Yazar "Ahmed, Yahye Abukar" seçeneğine göre listele
Listeleniyor 1 - 1 / 1
Sayfa Başına Sonuç
Sıralama seçenekleri
Öğe Automated analysis approach for the detection of high survivable ransomwares(Selçuk Üniversitesi Fen Bilimleri Enstitüsü, 2020) Ahmed, Yahye Abukar; Koçer, BarışRansomware is malicious software that encrypts the user-related files and data and holds them to ransom. Such attacks have become one of the most widespread malwares that poses serious threat to both individuals and business organizations. This destructive malicious program has caused many organizations to lose huge revenue by paying much bigger ransom demands to the cyber criminals in recent years. Explosive growth of ransomware is due to the existing large infection vector such as social engineering, email attachment, zip file download, browsing malicious site, infected search engine which are boosted dramatically by easily available cryptographic tools, Ransomware As a Service (RaaS), increased cloud storage and off-the-self ransomware toolkits. The large infection vector and available toolkits not only grew ransomware extremely, but also made them more obfuscated, encrypted and varying patterns in the new variants. Against this destructive malicious program, the dynamic analysis approach is the most popular approach for detecting such an attack. The majority of dynamic analysis relies on the system calls as these provide an interface for programs to request service from the operating system. However, the redundancy and the irrelevant system calls that the ransomware authors inject in the actual execution flow of suspicious binaries generate a high noisy behavioral sequence that adversely impacts in the induction of the supervised classifiers. This, in turn, caused the conventional supervised analysis and detection engine to fail to detect the new variants of ransomware. This research proposed a non-signature-based detection approach on the effective windows API call sequences using both supervised and semi-supervised machine learning techniques. To achieve this objective, we proposed an Enhanced Maximum-Relevance and Minimum-Redundancy (EmRmR) filter method to remove the noisy features and select the most relevant subset of features to characterize the real behavior of the ransomware. Unlike the original mRmR, the EmRmR avoids unnecessary computations intrinsic in the original mRmR algorithms with small number of evaluations. In addition, this research has introduced a refinement process to reduce the size of the program's call traces by removing those windows API calls that do not have strong indication for describing the critical behavior of the ransomware. We developed several classifiers algorithms using refined system calls and achieves high accuracy with a lower false-positive rate for detecting ransomware in the early phases of the attack. In addition, this research addresses the limitations of conventional supervised detection engine and also proposed a semi-supervised framework to compute the inherent latent sources of the varying patterns in the new variants in an unsupervised way using deep learning approaches. The Proposed framework extracts the inherent characteristics in the varying patterns from the unlabeled ransomware obtained from the wild which is scalable to accommodate upcoming malicious executables. After accomplishing Our extensive experimental results and discussion demonstrate that the proposed adaptive framework can successfully discriminate the behavior of different variants of ransomware and achieve higher performance than existing supervised approaches.