A 0-day aware crypto-ransomware early behavioral detection framework

Abstract

Crypto-Ransomware exploits cryptography to hijack personal files and documents and hold them to ransom. Utilizing such technological leap, crypto-ransomware targets a wide range of systems, and platforms. Although many users, whether individuals or organizations, practice proactive security procedures like regular backup, advanced crypto-ransomware can bypass these countermeasures rendering the valuable data vulnerable to such extortion attack. Due to the irreversible nature of its damage, thwarting crypto-ransomware becomes challenging. Although several studies have been conducted to tackle crypto-ransomware detection problem, most of them dealt with it from malware perspective. Such approach has deemed ineffective given the unique characteristics that distinguish this attack which necessitate the early discovery before encryption takes place. To this end, this paper puts forward an efficient and effective framework for building crypto-ransomware early detection models that protect users, whether individuals or organizations, of being victimized by such attack.