Future of Information and Communication Conference (FICC) 2024
4-5 April 2024
Publication Links
IJACSA
Special Issues
Future of Information and Communication Conference (FICC)
Computing Conference
Intelligent Systems Conference (IntelliSys)
Future Technologies Conference (FTC)
International Journal of Advanced Computer Science and Applications(IJACSA), Volume 14 Issue 10, 2023.
Abstract: Currently, ransomware attacks have become an important threat in the field of network security. The detection and defense of ransomware has become particularly important. However, due to the insufficient data and behavior patterns collected dynamically to detect variants and unknown ransomware, there is also a lack of specialized defense strategies for ransomware. In response to this situation, this article proposes a ransomware early detection and defense system (REDDS) based on application programming interface (API) sequences. REDDS first dynamically collects API sequences from the pre-encryption stage of the ransomware, and calculates the API sequences as feature vectors using the n-gram model and TF-IDF algorithm. Due to the limitations of dynamic data collection, API sequences were enhanced using Wasserstein GAN with Gradient Penalty (WGAN GP), and then machine learning classification algorithms were used to train the enhanced data to detect ransomware. By mapping the malicious API of ransomware to public security knowledge bases such as Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK), a Ransomware Defense Countermeasures Ontology (RDCO) is proposed. Based on the ontology model, a set of inference rules is designed to automatically infer the defense countermeasures of ransomware. The experimental results show that WGAN-GP can more effectively enhance API sequence data than other GAN models. After data augmentation, the accuracy of machine learning detection models has significantly improved, with a maximum of 99.32%. Based on malicious APIs in ransomware, defense countermeasures can be inferred to help security managers respond to ransomware attacks and deploy appropriate security solutions.
Shuqin Zhang, Tianhui Du, Peiyu Shi, Xinyu Su and Yunfei Han, “Early Detection and Defense Countermeasure Inference of Ransomware based on API Sequence” International Journal of Advanced Computer Science and Applications(IJACSA), 14(10), 2023. http://dx.doi.org/10.14569/IJACSA.2023.0141067
@article{Zhang2023,
title = {Early Detection and Defense Countermeasure Inference of Ransomware based on API Sequence},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2023.0141067},
url = {http://dx.doi.org/10.14569/IJACSA.2023.0141067},
year = {2023},
publisher = {The Science and Information Organization},
volume = {14},
number = {10},
author = {Shuqin Zhang and Tianhui Du and Peiyu Shi and Xinyu Su and Yunfei Han}
}
Copyright Statement: This is an open access article licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, even commercially as long as the original work is properly cited.