A Holistic Approach to Ransomware Classification: Leveraging Static and Dynamic Analysis with Visualization
Ransomware is a type of malicious software that encrypts a victim’s files and demands payment in exchange for the decryption key. It is a rapidly growing and evolving threat that has caused significant damage and disruption to individuals and organizations around the world. In this paper, we propose...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2024-01-01
|
| Series: | Information |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2078-2489/15/1/46 |
| _version_ | 1827371834764427264 |
|---|---|
| author | Bahaa Yamany Mahmoud Said Elsayed Anca D. Jurcut Nashwa Abdelbaki Marianne A. Azer |
| author_facet | Bahaa Yamany Mahmoud Said Elsayed Anca D. Jurcut Nashwa Abdelbaki Marianne A. Azer |
| author_sort | Bahaa Yamany |
| collection | DOAJ |
| description | Ransomware is a type of malicious software that encrypts a victim’s files and demands payment in exchange for the decryption key. It is a rapidly growing and evolving threat that has caused significant damage and disruption to individuals and organizations around the world. In this paper, we propose a comprehensive ransomware classification approach based on the comparison of similarity matrices derived from static, dynamic analysis, and visualization. Our approach involves the use of multiple analysis techniques to extract features from ransomware samples and to generate similarity matrices based on these features. These matrices are then compared using a variety of comparison algorithms to identify similarities and differences between the samples. The resulting similarity scores are then used to classify the samples into different categories, such as families, variants, and versions. We evaluate our approach using a dataset of ransomware samples and demonstrate that it can accurately classify the samples with a high degree of accuracy. One advantage of our approach is the use of visualization, which allows us to classify and cluster large datasets of ransomware in a more intuitive and effective way. In addition, static analysis has the advantage of being fast and accurate, while dynamic analysis allows us to classify and cluster packed ransomware samples. We also compare our approach to other classification approaches based on single analysis techniques and show that our approach outperforms these approaches in terms of classification accuracy. Overall, our study demonstrates the potential of using a comprehensive approach based on the comparison of multiple analysis techniques, including static analysis, dynamic analysis, and visualization, for the accurate and efficient classification of ransomware. It also highlights the importance of considering multiple analysis techniques in the development of effective ransomware classification methods, especially when dealing with large datasets and packed samples. |
| first_indexed | 2024-03-08T10:47:18Z |
| format | Article |
| id | doaj.art-8288baec17fb4ff3b627bb8b8aa100b8 |
| institution | Directory Open Access Journal |
| issn | 2078-2489 |
| language | English |
| last_indexed | 2024-03-08T10:47:18Z |
| publishDate | 2024-01-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Information |
| spelling | doaj.art-8288baec17fb4ff3b627bb8b8aa100b82024-01-26T17:03:47ZengMDPI AGInformation2078-24892024-01-011514610.3390/info15010046A Holistic Approach to Ransomware Classification: Leveraging Static and Dynamic Analysis with VisualizationBahaa Yamany0Mahmoud Said Elsayed1Anca D. Jurcut2Nashwa Abdelbaki3Marianne A. Azer4School of Information Technology and Computer Science, Nile University, Cairo 12566, EgyptSchool of Computer Science, University College Dublin, Belfield, D04 V1W8 Dublin, IrelandSchool of Computer Science, University College Dublin, Belfield, D04 V1W8 Dublin, IrelandSchool of Information Technology and Computer Science, Nile University, Cairo 12566, EgyptSchool of Information Technology and Computer Science, Nile University, Cairo 12566, EgyptRansomware is a type of malicious software that encrypts a victim’s files and demands payment in exchange for the decryption key. It is a rapidly growing and evolving threat that has caused significant damage and disruption to individuals and organizations around the world. In this paper, we propose a comprehensive ransomware classification approach based on the comparison of similarity matrices derived from static, dynamic analysis, and visualization. Our approach involves the use of multiple analysis techniques to extract features from ransomware samples and to generate similarity matrices based on these features. These matrices are then compared using a variety of comparison algorithms to identify similarities and differences between the samples. The resulting similarity scores are then used to classify the samples into different categories, such as families, variants, and versions. We evaluate our approach using a dataset of ransomware samples and demonstrate that it can accurately classify the samples with a high degree of accuracy. One advantage of our approach is the use of visualization, which allows us to classify and cluster large datasets of ransomware in a more intuitive and effective way. In addition, static analysis has the advantage of being fast and accurate, while dynamic analysis allows us to classify and cluster packed ransomware samples. We also compare our approach to other classification approaches based on single analysis techniques and show that our approach outperforms these approaches in terms of classification accuracy. Overall, our study demonstrates the potential of using a comprehensive approach based on the comparison of multiple analysis techniques, including static analysis, dynamic analysis, and visualization, for the accurate and efficient classification of ransomware. It also highlights the importance of considering multiple analysis techniques in the development of effective ransomware classification methods, especially when dealing with large datasets and packed samples.https://www.mdpi.com/2078-2489/15/1/46dynamic analysisencryptionhoneypotJaccard indexmalwaremachine learning |
| spellingShingle | Bahaa Yamany Mahmoud Said Elsayed Anca D. Jurcut Nashwa Abdelbaki Marianne A. Azer A Holistic Approach to Ransomware Classification: Leveraging Static and Dynamic Analysis with Visualization Information dynamic analysis encryption honeypot Jaccard index malware machine learning |
| title | A Holistic Approach to Ransomware Classification: Leveraging Static and Dynamic Analysis with Visualization |
| title_full | A Holistic Approach to Ransomware Classification: Leveraging Static and Dynamic Analysis with Visualization |
| title_fullStr | A Holistic Approach to Ransomware Classification: Leveraging Static and Dynamic Analysis with Visualization |
| title_full_unstemmed | A Holistic Approach to Ransomware Classification: Leveraging Static and Dynamic Analysis with Visualization |
| title_short | A Holistic Approach to Ransomware Classification: Leveraging Static and Dynamic Analysis with Visualization |
| title_sort | holistic approach to ransomware classification leveraging static and dynamic analysis with visualization |
| topic | dynamic analysis encryption honeypot Jaccard index malware machine learning |
| url | https://www.mdpi.com/2078-2489/15/1/46 |
| work_keys_str_mv | AT bahaayamany aholisticapproachtoransomwareclassificationleveragingstaticanddynamicanalysiswithvisualization AT mahmoudsaidelsayed aholisticapproachtoransomwareclassificationleveragingstaticanddynamicanalysiswithvisualization AT ancadjurcut aholisticapproachtoransomwareclassificationleveragingstaticanddynamicanalysiswithvisualization AT nashwaabdelbaki aholisticapproachtoransomwareclassificationleveragingstaticanddynamicanalysiswithvisualization AT marianneaazer aholisticapproachtoransomwareclassificationleveragingstaticanddynamicanalysiswithvisualization AT bahaayamany holisticapproachtoransomwareclassificationleveragingstaticanddynamicanalysiswithvisualization AT mahmoudsaidelsayed holisticapproachtoransomwareclassificationleveragingstaticanddynamicanalysiswithvisualization AT ancadjurcut holisticapproachtoransomwareclassificationleveragingstaticanddynamicanalysiswithvisualization AT nashwaabdelbaki holisticapproachtoransomwareclassificationleveragingstaticanddynamicanalysiswithvisualization AT marianneaazer holisticapproachtoransomwareclassificationleveragingstaticanddynamicanalysiswithvisualization |