Ransomware Detection on Linux Using Machine Learning with Random Forest Algorithm
Yi-chen Wu,
No information about this author
Yung-I Chang
No information about this author
Published: June 7, 2024
Ransomware
continues
to
pose
a
significant
threat
cybersecurity,
particularly
affecting
critical
systems
running
on
Linux.
The
novel
application
of
the
random
forest
algorithm
for
detecting
ransomware
Linux
offers
advancement,
leveraging
machine
learning
enhance
detection
accuracy
and
adaptability.
methodology
involved
collecting
diverse
dataset
samples
benign
files,
followed
by
meticulous
feature
extraction
robust
model.
Performance
evaluation
demonstrated
high
precision,
recall,
overall
accuracy,
surpassing
existing
methods
such
as
support
vector
machines
neural
networks.
Comparative
analysis
highlighted
model’s
superior
ability
handle
high-dimensional
data
manage
complex
interactions,
resulting
in
more
reliable
accurate
detection.
Despite
computational
complexity
extensive
preprocessing
requirements,
findings
underscore
potential
significantly
improve
cybersecurity
measures
against
ransomware.
comprehensive
provides
valuable
insights
into
development
effective
mechanisms,
affirming
algorithm’s
pivotal
role
mitigating
threats
systems.
Language: Английский
Opcode Memory Analysis: A Data-Centric Machine Learning Framework for Early Detection and Attribution of Ransomware
Benjamin Pesem,
No information about this author
James Fairweather,
No information about this author
Thomas Pennington
No information about this author
et al.
Research Square (Research Square),
Journal Year:
2024,
Volume and Issue:
unknown
Published: Aug. 21, 2024
Abstract
Ransomware
has
emerged
as
one
of
the
most
significant
threats
in
cybersecurity
landscape,
causing
widespread
disruption
and
financial
loss
across
various
sectors.
To
address
growing
sophistication
ransomware
attacks,
a
novel
machine
learning
framework
leveraging
opcode
memory
analysis
been
developed,
enabling
early
detection
accurate
attribution
ransomware.
Through
systematic
examination
low-level
operational
instructions
within
system
memory,
proposed
model
distinguishes
itself
from
traditional
approaches
by
providing
more
intrinsic
understanding
malware
behavior,
leading
to
enhanced
accuracy
ability
identify
specific
families.
The
model's
architecture,
which
includes
dual-output
mechanism
for
simultaneous
attribution,
demonstrates
scalability
applicability
diverse
environments.
Extensive
experimental
results
indicate
that
this
approach
not
only
surpasses
existing
methods
terms
performance
but
also
offers
robust
solution
real-time
threat
mitigation.
findings
demonstrate
potential
critical
component
development
next-generation
defenses,
contributing
resilient
proactive
protective
measures
against
evolving
threats.
Language: Английский
Efficient Ransomware Detection through Dynamic File System Traffic Analysis: A Methodological Approach
Published: Oct. 7, 2024
Ransomware
continues
to
evolve
as
one
of
the
most
severe
threats
modern
digital
infrastructures,
frequently
bypassing
traditional
security
mechanisms
through
increasingly
sophisticated
obfuscation
techniques.
A
novel
approach
for
combating
ransomware
leverages
real-time
dynamic
file
system
traffic
analysis
detect
malicious
behaviors
before
significant
damage
is
inflicted.
The
proposed
operates
continuous
monitoring
events
and
process
interactions,
classifying
activity
either
benign
or
ransomware-related
machine
learning
models
trained
on
feature-rich
datasets.
This
demonstrates
substantial
improvements
in
detection
accuracy,
especially
against
zero-day
variants,
efficiently
reduces
both
false
positives
negatives.
Furthermore,
maintains
low
computational
overhead,
making
it
suitable
deployment
environments
requiring
protection.
Through
its
ability
adapt
new
without
manual
updates,
offers
a
scalable
effective
solution
detection,
providing
robust
defense
enterprise
resource-constrained
environments.
Language: Английский
Detection of Stealthy Encryption in Ransomware Using AI-Driven Anomaly Detection Models
Alexander Hocosaj,
No information about this author
Charlotte Pendleton,
No information about this author
James Churchill. Stoddard
No information about this author
et al.
Research Square (Research Square),
Journal Year:
2024,
Volume and Issue:
unknown
Published: Aug. 23, 2024
Abstract
Ransomware
continues
to
pose
a
significant
threat
cybersecurity,
with
increasingly
sophisticated
techniques
allowing
malicious
actors
evade
traditional
detection
mechanisms
and
inflict
substantial
damage
on
both
individual
organizational
levels.
