The Covid-19 environment has seen Australia and majority of nations worldwide fall victim to an unprecedented amount of Cyber-Attacks compromising national security and sovereignty.
Ransomware detection is very challenging as new variants of ransomware emerge from criminal enterprises. Ransomware can make critical infrastructure systems like health, banking, water and telecommunications unavailable to deliver its services to end users compromising our ability to live and operate.
A typical ransomware attack steels money by blocking access to computer access and then demanding ransom in exchange of decryption keys. Existing ransomware detection techniques have low accuracy of 50% and the accuracy drops down further when effort is made to detect new variants of the ransomware. To deal with the dynamic nature of the ransomware, AI based detection techniques can play important role.
This POC was dedicated to developing a research tool for effective detection of ransomware. This toolset is machine learning based, it automatically detects new ransomware variants and has high accuracy. This tool does not require analysts to update detection rules eliminating manual work which results in less accuracy.
This prototype is designed to detect existing and new ransomware variants with high accuracy and low false detection rate. This solution will detect zero day-attacks with accuracy ~80% due to its unique feature engineering capabilities. This product can differentiate between ransomware and crypto-good ware successfully so that normal encrypted software are not identified as ransomware. Whilst existing tools fail to detect new ransomware variants, this tool’s accuracy is more trustworthy due to its zero day ransomware attack detection capabilities.
This POC is ready for demonstration for zero-day ransomware detection with customization for real-time feature extraction. It has the ability to block the execution of ransomware providing multi-platform support and validation, it has back-end to monitor spread of new ransomware variants and threat intelligence extraction and integration with existing infrastructure.
This tool can be used in various settings;
- For protection of computers from ransomware
- Early detection of new attacks
- Tracking spread of new ransomware variants
- Blocking ransomware execution
- Generation of threat intelligence, hosting on workstations or servers
If you would like further information on this prototype, please contact main project lead Dr Iqbal Gondal.
This research was funded in part through the Internet Commerce Security Laboratory (ICSL), a joint venture between Westpac, IBM, and Federation University Australia. Paul Black is supported by an Australian Government Research Training Program (RTP) Fee-Offset Scholarship through Federation University Australia. This research was partially supported by funding from the Oceania Cyber Security Centre (OCSC).
ERA A ranking conference ICONIP 2020: API Based Discrimination of Ransomware and Benign Cryptographic Programs.
Abstract: “Ransomware is a widespread class of malware that encrypts files in a victim’s computer and extorts victims into paying a fee to regain access to their data. Previous research has proposed methods for ransomware detection using machine learning techniques. However, this research has not examined the precision of ransomware detection. While existing techniques show an overall high accuracy in detecting novel ransomware samples, previous research does not investigate the discrimination of novel ransomware from benign cryptographic programs. This is a critical, practical limitation of current research; machine learning based techniques would be limited in their practical benefit if they generated too many false positives (at best) or deleted/quarantined critical data (at worst). We examine the ability of machine learning techniques based on Application Programming Interface (API) profile features to discriminate novel ransomware from benign-cryptographic programs. This research provides a ransomware detection technique that provides improved detection accuracy and precision compared to other API profile-based ransomware detection techniques while using significantly simpler features than previous dynamic ransomware detection research.”