Ransomware Detection using Process Memory

by   Avinash Singh, et al.

Ransomware attacks have increased significantly in recent years, causing great destruction and damage to critical systems and business operations. Attackers are unfailingly finding innovative ways to bypass detection mechanisms, whichencouraged the adoption of artificial intelligence. However, most research summarizes the general features of AI and induces many false positives, as the behavior of ransomware constantly differs to bypass detection. Focusing on the key indicating features of ransomware becomes vital as this guides the investigator to the inner workings and main function of ransomware itself. By utilizing access privileges in process memory, the main function of the ransomware can be detected more easily and accurately. Furthermore, new signatures and fingerprints of ransomware families can be identified to classify novel ransomware attacks correctly. The current research used the process memory access privileges of the different memory regions of the behavior of an executable to quickly determine its intent before serious harm can occur. To achieve this aim, several well-known machine learning algorithms were explored with an accuracy range of 81.38 to 96.28 percents. The study thus confirms the feasibility of utilizing process memory as a detection mechanism for ransomware.


page 1

page 2

page 3

page 4


Attack based DoS attack detection using multiple classifier

One of the most common internet attacks causing significant economic los...

Machine Learning for Network-based Intrusion Detection Systems: an Analysis of the CIDDS-001 Dataset

With the increasing amount of reliance on digital data and computer netw...

Machine Learning-based Ransomware Detection Using Low-level Memory Access Patterns Obtained From Live-forensic Hypervisor

Since modern anti-virus software mainly depends on a signature-based sta...

Attack Strength vs. Detectability Dilemma in Adversarial Machine Learning

As the prevalence and everyday use of machine learning algorithms, along...

Early Detection of In-Memory Malicious Activity based on Run-time Environmental Features

In recent years malware has become increasingly sophisticated and diffic...

Cyberattack Detection using Deep Generative Models with Variational Inference

Recent years have witnessed a rise in the frequency and intensity of cyb...

Working mechanism of Eternalblue and its application in ransomworm

After the leaking of exploit Eternalblue, some ransomworms utilizing thi...