The
introduction
of
an
AI-driven
model
that
integrates
anomaly
supervised
learning
offers
novel
approach
identifying
ransomware
activities,
particularly
those
utilizing
stealthy
encryption
are
designed
avoid
detection.
Through
comprehensive
evaluation,
the
proposed
has
demonstrated
superior
performance
compared
existing
methods,
achieving
higher
accuracy,
reduced
false
positives,
enhanced
resilience
against
adversarial
evasion.
model's
scalability
efficiency
across
diverse
operational
environments
further
demonstrate
its
practical
applicability,
making
it
viable
solution
for
real-time
in
high-performance
resource-constrained
settings.
research
contributes
ongoing
efforts
fortify
cybersecurity
defenses
by
offering
robust,
adaptable,
scalable
framework
capable
addressing
evolving
nature
threats.
Language: Английский
Integrated Detection and Mitigation of Linux-based Ransomware through Machine Learning Analysis of File Access Patterns and Security Logs
Ethan Geresav,
No information about this author
Alexander Nightingale
No information about this author
Published: Aug. 20, 2024
Cybersecurity
challenges
continue
to
escalate
as
ransomware
attacks
become
more
frequent
and
sophisticated,
posing
significant
risks
both
individual
organizational
data
integrity.
The
development
of
an
integrated
detection
mitigation
system
presents
a
novel
approach,
enhancing
the
responsiveness
effectiveness
cyber
defenses
through
real-time
analysis
automated
response
mechanisms.
This
article
details
design,
implementation,
evaluation
such
system,
demonstrating
its
superiority
in
accuracy
speed
compared
existing
solutions.
Through
rigorous
testing
under
simulated
conditions,
not
only
meets
but
often
exceeds
current
industry
standards
for
threat
management.
Future
enhancements
are
discussed,
emphasizing
potential
further
advancements
adaptive
cybersecurity
measures.
Language: Английский
Advanced Autonomous Detection of Ransomware Using Dynamic Crypto-Entropy Signature Analysis
Giovanni Prigodichi,
No information about this author
Harrison Wainwright,
No information about this author
Richard Davis
No information about this author
et al.
Research Square (Research Square),
Journal Year:
2024,
Volume and Issue:
unknown
Published: Nov. 15, 2024
Abstract
The
sophistication
of
cyber
threats
requires
the
development
advanced
detection
mechanisms
capable
identifying
and
mitigating
malicious
activities
with
minimal
human
intervention.
Dynamic
Crypto-Entropy
Signature
Analysis
(DCESA)
framework
introduces
an
autonomous
approach
to
ransomware
through
analysis
cryptographic
entropy
patterns
inherent
in
encryption
behaviors.
Through
dynamically
generating
unique
signatures,
DCESA
effectively
distinguishes
between
benign
activities,
thereby
enhancing
accuracy
reducing
false
positives.
Empirical
evaluations
have
demonstrated
DCESA's
proficiency
a
diverse
array
strains,
including
previously
unseen
variants,
impact
on
system
performance.
integration
into
cybersecurity
infrastructures
offers
proactive
efficient
solution
for
attacks,
overall
security
posture
organizations.
Language: Английский
Dynamic Polyvariant Heuristics for Autonomous Ransomware Detection
Graeme Boughton,
No information about this author
Farrah M. Hughes,
No information about this author
Lawrence M. Ward
No information about this author
et al.
Research Square (Research Square),
Journal Year:
2024,
Volume and Issue:
unknown
Published: Nov. 25, 2024
Abstract
The
escalating
frequency
and
sophistication
of
ransomware
attacks
necessitate
innovative
detection
methodologies.
Traditional
signature-based
systems
often
falter
against
novel
polymorphic
strains.
Dynamic
Polyvariant
Heuristics
(DPH)
emerges
as
a
approach,
integrating
dynamic
analysis
with
machine
learning
to
enhance
capabilities.
DPH
systematically
monitors
system
behaviors,
extracting
features
indicative
activity,
such
anomalous
file
modifications
network
communications.
These
inform
classifiers
trained
on
diverse
datasets,
enabling
the
identification
both
known
emerging
variants.
Empirical
evaluations
demonstrate
DPH's
high
accuracy,
low
false
positive
rates,
rapid
response
times,
showing
its
potential
for
real-time
threat
mitigation.
system's
adaptability
evolving
tactics
further
highlights
robustness.
Comparative
analyses
reveal
superiority
over
existing
methods,
particularly
in
handling
zero-day
attacks.
integration
adaptive
components
allows
continuous
model
updates,
maintaining
efficacy
threats.
findings
suggest
that
offers
significant
advancement
methodologies,
contributing
broader
field
cybersecurity.
Language: Английский