Author/Authors :
Ullah, Faizan Department of Computer Science - Bacha Khan University, Charsadda, Pakistan , Javaid, Qaisar Department of Computer Science - Bacha Khan University, Charsadda, Pakistan , Salam, Abdu Department of Computer Science - Abdul Wali Khan University, Mardan, Pakistan , Ahmad, Masood Department of Computer Science - Abdul Wali Khan University, Mardan, Pakistan , Sarwar, Nadeem Department of Computer Science - Bahria University Lahore Campus, Lahore, Pakistan , Shah, Dilawar Department of Computer Science - Bacha Khan University, Charsadda, Pakistan , Abrar, Muhammad Department of Computer Science - Bacha Khan University, Charsadda, Pakistan
Abstract :
Ransomware (RW) is a distinctive variety of malware that encrypts the files or locks the user’s system by keeping and taking their files hostage, which leads to huge financial losses to users. In this article, we propose a new model that extracts the novel features from the RW dataset and performs classification of the RW and benign files. The proposed model can detect a large number of RW from various families at runtime and scan the network, registry activities, and file system throughout the execution. API-call series was reutilized to represent the behavior-based features of RW. The technique extracts fourteen-feature vector at runtime and analyzes it by applying online machine learning algorithms to predict the RW. To validate the effectiveness and scalability, we test 78550 recent malign and benign RW and compare with the random forest and AdaBoost, and the testing accuracy is extended at 99.56%.
Keywords :
API Calls , Runtime , Detection , Detection , Decision Tree Technique , Modified
