research-article

Image-based Ransomware Classification with Classifier Combination

Authors:

Dongliang XuanAuthors Info & Claims

AISS '21: Proceedings of the 3rd International Conference on Advanced Information Science and System

Article No.: 32, Pages 1 - 6

https://doi.org/10.1145/3503047.3503083

Published: 19 January 2022 Publication History

Abstract

Ransomware is becoming more and more rampant around the world nowadays. Traditional ransomware classification methods have difficulties when ransomware applies techniques to evade analysis. In this article, we proposed a method based on image visualization and classifier combination. Ransomware samples were converted to grayscale images, and images were extracted features by using three different techniques, including not only traditional two texture analysis methods: GIST descriptor and LBP algorithm, but also deep transfer learning method ResNet residual neural network. Different features can full-characterize the image in different aspects. Machine Learning was used for classifying the ransomware samples. We apply three classifiers(RF, MLP, and XGBoost) to the extracted features and get classification results. Furthermore, we combine the different classification results by using soft voting, finally, results show the model achieves high scores(F1-score=0.979, 0.991, and 0.967) and performance stabler.

References

[1]

Amiruddin Amiruddin, Candra Kurniawan, Eka Hero Ramadhani, and Julio Rinaldi. 2020. Learning the Basic Strcuture of Several Ransomwares Using Static Analysis Tecgnique. 1007 (2020), 012072. https://iopscience.iop.org/article/10.1088/1757-899X/1007/1/012072

[2]

Breiman. 2001. Random forests. MACH LEARN 2001,45(1), - (2001), 5–32.

[3]

Qian Chen and Robert A. Bridges. 2017. Automated Behavioral Analysis of Malware: A Case Study of WannaCry Ransomware. In 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA) (Cancun, Mexico). IEEE, 454–460. http://ieeexplore.ieee.org/document/8260673/

[4]

T. Chen, H. Tong, and M. Benesty. 2016. xgboost: Extreme Gradient Boosting. (2016).

[5]

Aniello Cimitile, Francesco Mercaldo, Vittoria Nardone, Antonella Santone, and Corrado Aaron Visaggio. 2018. Talos: no more ransomware victims with formal methods. 17, 6 (2018). https://doi.org/10.1007/s10207-017-0398-5

Digital Library

[6]

Ahmed A Elngar, Mohamed Arafa, Amar Fathy, Basma Moustafa, Omar Mahmoud, Mohamed Shaban, and Nehal Fawzy. 2021. Image Classification Based On CNN: A Survey. 6, 1 (2021), 34.

[7]

SHEN Guowei GUO Chun, CHEN Changqing. 2020. A Ransomware Classification Method Based on Visualization. 20, 4 (2020), 31–39. https://doi.org/10.1007/s40031-020-00499-w

[8]

Nikolai Hampton, Zubair Baig, and Sherali Zeadally. 2018. Ransomware behavioural analysis on windows platforms. 40 (2018), 44–51. https://linkinghub.elsevier.com/retrieve/pii/S2214212617306506

[9]

X. Hao, G. Zhang, and S. Ma. 2016. Deep Learning. International Journal of Semantic Computing 10, 03 (2016), 417–439.

[10]

Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2015. Deep Residual Learning for Image Recognition. (2015). arxiv:1512.03385http://arxiv.org/abs/1512.03385

[11]

Shou-Ching Hsiao and Da-Yu Kao. 2018. The static analysis of WannaCry ransomware. In 2018 20th International Conference on Advanced Communication Technology (ICACT) (Chuncheon-si Gangwon-do, Korea (South)). IEEE, 153–158. https://ieeexplore.ieee.org/document/8323680/

[12]

Ian, D., Longstaff, John, F., and Cross. 1987. A pattern recognition approach to understanding the multi-layer perception. Pattern Recognition Letters 5, 5 (1987), 315–319.

Digital Library

[13]

Sainadh Jamalpur, Yamini Sai Navya, Perla Raja, Gampala Tagore, and G. Rama Koteswara Rao. 2018. Dynamic Malware Analysis Using Cuckoo Sandbox. In 2018 Second International Conference on Inventive Communication and Computational Technologies (ICICCT) (Coimbatore). IEEE, 1056–1060. https://ieeexplore.ieee.org/document/8473346/

[14]

Brijesh Jethva, Issa Traoré, Asem Ghaleb, Karim Ganame, and Sherif Ahmed. 2020. Multilayer ransomware detection using grouped registry key operations, file entropy and file signature monitoring. 28, 3 (2020), 337–373. https://www.medra.org/servlet/aliasResolver?alias=iospress&doi=10.3233/JCS-191346

[15]

Nan Jia, Shaojing Fu, and Ming Xu. 2020. Privacy-Preserving Nonlinear SVM Classifier Training Based on Blockchain. In Security and Privacy in Social Networks and Big Data, Yang Xiang, Zheli Liu, and Jin Li (Eds.). Springer Singapore, Singapore, 278–288.

[16]

Yang Jian, Zhang David, Alejandro F Frangi, and Yang Jing-Yu. 2004. Two-dimensional PCA: a new approach to appearance-based face representation and recognition. IEEE transactions on pattern analysis and machine intelligence 2004-26-1, 1(2004), 131–7.

[17]

Ron Kohavi. 1995. A study of cross-validation and bootstrap for accuracy estimation and model selection. In International joint conference on Artificial intelligence.

[18]

Malware Bazaar 2021. MalwareBazaar | Malware sample exchange. https://bazaar.abuse.ch/.

[19]

May Medhat, Samir Gaber, and Nashwa Abdelbaki. 2018. A New Static-Based Framework for Ransomware Detection. In 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech) (Athens). IEEE, 710–715.

