Um Estudo Acerca da Seleção de Features para a Detecção dos Ransomwares WannaCry, Ryuk e CryptoLocker
Resumo
Ransomware é um malware que sequestra dados e devido a sua detecção frequentemente tardia apresentam uma ameaça significativa para indivíduos e organizações, causando perdas financeiras substanciais e violações de dados. O objetivo deste trabalho consiste em identificar as features relevantes para detecção de três tipos conhecidos de ransomwares: WannaCry, Ryuk e CryptoLocker. Para tanto, é utilizado o ambiente Cuckoo Sandbox no qual a atividade de tais ransomwares são registradas. Com isso, são criados datasets contendo amostras normais e de ataque para cada tipo de ransomware estudado. Por fim, aplicou-se métodos de ranqueamento de features nesses datasets para a identificação das 20 features mais relevantes para a detecção dos ransomwares estudados, fornecendo uma contribuição valiosa para a melhoria dos mecanismos de detecção de ransomware.
Referências
Abbasi, M. S., Al-Sahaf, H., Mansoori, M., and Welch, I. (2022). Behavior-based ransomware classification: A particle swarm optimization wrapper-based approach for feature selection. Applied Soft Computing, 121:108744.
Abbasi, M. S., Al-Sahaf, H., and Welch, I. (2020). Particle Swarm Optimization: A Wrapper-Based Feature Selection Method for Ransomware Detection and Classification. In Applications of Evolutionary Computation: 23rd European Conference, EvoApplications 2020, pages 181–196. Springer.
Beaman, C., Barkworth, A., Akande, T. D., Hakak, S., and Khan, M. K. (2021). Ransomware: Recent advances, analysis, challenges and future research directions. Computers & Security, 111:102490.
Brewer, R. (2016). Ransomware attacks: detection, prevention and cure. Network security, 2016(9):5–9.
Chen, Q. and Bridges, R. A. (2017). Automated behavioral analysis of malware: A case study of wannacry ransomware. In 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA), pages 454–460.
Chen, Q., Islam, S. R., Haswell, H., and Bridges, R. A. (2019). Automated ransomware behavior analysis: Pattern extraction and early detection. In International Conference on Science of Cyber Security, pages 199–214. Springer.
CIS (2022). Top 10 Malware January 2022. [link]. Acesso em: Junho/2023.
Curran, K. (2020). Cyber security and the remote workforce. Computer Fraud & Security, 2020(6):11–12.
Damodaran, A., Troia, F. D., Visaggio, C. A., Austin, T. H., and Stamp, M. (2017). A comparison of static, dynamic, and hybrid analysis for malware detection. Journal of Computer Virology and Hacking Techniques, 13(1):1–12.
Gera, T., Singh, J., Mehbodniya, A., Webber, J. L., Shabaz, M., and Thakur, D. (2021). Dominant feature selection and machine learning-based hybrid approach to analyze android ransomware. Security and Communication Networks, 2021.
IBM (2022). O que é ransomware? Publicado em: [link]. Acesso em: Junho de 2023.
Ilić, S. Ž., Gnjatović, M. J., Popović, B. M., and Maček, N. D. (2022). A pilot comparative analysis of the cuckoo and drakvuf sandboxes: An end-user perspective. Vojnotehnički glasnik, 70(2):372–392.
Kaspersky (2021). Kaspersky Security Bulletin 2021 Statistics. [link]. Acesso em: Junho/2023.
Kira, K. and Rendell, L. A. (1992). A practical approach to feature selection. In Sleeman, D. H. and Edwards, P., editors, Ninth International Workshop on Machine Learning, pages 249–256. Morgan Kaufmann.
Masid, A. G., Higuera, J. B., Higuera, J.-R. B., and Montalvo, J. A. S. (2022). Application of the sama methodology to ryuk malware. Journal of Computer Virology and Hacking Techniques, pages 1–34.
Megchelenbrink, W. (2010). Relief-based feature selection in bioinformatics: detecting functional specificity residues from multiple sequence alignments. Master’s thesis, Radboud University Nijmegen, the Netherlands.
Micro, T. (2020). 2020 Report on Threats Affecting ICS Endpoints. Disponível em: [link]. Acesso em: Junho/2023.
Micro, T. (2022). Defending the expanding attack surface. Disponível em: [link]. Acesso em: Junho/2023.
Oktavianto, D. and Muhardianto, I. (2013). Cuckoo malware analysis. Packt Publishing.
Quincozes, S. E., Kazienko, J. F., and Copetti, A. (2018). Avaliação de conjuntos de atributos para a detecção de ataques de personificação na internet das coisas. In VIII Simpósio Brasileiro de Engenharia de Sistemas Computacionais, Porto Alegre. SBC.
Quincozes, S. E., Mossé, D., Passos, D., Albuquerque, C., Ochi, L. S., and dos Santos, V. F. (2022). On the Performance of GRASP-Based Feature Selection for CPS Intrusion Detection. IEEE Transactions on Netw. and Service Management, 19(1):614–626.
Razaulla, S., Fachkha, C., Markarian, C., Gawanmeh, A., Mansoor, W., Fung, B. C., and Assi, C. (2023). The age of ransomware: A survey on the evolution, taxonomy, and research directions. IEEE Access.
Uppal, D., Mehra, V., and Verma, V. (2014). Basic survey on malware analysis, tools and techniques. Int. Jrnl on Computational Sciences & Applications (IJCSA), 4(1):103.
