Classifying Ransomware Using Machine Learning Algorithms

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Ransomware is a continuing threat and has resulted in the battle between the development and detection of new techniques. Detection and mitigation systems have been developed and are in wide-scale use; however, their reactive nature has resulted in a continuing evolution and updating process. This is largely because detection mechanisms can often be circumvented by introducing changes in the malicious code and its behaviour. In this paper, we demonstrate a classification technique of integrating both static and dynamic features to increase the accuracy of detection and classification of ransomware. We train supervised machine learning algorithms using a test set and use a confusion matrix to observe accuracy, enabling a systematic comparison of each algorithm. In this work, supervised algorithms such as the Naïve Bayes algorithm resulted in an accuracy of 96% with the test set result, SVM 99.5%, random forest 99.5%, and 96%. We also use Youden's index to determine sensitivity and specificity.
Original languageEnglish
Title of host publicationIntelligent Data Engineering and Automated Learning - IDEAL 2019
Subtitle of host publication20th International Conference, Manchester, UK, November 14-16, 2019, Proceedings, Part II
EditorsHujun Yin, David Camacho, Peter Tino, Antonio J. Tallón-Ballesteros, Ronaldo Menezes, Richard Allmendinger
Place of PublicationCham
PublisherSpringer International Publishing
Pages45-52
Number of pages8
VolumeLNCS11872
ISBN (Electronic)9783030336172
ISBN (Print)9783030336165, 3030336166
Publication statusPublished - 24 Oct 2019
Event20th International Conference on Intelligent Data Engineering and Automated Learning - University of Manchester, Manchester, United Kingdom
Duration: 14 Nov 201916 Nov 2019
Conference number: 20
http://www.datascience.manchester.ac.uk/events-1/events/20th-international-conference-on-intelligent-data-engineering-and-automated-learning-ideal/

Publication series

NameLecture Notes in Computer Science
PublisherSpringer

Conference

Conference20th International Conference on Intelligent Data Engineering and Automated Learning
Abbreviated titleIDEAL
CountryUnited Kingdom
CityManchester
Period14/11/1916/11/19
Internet address

Fingerprint

Learning algorithms
Learning systems
Malware

Cite this

Egunjobi, S., Parkinson, S., & Crampton, A. (2019). Classifying Ransomware Using Machine Learning Algorithms. In H. Yin, D. Camacho, P. Tino, A. J. Tallón-Ballesteros, R. Menezes, & R. Allmendinger (Eds.), Intelligent Data Engineering and Automated Learning - IDEAL 2019: 20th International Conference, Manchester, UK, November 14-16, 2019, Proceedings, Part II (Vol. LNCS11872, pp. 45-52). (Lecture Notes in Computer Science). Cham: Springer International Publishing.
Egunjobi, Samuel ; Parkinson, Simon ; Crampton, Andrew. / Classifying Ransomware Using Machine Learning Algorithms. Intelligent Data Engineering and Automated Learning - IDEAL 2019: 20th International Conference, Manchester, UK, November 14-16, 2019, Proceedings, Part II . editor / Hujun Yin ; David Camacho ; Peter Tino ; Antonio J. Tallón-Ballesteros ; Ronaldo Menezes ; Richard Allmendinger. Vol. LNCS11872 Cham : Springer International Publishing, 2019. pp. 45-52 (Lecture Notes in Computer Science).
@inproceedings{10190ff87dbd4b99a51b54c526a5b7d8,
title = "Classifying Ransomware Using Machine Learning Algorithms",
abstract = "Ransomware is a continuing threat and has resulted in the battle between the development and detection of new techniques. Detection and mitigation systems have been developed and are in wide-scale use; however, their reactive nature has resulted in a continuing evolution and updating process. This is largely because detection mechanisms can often be circumvented by introducing changes in the malicious code and its behaviour. In this paper, we demonstrate a classification technique of integrating both static and dynamic features to increase the accuracy of detection and classification of ransomware. We train supervised machine learning algorithms using a test set and use a confusion matrix to observe accuracy, enabling a systematic comparison of each algorithm. In this work, supervised algorithms such as the Na{\"i}ve Bayes algorithm resulted in an accuracy of 96{\%} with the test set result, SVM 99.5{\%}, random forest 99.5{\%}, and 96{\%}. We also use Youden's index to determine sensitivity and specificity.",
keywords = "Ransomeware, Malware, Machine Learning",
author = "Samuel Egunjobi and Simon Parkinson and Andrew Crampton",
year = "2019",
month = "10",
day = "24",
language = "English",
isbn = "9783030336165",
volume = "LNCS11872",
series = "Lecture Notes in Computer Science",
publisher = "Springer International Publishing",
pages = "45--52",
editor = "Hujun Yin and David Camacho and Peter Tino and Tall{\'o}n-Ballesteros, {Antonio J.} and Ronaldo Menezes and Richard Allmendinger",
booktitle = "Intelligent Data Engineering and Automated Learning - IDEAL 2019",

