Log In Sign Up

Leveraging Support Vector Machine for Opcode Density Based Detection of Crypto-Ransomware

by   James Baldwin, et al.

Ransomware is a significant global threat, with easy deployment due to the prevalent ransomware-as-a-service model. Machine learning algorithms incorporating the use of opcode characteristics and Support Vector Machine have been demonstrated to be a successful method for general malware detection. This research focuses on crypto-ransomware and uses static analysis of malicious and benign Portable Executable files to extract 443 opcodes across all samples, representing them as density histograms within the dataset. Using the SMO classifier and PUK kernel in the WEKA machine learning toolset it demonstrates that this methodology can achieve 100 ransomware and goodware, and 96.5 cryptoransomware families and goodware. Moreover, 8 different attribute selection methods are evaluated to achieve significant feature reduction. Using the CorrelationAttributeEval method close to 100 with a feature reduction of 59.5 feature reduction of 97.7


page 16

page 19

page 21

page 22

page 23


Using Static and Dynamic Malware features to perform Malware Ascription

Malware ascription is a relatively unexplored area, and it is rather dif...

Quasar Detection using Linear Support Vector Machine with Learning From Mistakes Methodology

The field of Astronomy requires the collection and assimilation of vast ...

Differential Morphed Face Detection Using Deep Siamese Networks

Although biometric facial recognition systems are fast becoming part of ...

Kernels and Ensembles: Perspectives on Statistical Learning

Since their emergence in the 1990's, the support vector machine and the ...

Malware Analysis with Symbolic Execution and Graph Kernel

Malware analysis techniques are divided into static and dynamic analysis...

2D Electrophoresis Gel Image and Diagnosis of a Disease

The process of diagnosing a disease from the 2D gel electrophoresis imag...