Gye-Hyeok Lee, Min-Chae Hwang, Dong-Yeop Hyun, Young-In Ku, Dong-Young Yoo

KIPS Transactions on Computer and Communication Systems, Vol. 11, No. 10, pp. 363-372, Oct. 2022
https://doi.org/10.3745/KTCCS.2022.11.10.363,   PDF Download:
Keywords: Ransomware, Cerber, opcode, API, Malware, Machine-Learning, Detection
Abstract

Since the recent COVID-19 Pandemic, the ransomware fandom has intensified along with the expansion of remote work. Currently, anti-virus vaccine companies are trying to respond to ransomware, but traditional file signature-based static analysis can be neutralized in the face of diversification, obfuscation, variants, or the emergence of new ransomware. Various studies are being conducted for such ransomware detection, and detection studies using signature-based static analysis and behavior-based dynamic analysis can be seen as the main research type at present. In this paper, the frequency of “.text Section” Opcode and the Native API used in practice was extracted, and the association between feature information selected using K-means Clustering algorithm, Cosine Similarity, and Pearson correlation coefficient was analyzed. In addition, Through experiments to classify and detect worms among other malware types and Cerber-type ransomware, it was verified that the selected feature information was specialized in detecting specific ransomware (Cerber). As a result of combining the finally selected feature information through the above verification and applying it to machine learning and performing hyper parameter optimization, the detection rate was up to 93.3%.

Statistics
Cite this article