Ghidra-Assisted Static Analysis and Ensemble Learning with Differential Privacy GANs for Ransomware Detection
摘要
Recent times have seen the rise of ransomware as a major cybersecurity threat, wherein attackers have been encrypting victims’ data and demanding ransom for reversing access. As attackers are leveraging advanced encryption techniques, obfuscation methods, and exploiting security flaws, ransomware as a growing challenge to cybersecurity defenses has led to many ransomware variants that can detect the run-time environment and evade dynamic analysis. To counter this, we perform Windows ransomware static analysis and detection using reverse engineering and Ensemble Learning. We start by using Ghidra to perform reverse engineering, in which we automate both static analysis and compilation procedures to curate a dataset that represents ransomware of various kinds. To overcome the issue of limited ransomware samples and existing unrealistic data augmentation techniques, we apply the concept of differential privacy to create our own generative adversarial network. Critical features have been identified and processed through ensemble learning models. The experimental results show that the ensembles of Stacking Decision Trees, Support Vector Machines, and Random Forest yielded a maximum accuracy of 97.51% in detecting ransomware attacks.