Analysis and detection of ransomware through its delivery methods

Abstract

Cyber criminals are utilizing diverse approaches to draw money from internet users and organizations. Recently, a malware called ransomware has become effectively accessible for this job due to its ease of availability and distribution methods. Security experts are working to counter ransomware attacks by fixing the vulnerabilities of operating system. In this research work, we have proposed a method to prevent the ransomware attack at its early stages through its delivery channels like Exploit Kits. We have analyzed the crawling patterns (listing of file path, dropped file, network activity, ransom note etc.) of victim’s computer. These patterns have been used to extract the features for classification of malicious samples. We have used supervised machine learning algorithms for classification of malwares. Experimental results shows that accuracy of 94% is achieved in tightly bound mode by using random forest algorithm. While, accuracy of 91% is achieved in moderate bound mode by using random forest classification algorithm.