}

Egunjobi, S, Parkinson, S & Crampton, A 2019, Classifying Ransomware Using Machine Learning Algorithms. in H Yin, D Camacho, P Tino, AJ Tallón-Ballesteros, R Menezes & R Allmendinger (eds), Intelligent Data Engineering and Automated Learning - IDEAL 2019: 20th International Conference, Manchester, UK, November 14-16, 2019, Proceedings, Part II . vol. LNCS11872, Lecture Notes in Computer Science, Springer International Publishing, Cham, pp. 45-52, 20th International Conference on Intelligent Data Engineering and Automated Learning, Manchester, United Kingdom, 14/11/19.

Classifying Ransomware Using Machine Learning Algorithms. / Egunjobi, Samuel; Parkinson, Simon; Crampton, Andrew.

Intelligent Data Engineering and Automated Learning - IDEAL 2019: 20th International Conference, Manchester, UK, November 14-16, 2019, Proceedings, Part II . ed. / Hujun Yin; David Camacho; Peter Tino; Antonio J. Tallón-Ballesteros; Ronaldo Menezes; Richard Allmendinger. Vol. LNCS11872 Cham : Springer International Publishing, 2019. p. 45-52 (Lecture Notes in Computer Science).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Classifying Ransomware Using Machine Learning Algorithms

AU - Egunjobi, Samuel

AU - Parkinson, Simon

AU - Crampton, Andrew

PY - 2019/10/24

Y1 - 2019/10/24

N2 - Ransomware is a continuing threat and has resulted in the battle between the development and detection of new techniques. Detection and mitigation systems have been developed and are in wide-scale use; however, their reactive nature has resulted in a continuing evolution and updating process. This is largely because detection mechanisms can often be circumvented by introducing changes in the malicious code and its behaviour. In this paper, we demonstrate a classification technique of integrating both static and dynamic features to increase the accuracy of detection and classification of ransomware. We train supervised machine learning algorithms using a test set and use a confusion matrix to observe accuracy, enabling a systematic comparison of each algorithm. In this work, supervised algorithms such as the Naïve Bayes algorithm resulted in an accuracy of 96% with the test set result, SVM 99.5%, random forest 99.5%, and 96%. We also use Youden's index to determine sensitivity and specificity.

AB - Ransomware is a continuing threat and has resulted in the battle between the development and detection of new techniques. Detection and mitigation systems have been developed and are in wide-scale use; however, their reactive nature has resulted in a continuing evolution and updating process. This is largely because detection mechanisms can often be circumvented by introducing changes in the malicious code and its behaviour. In this paper, we demonstrate a classification technique of integrating both static and dynamic features to increase the accuracy of detection and classification of ransomware. We train supervised machine learning algorithms using a test set and use a confusion matrix to observe accuracy, enabling a systematic comparison of each algorithm. In this work, supervised algorithms such as the Naïve Bayes algorithm resulted in an accuracy of 96% with the test set result, SVM 99.5%, random forest 99.5%, and 96%. We also use Youden's index to determine sensitivity and specificity.

KW - Ransomeware

KW - Malware

KW - Machine Learning

M3 - Conference contribution

SN - 9783030336165

SN - 3030336166

VL - LNCS11872

T3 - Lecture Notes in Computer Science

SP - 45

EP - 52

BT - Intelligent Data Engineering and Automated Learning - IDEAL 2019

A2 - Yin, Hujun

A2 - Camacho, David

A2 - Tino, Peter

A2 - Tallón-Ballesteros, Antonio J.

A2 - Menezes, Ronaldo

A2 - Allmendinger, Richard

PB - Springer International Publishing

CY - Cham

ER -

Egunjobi S, Parkinson S, Crampton A. Classifying Ransomware Using Machine Learning Algorithms. In Yin H, Camacho D, Tino P, Tallón-Ballesteros AJ, Menezes R, Allmendinger R, editors, Intelligent Data Engineering and Automated Learning - IDEAL 2019: 20th International Conference, Manchester, UK, November 14-16, 2019, Proceedings, Part II . Vol. LNCS11872. Cham: Springer International Publishing. 2019. p. 45-52. (Lecture Notes in Computer Science).