文章基本信息

标题：Ransomware Detection Based On Opcode Behavior Using K-Nearest Neighbors Algorithm
本地全文：下载
作者：Deris Stiawan ; Somame Morianus Daely ; Ahmad Heryanto 等
期刊名称：European Integration Studies
印刷版ISSN：2335-8831
出版年度：2021
卷号：50
期号：3
页码：495-506
DOI：10.5755/j01.itc.50.3.25816
语种：English
出版社：Kaunas University of Technology
摘要：Ransomware is a malware that represents a serious threat to a user’s information privacy. By investigating howransomware works, we may be able to recognise its atomic behaviour. In return, we will be able to detect theransomware at an earlier stage with better accuracy. In this paper, we propose Control Flow Graph (CFG) asan extracting opcode behaviour technique, combined with 4-gram (sequence of 4 “words”) to extract opcodesequence to be incorporated into Trojan Ransomware detection method using K-Nearest Neighbors (K-NN)algorithm. The opcode CFG 4-gram can fully represent the detailed behavioural characteristics of Trojan Ransomware.The proposed ransomware detection method considers the closest distance to a previously identifiedransomware pattern. Experimental results show that the proposed technique using K-NN, obtains the best accuracyof 98.86% for 1-gram opcode and using 1-NN classifier.
关键词：Ransomware;opcode behavior;N-gram;K-NN;Confusion Matrix