Urooj, U., Al-rimy, B. A. S., Zainal, A., Ghaleb, F. A., and Rassam, M. A. (2022). Ransomware detection using the dynamic analysis and machine learning: A survey and research directions. Applied Sciences, 12(1):172.
Abbasi, M. S., Al-Sahaf, H., and Welch, I. (2020). Particle Swarm Optimization: A Wrapper-Based Feature Selection Method for Ransomware Detection and Classification. In Applications of Evolutionary Computation: 23rd European Conference, EvoApplications 2020, pages 181–196. Springer.
Beaman, C., Barkworth, A., Akande, T. D., Hakak, S., and Khan, M. K. (2021). Ransomware: Recent advances, analysis, challenges and future research directions. Computers & Security, 111:102490.
Brewer, R. (2016). Ransomware attacks: detection, prevention and cure. Network security, 2016(9):5–9.
Chen, Q. and Bridges, R. A. (2017). Automated behavioral analysis of malware: A case study of wannacry ransomware. In 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA), pages 454–460.
Chen, Q., Islam, S. R., Haswell, H., and Bridges, R. A. (2019). Automated ransomware behavior analysis: Pattern extraction and early detection. In International Conference on Science of Cyber Security, pages 199–214. Springer.
CIS (2022). Top 10 Malware January 2022. [link]. Acesso em: Junho/2023.
Curran, K. (2020). Cyber security and the remote workforce. Computer Fraud & Security, 2020(6):11–12.
Damodaran, A., Troia, F. D., Visaggio, C. A., Austin, T. H., and Stamp, M. (2017). A comparison of static, dynamic, and hybrid analysis for malware detection. Journal of Computer Virology and Hacking Techniques, 13(1):1–12.
Gera, T., Singh, J., Mehbodniya, A., Webber, J. L., Shabaz, M., and Thakur, D. (2021). Dominant feature selection and machine learning-based hybrid approach to analyze android ransomware. Security and Communication Networks, 2021.
IBM (2022). O que é ransomware? Publicado em: [link]. Acesso em: Junho de 2023.
Ilić, S. Ž., Gnjatović, M. J., Popović, B. M., and Maček, N. D. (2022). A pilot comparative analysis of the cuckoo and drakvuf sandboxes: An end-user perspective. Vojnotehnički glasnik, 70(2):372–392.
Kaspersky (2021). Kaspersky Security Bulletin 2021 Statistics. [link]. Acesso em: Junho/2023.
Kira, K. and Rendell, L. A. (1992). A practical approach to feature selection. In Sleeman, D. H. and Edwards, P., editors, Ninth International Workshop on Machine Learning, pages 249–256. Morgan Kaufmann.
Masid, A. G., Higuera, J. B., Higuera, J.-R. B., and Montalvo, J. A. S. (2022). Application of the sama methodology to ryuk malware. Journal of Computer Virology and Hacking Techniques, pages 1–34.
Megchelenbrink, W. (2010). Relief-based feature selection in bioinformatics: detecting functional specificity residues from multiple sequence alignments. Master’s thesis, Radboud University Nijmegen, the Netherlands.
Micro, T. (2020). 2020 Report on Threats Affecting ICS Endpoints. Disponível em: [link]. Acesso em: Junho/2023.
Micro, T. (2022). Defending the expanding attack surface. Disponível em: [link]. Acesso em: Junho/2023.
Oktavianto, D. and Muhardianto, I. (2013). Cuckoo malware analysis. Packt Publishing.
Quincozes, S. E., Kazienko, J. F., and Copetti, A. (2018). Avaliação de conjuntos de atributos para a detecção de ataques de personificação na internet das coisas. In VIII Simpósio Brasileiro de Engenharia de Sistemas Computacionais, Porto Alegre. SBC.
Quincozes, S. E., Mossé, D., Passos, D., Albuquerque, C., Ochi, L. S., and dos Santos, V. F. (2022). On the Performance of GRASP-Based Feature Selection for CPS Intrusion Detection. IEEE Transactions on Netw. and Service Management, 19(1):614–626.
Razaulla, S., Fachkha, C., Markarian, C., Gawanmeh, A., Mansoor, W., Fung, B. C., and Assi, C. (2023). The age of ransomware: A survey on the evolution, taxonomy, and research directions. IEEE Access.
Uppal, D., Mehra, V., and Verma, V. (2014). Basic survey on malware analysis, tools and techniques. Int. Jrnl on Computational Sciences & Applications (IJCSA), 4(1):103.
Urooj, U., Al-rimy, B. A. S., Zainal, A., Ghaleb, F. A., and Rassam, M. A. (2022). Ransomware detection using the dynamic analysis and machine learning: A survey and research directions. Applied Sciences, 12(1):172.
Publicado
06/08/2023
Como Citar
SOUZA, Gabriel O.; QUINCOZES, Silvio E.; KAZIENKO, Juliano F.; QUINCOZES, Vagner E.; FARIA, Nícolas Naves R..
Um Estudo Acerca da Seleção de Features para a Detecção dos Ransomwares WannaCry, Ryuk e CryptoLocker. In: SEMINÁRIO INTEGRADO DE SOFTWARE E HARDWARE (SEMISH), 50. , 2023, João Pessoa/PB.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 36-47.
ISSN 2595-6205.
DOI: https://doi.org/10.5753/semish.2023.229616.
