Home > Research > Publications & Outputs > On the Classification of Microsoft-Windows Rans...

Links

Text available via DOI:

View graph of relations

On the Classification of Microsoft-Windows Ransomware using Hardware Profile

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Published

Standard

On the Classification of Microsoft-Windows Ransomware using Hardware Profile. / Aurangzeb, Sana; Bin Rais, Rao Naveed; Aleem, Muhammad et al.

In: PeerJ Computer Science, Vol. 7, e361, 02.02.2021.

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Harvard

Aurangzeb, S, Bin Rais, RN, Aleem, M, Islam, MA & Iqbal, MA 2021, 'On the Classification of Microsoft-Windows Ransomware using Hardware Profile', PeerJ Computer Science, vol. 7, e361. https://doi.org/10.7717/peerj-cs.361

APA

Aurangzeb, S., Bin Rais, R. N., Aleem, M., Islam, M. A., & Iqbal, M. A. (2021). On the Classification of Microsoft-Windows Ransomware using Hardware Profile. PeerJ Computer Science, 7, [e361]. https://doi.org/10.7717/peerj-cs.361

Vancouver

Aurangzeb S, Bin Rais RN, Aleem M, Islam MA, Iqbal MA. On the Classification of Microsoft-Windows Ransomware using Hardware Profile. PeerJ Computer Science. 2021 Feb 2;7:e361. doi: 10.7717/peerj-cs.361

Author

Aurangzeb, Sana ; Bin Rais, Rao Naveed ; Aleem, Muhammad et al. / On the Classification of Microsoft-Windows Ransomware using Hardware Profile. In: PeerJ Computer Science. 2021 ; Vol. 7.

Bibtex

@article{6e80829b835343f7abde23a28bde8625,
title = "On the Classification of Microsoft-Windows Ransomware using Hardware Profile",
abstract = "Due to the expeditious inclination of online services usage, the incidents of ransomware proliferation being reported are on the rise. Ransomware is a more hazardous threat than other malware as the victim of ransomware cannot regain access to the hijacked device until some form of compensation is paid. In the literature, several dynamic analysis techniques have been employed for the detection of malware including ransomware; however, to the best of our knowledge, hardware execution profile for ransomware analysis has not been investigated for this purpose, as of today. In this study, we show that the true execution picture obtained via a hardware execution profile is beneficial to identify the obfuscated ransomware too. We evaluate the features obtained from hardware performance counters to classify malicious applications into ransomware and non-ransomware categories using several machine learning algorithms such as Random Forest, Decision Tree, Gradient Boosting, and Extreme Gradient Boosting. The employed data set comprises 80 ransomware and 80 non-ransomware applications, which are collected using the VirusShare platform. The results revealed that extracted hardware features play a substantial part in the identification and detection of ransomware with F-measure score of 0.97 achieved by Random Forest and Extreme Gradient Boosting.",
author = "Sana Aurangzeb and {Bin Rais}, {Rao Naveed} and Muhammad Aleem and Islam, {Muhammad Arshad} and Iqbal, {Muhammad Azhar}",
year = "2021",
month = feb,
day = "2",
doi = "10.7717/peerj-cs.361",
language = "English",
volume = "7",
journal = "PeerJ Computer Science",
issn = "2376-5992",
publisher = "PeerJ Inc.",

}

RIS

TY - JOUR

T1 - On the Classification of Microsoft-Windows Ransomware using Hardware Profile

AU - Aurangzeb, Sana

AU - Bin Rais, Rao Naveed

AU - Aleem, Muhammad

AU - Islam, Muhammad Arshad

AU - Iqbal, Muhammad Azhar

PY - 2021/2/2

Y1 - 2021/2/2

N2 - Due to the expeditious inclination of online services usage, the incidents of ransomware proliferation being reported are on the rise. Ransomware is a more hazardous threat than other malware as the victim of ransomware cannot regain access to the hijacked device until some form of compensation is paid. In the literature, several dynamic analysis techniques have been employed for the detection of malware including ransomware; however, to the best of our knowledge, hardware execution profile for ransomware analysis has not been investigated for this purpose, as of today. In this study, we show that the true execution picture obtained via a hardware execution profile is beneficial to identify the obfuscated ransomware too. We evaluate the features obtained from hardware performance counters to classify malicious applications into ransomware and non-ransomware categories using several machine learning algorithms such as Random Forest, Decision Tree, Gradient Boosting, and Extreme Gradient Boosting. The employed data set comprises 80 ransomware and 80 non-ransomware applications, which are collected using the VirusShare platform. The results revealed that extracted hardware features play a substantial part in the identification and detection of ransomware with F-measure score of 0.97 achieved by Random Forest and Extreme Gradient Boosting.

AB - Due to the expeditious inclination of online services usage, the incidents of ransomware proliferation being reported are on the rise. Ransomware is a more hazardous threat than other malware as the victim of ransomware cannot regain access to the hijacked device until some form of compensation is paid. In the literature, several dynamic analysis techniques have been employed for the detection of malware including ransomware; however, to the best of our knowledge, hardware execution profile for ransomware analysis has not been investigated for this purpose, as of today. In this study, we show that the true execution picture obtained via a hardware execution profile is beneficial to identify the obfuscated ransomware too. We evaluate the features obtained from hardware performance counters to classify malicious applications into ransomware and non-ransomware categories using several machine learning algorithms such as Random Forest, Decision Tree, Gradient Boosting, and Extreme Gradient Boosting. The employed data set comprises 80 ransomware and 80 non-ransomware applications, which are collected using the VirusShare platform. The results revealed that extracted hardware features play a substantial part in the identification and detection of ransomware with F-measure score of 0.97 achieved by Random Forest and Extreme Gradient Boosting.

U2 - 10.7717/peerj-cs.361

DO - 10.7717/peerj-cs.361

M3 - Journal article

VL - 7

JO - PeerJ Computer Science

JF - PeerJ Computer Science

SN - 2376-5992

M1 - e361

ER -