文章基本信息

标题：Modified Decision Tree Technique for Ransomware Detection at Runtime through API Calls
本地全文：下载
作者：Faizan Ullah ; Qaisar Javaid ; Abdu Salam 等
期刊名称：Scientific Programming
印刷版ISSN：1058-9244
出版年度：2020
卷号：2020
页码：1-10
DOI：10.1155/2020/8845833
出版社：Hindawi Publishing Corporation
摘要：Ransomware (RW) is a distinctive variety of malware that encrypts the files or locks the user’s system by keeping and taking their files hostage, which leads to huge financial losses to users. In this article, we propose a new model that extracts the novel features from the RW dataset and performs classification of the RW and benign files. The proposed model can detect a large number of RW from various families at runtime and scan the network, registry activities, and file system throughout the execution. API-call series was reutilized to represent the behavior-based features of RW. The technique extracts fourteen-feature vector at runtime and analyzes it by applying online machine learning algorithms to predict the RW. To validate the effectiveness and scalability, we test 78550 recent malign and benign RW and compare with the random forest and AdaBoost, and the testing accuracy is extended at 99.56%.