Signature based ransomware detection based on optimizations approaches using RandomClassifier and CNN algorithms

Authors: Sangher, K.S., Singh, A. and Pandey, H.M.

Journal: International Journal of System Assurance Engineering and Management

eISSN: 0976-4348

ISSN: 0975-6809

DOI: 10.1007/s13198-023-02017-9

Abstract:

As Ransomware encrypts user files to prevent access to infected systems its harmful impacts must be quickly identified and remedied. It can be challenging to identify the metrics and parameters to check, especially when using unknown ransomware variants in tests. The proposed work uses machine learning techniques to create a general model that can be used to detect the variations of ransomware families while observing the characteristics of malware. However, early detection is impeded by a dearth of data during the initial phases of an attack, which results in low detection accuracy and a high proportion of false alarms. To overcome these restrictions, our research suggests a revolutionary technique, in machine learning techniques we have proposed RandomClassifier with SMOTE optimizer based on the results received from LazyPredictAutoML, and then deep learning algorithm ANN using Root Mean Square Propagation (Adam) has been implemented to get the hidden patterns which were not accessible in the machine learning approach. The further study focused on improving CNN’s performance over RMSprop & Adam, which maintains per-parameter learning rates that are adjusted based on the average of most recent weight gradient magnitudes, using the Adam optimizer. The best option for internet and non-stationary issues is CNN with Adam (e.g. noisy). As gradients grow sparser toward the end of optimization, Adam somewhat surpasses RMSprop. Adam uses CNN and uses the average of the second moments of the gradients (the uncentered variance). The proposed model reported 5.14 ms of prediction time and 99.18% accuracy.

Source: Scopus