---|---|---|---|---|
Feature Extraction | Feature Selection | Training/Detection | ||
Sgandurra, Muñoz-González [42] |
| Mutual Information (MI). | Logistic Regression. |
|
Homayoun, Dehghantanha [40] |
| Single step transition MSP. | Decision Tree, Random Forest, Bagging, MLP. |
|
Rhode, Burnap [28] |
| Recurrent Neural Networks (RNN). |
| |
Homayoun, Dehghantanha [31] |
| Excluding the features using pre-defined threshold at the embedding step. | Convolutional Neural Networks (CNN) and Long Short Term Memory (LSTM). |
|
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Alqahtani, A.; Sheldon, F.T. A Survey of Crypto Ransomware Attack Detection Methodologies: An Evolving Outlook. Sensors 2022, 22, 1837. https://doi.org/10.3390/s22051837
Alqahtani A, Sheldon FT. A Survey of Crypto Ransomware Attack Detection Methodologies: An Evolving Outlook. Sensors. 2022; 22(5):1837. https://doi.org/10.3390/s22051837
Chicago/Turabian StyleAlqahtani, Abdullah, and Frederick T. Sheldon. 2022. "A Survey of Crypto Ransomware Attack Detection Methodologies: An Evolving Outlook" Sensors 22, no. 5: 1837. https://doi.org/10.3390/s22051837
APA StyleAlqahtani, A., & Sheldon, F. T. (2022). A Survey of Crypto Ransomware Attack Detection Methodologies: An Evolving Outlook. Sensors, 22(5), 1837. https://doi.org/10.3390/s22051837