Real Time Zero Day Ransomware Attack Detection
Project Impact Results

Real Time Zero Day Ransomware Attack Detection Project Impact Results2020-09-30T14:35:29+10:00

POC Impact and Research Team

Identified Challenge in the Cybersecurity Industry

The Covid-19 environment has seen Australia and majority of nations worldwide fall victim to an unprecedented amount of Cyber-Attacks compromising national security and sovereignty.

Ransomware detection is very challenging as new variants of ransomware emerge from criminal enterprises. Ransomware can make critical infrastructure systems like health, banking, water and telecommunications unavailable to deliver its services to end users compromising our ability to live and operate.

A typical ransomware attack steels money by blocking access to computer access and then demanding ransom in exchange of decryption keys. Existing ransomware detection techniques have low accuracy of 50% and the accuracy drops down further when effort is made to detect new variants of the ransomware. To deal with the dynamic nature of the ransomware, AI based detection techniques can play important role.

Solution

This POC was dedicated to developing a research tool for effective detection of ransomware. This toolset is machine learning based, it automatically detects new ransomware variants and has high accuracy. This tool does not require analysts to update detection rules eliminating manual work which results in less accuracy.

This prototype is designed to detect existing and new ransomware variants with high accuracy and low false detection rate. This solution will detect zero day-attacks with accuracy ~80% due to its unique feature engineering capabilities. This product can differentiate between ransomware and crypto-good ware successfully so that normal encrypted software are not identified as ransomware. Whilst existing tools fail to detect new ransomware variants, this tool’s accuracy is more trustworthy due to its zero day ransomware attack detection capabilities.

Status of POC

This POC is ready for demonstration for zero-day ransomware detection with customization for real-time feature extraction. It has the ability to block the execution of ransomware providing multi-platform support and validation, it has back-end to monitor spread of new ransomware variants and threat intelligence extraction and integration with existing infrastructure.

POC Application

This tool can be used in various settings;

  1. For protection of computers from ransomware
  2. Early detection of new attacks
  3. Tracking spread of new ransomware variants
  4. Blocking ransomware execution
  5. Generation of threat intelligence, hosting on workstations or servers

If you would like further information on this prototype, please contact main project lead Dr Iqbal Gondal.

Project Acknowledgements

This research was funded in part through the Internet Commerce Security Laboratory (ICSL), a joint venture between Westpac, IBM, and Federation University Australia. Paul Black is supported by an Australian Government Research Training Program (RTP) Fee-Offset Scholarship through Federation University Australia. This research was partially supported by funding from the Oceania Cyber Security Centre (OCSC).

Accepted Paper Awaiting Publication

ERA A ranking conference ICONIP 2020: API Based Discrimination of Ransomware and Benign Cryptographic Programs.

Abstract: “Ransomware is a widespread class of malware that encrypts files in a victim’s computer and extorts victims into paying a fee to regain access to their data. Previous research has proposed methods for ransomware detection using machine learning techniques. However, this research has not examined the precision of ransomware detection. While existing techniques show an overall high accuracy in detecting novel ransomware samples, previous research does not investigate the discrimination of novel ransomware from benign cryptographic programs. This is a critical, practical limitation of current research; machine learning based techniques would be limited in their practical benefit if they generated too many false positives (at best) or deleted/quarantined critical data (at worst). We examine the ability of machine learning techniques based on Application Programming Interface (API) profile features to discriminate novel ransomware from benign-cryptographic programs. This research provides a ransomware detection technique that provides improved detection accuracy and precision compared to other API profile-based ransomware detection techniques while using significantly simpler features than previous dynamic ransomware detection research.”

Research Team Contact Details

Iqbal Gondal2020-09-23T16:17:27+10:00
  • Professor Iqbal Gondal

  • Federation University

  • Read more on Iqbal at his LinkedIn profile.

Paul Watters2020-09-29T14:04:02+10:00
  • Professor Paul Watters

  • Professor Watters is Academic Dean at Australasian Academies Polytechnic

  • Read more on Paul at his LinkedIn profile.

Chris Leckie2020-10-14T15:57:54+11:00
  • Professor Chris Leckie

  • University of Melbourne

  • Read more on Chris at his LinkedIn profile.

Joarder Kamruzzaman2020-09-23T16:22:41+10:00
  • Professor Joarder Kamruzzaman

  • Federation University

  • Read more on Joarder at his LinkedIn profile.

Adil Baghirov2020-09-30T14:42:25+10:00
  • Professor Adil Baghirov

  • Federation University

  • Read more on Adil at his professional profile.

Peter Vamplew2020-09-23T16:27:06+10:00
  • Associate Professor Peter Vamplew

  • Federation University

  • Read more on Peter at his LinkedIn profile.

Paul Black2020-09-23T16:29:02+10:00
  • Research Associate Paul Black

  • Federation University

  • Read more on Paul Black at his LinkedIn profile.

Ammar Sohail2020-09-30T14:50:12+10:00
  • Ammar Sohail

  • Federation University, Research Fellow

  • Read more on Ammar at his LinkedIn profile.

Go to Top