期刊论文详细信息
IEEE Access
Enhancing File Entropy Analysis to Improve Machine Learning Detection Rate of Ransomware
Chia-Cheng Yang1  Jenq-Shiou Leu1  Chia-Ming Hsu1  Paul E. Setiasabda1  Han-Hsuan Cheng1 
[1] Department of Electronic and Computer Engineering, National Taiwan University of Science and Technology, Taipei, Taiwan;
关键词: Machine learning;    ransomware;    entropy;    security;   
DOI  :  10.1109/ACCESS.2021.3114148
来源: DOAJ
【 摘 要 】

Cybersecurity is the biggest threat in the world. More and more people are used to storing personal data on a computer and transmitting it through the Internet. Cybersecurity will be an important issue that everyone continues to pay attention to. One of the most serious problems recently is the prevalence of ransomware, especially crypto-ransomware. Unlike ordinary attacks, crypto-ransomware does not control the victim’s computer and steal important data. It focuses on encrypting all data and asking victims to provide ransom to decrypt the data. Currently, many studies focus on various aspects of ransomware, including file-based, behavior-based, and network-based ransomware detection method, and use machine learning to build detection models. In addition to the above research, we found that attackers have begun to develop a new method to encrypt data. It will not only increase the speed of data encryption but also reduce the detection rate in the existing detection system. In any case, we are still facing ransomware dangers, as it is hard to recognize and forestall ransomware executing obscure malicious programs. In other words, user data will be sabotaged as soon as the computer cannot detect the ransomware. To solve the problem, detecting files instead of detecting the executable program might be helpful to establish the backup system immediately before ransomware encrypts all of the user files. We analyze the 22 formats of the encrypted files, extract the specific features and use the Support Vector Machine to distinguish between encrypted and unencrypted files. Conducted analysis results confirm that our method has better performance and a higher detection rate, reaching 85.17%. (Where the detection rate of SVM kernel Trick (Poly) exceeds 92%).

【 授权许可】

Unknown   

  文献评价指标  
  下载次数:0次 浏览次数:0次