Recent times have seen the rise of ransomware as a major cybersecurity threat, wherein attackers have been encrypting victims’ data and demanding ransom for reversing access. As attackers are leveraging advanced encryption techniques, obfuscation methods, and exploiting security flaws, ransomware as a growing challenge to cybersecurity defenses has led to many ransomware variants that can detect the run-time environment and evade dynamic analysis. To counter this, we perform Windows ransomware static analysis and detection using reverse engineering and Ensemble Learning. We start by using Ghidra to perform reverse engineering, in which we automate both static analysis and compilation procedures to curate a dataset that represents ransomware of various kinds. To overcome the issue of limited ransomware samples and existing unrealistic data augmentation techniques, we apply the concept of differential privacy to create our own generative adversarial network. Critical features have been identified and processed through ensemble learning models. The experimental results show that the ensembles of Stacking Decision Trees, Support Vector Machines, and Random Forest yielded a maximum accuracy of 97.51% in detecting ransomware attacks.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Ghidra-Assisted Static Analysis and Ensemble Learning with Differential Privacy GANs for Ransomware Detection

  • Ananya Chaturvedi,
  • Kavyansh Tyagi,
  • Shweta Sharma,
  • Sweeti Sah

摘要

Recent times have seen the rise of ransomware as a major cybersecurity threat, wherein attackers have been encrypting victims’ data and demanding ransom for reversing access. As attackers are leveraging advanced encryption techniques, obfuscation methods, and exploiting security flaws, ransomware as a growing challenge to cybersecurity defenses has led to many ransomware variants that can detect the run-time environment and evade dynamic analysis. To counter this, we perform Windows ransomware static analysis and detection using reverse engineering and Ensemble Learning. We start by using Ghidra to perform reverse engineering, in which we automate both static analysis and compilation procedures to curate a dataset that represents ransomware of various kinds. To overcome the issue of limited ransomware samples and existing unrealistic data augmentation techniques, we apply the concept of differential privacy to create our own generative adversarial network. Critical features have been identified and processed through ensemble learning models. The experimental results show that the ensembles of Stacking Decision Trees, Support Vector Machines, and Random Forest yielded a maximum accuracy of 97.51% in detecting ransomware attacks.