[20]

Mohamed Mohandes, Mohamed Deriche, and Salihu O. Aliyu. 2018. Classifiers Combination Techniques: A Comprehensive Review. 6 (2018), 19626–19639. http://ieeexplore.ieee.org/document/8335271/

[21]

L. Nataraj, S. Karthikeyan, G. Jacob, and B. S. Manjunath. 2011. Malware images: visualization and automatic classification. In Proceedings of the 8th International Symposium on Visualization for Cyber Security - VizSec ’11(Pittsburgh, Pennsylvania). ACM Press, 1–7. http://dl.acm.org/citation.cfm?doid=2016904.2016908

Digital Library

[22]

Timo Ojala, M. Pietikainen, and T. Maenpaa. 2002. Multiresolution Gray-Scale and Rotation Invariant Texture Classification with Local Binary Patterns. IEEE Transactions on Pattern Analysis and Machine Intelligence 24, 7(2002), 971–987.

Digital Library

[23]

A. Oliva. 2005. Gist of the Scene. Neurobiology of Attention(2005), 251–256.

[24]

Harun Oz, Ahmet Aris, Albert Levi, and A. Selcuk Uluagac. 2021. A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions. (2021). arxiv:2102.06249http://arxiv.org/abs/2102.06249

[25]

Olga Russakovsky, Jia Deng, Hao Su, Jonathan Krause, Sanjeev Satheesh, Sean Ma, Zhiheng Huang, Andrej Karpathy, Aditya Khosla, Michael Bernstein, Alexander C. Berg, and Li Fei-Fei. 2015. ImageNet Large Scale Visual Recognition Challenge. 115, 3 (2015), 211–252. http://link.springer.com/10.1007/s11263-015-0816-y

[26]

Shubham Sharma and Satwinder Singh. 2021. Texture-Based Automated Classification of Ransomware. 102, 1 (2021), 131–142. https://doi.org/10.1007/s40031-020-00499-w

[27]

Sophos. 2021. The State of Ransomware 2021. Technical Report. Sophos.

[28]

Chuanqi Tan, Fuchun Sun, Tao Kong, Wenchang Zhang, Chao Yang, and Chunfang Liu. 2018. A Survey on Deep Transfer Learning. (2018). arxiv:1808.01974http://arxiv.org/abs/1808.01974

[29]

R. Vinayakumar, K.P. Soman, K.K. Senthil Velan, and Shaunak Ganorkar. 2017. Evaluating shallow and deep networks for ransomware detection and classification. In 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI) (Udupi). IEEE, 259–265. https://ieeexplore.ieee.org/document/8125850/

[30]

Virus Total 2021. virustotal - Home. https://www.virustotal.com/gui/home/upload.

[31]

H. Wang and B. Ding. 2016. Growing construction and adaptive evolution of complex software systems. Science China 44, 05 (2016), 1–3.

[32]

Bin Zhang, Wentao Xiao, Xi Xiao, Arun Kumar Sangaiah, Weizhe Zhang, and Jiajia Zhang. 2020. Ransomware classification using patch-based CNN and self-attention network on embedded N-grams of opcodes. 110 (2020). https://linkinghub.elsevier.com/retrieve/pii/S0167739X19315912

[33]

Hanqi Zhang, Xi Xiao, Francesco Mercaldo, Shiguang Ni, Fabio Martinelli, and Arun Kumar Sangaiah. 2019. Classification of ransomware families with machine learning based on N -gram of opcodes. 90 (2019), 211–221. https://linkinghub.elsevier.com/retrieve/pii/S0167739X18307325

Cited By

Hadi HCao YAhmad NAlshara M(2024)Ransomware Defense Empowered: Deep Learning for Real-Time Family Identification with a Proprietary Dataset2024 8th International Conference on Cryptography, Security and Privacy (CSP)10.1109/CSP62567.2024.00020(77-83)Online publication date: 20-Apr-2024
https://doi.org/10.1109/CSP62567.2024.00020
马飞(2023)Research and Implementation of Abnormal Product Identification Model Based on StabilityHans Journal of Data Mining10.12677/HJDM.2023.13302513:03(244-253)Online publication date: 2023
https://doi.org/10.12677/HJDM.2023.133025
Vehabovic AZanddizari HGhani NShaikh FBou-Harb EPour MCrichigno J(2023)Data-Centric Machine Learning Approach for Early Ransomware Detection and AttributionNOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium10.1109/NOMS56928.2023.10154378(1-6)Online publication date: 8-May-2023
https://doi.org/10.1109/NOMS56928.2023.10154378

Index Terms

Image-based Ransomware Classification with Classifier Combination
1. Computing methodologies
  1. Artificial intelligence
    1. Computer vision
  2. Machine learning
    1. Learning paradigms
      1. Supervised learning
    2. Machine learning approaches
      1. Classification and regression trees

Index terms have been assigned to the content through auto-classification.

Recommendations

Building Locally Discriminative Classifier Ensemble Through Classifier Fusion Among Nearest Neighbors
PCM 2016: 17th Pacific-Rim Conference on Advances in Multimedia Information Processing - Volume 9916

Many studies on ensemble learning that combines multiple classifiers have shown that, it is an effective technique to improve accuracy and stability of a single classifier. In this paper, we propose a novel discriminative classifier fusion method, which ...
Evaluating classifier combination in object classification

Classifier combination is used in object classification to combine the strength of multiple complementary classifiers and yield better performance than any single classifier. While various optimization-based combination methods have been presented in ...
Multiclass wound image classification using an ensemble deep CNN-based classifier
Abstract
Acute and chronic wounds are a challenge to healthcare systems around the world and affect many people's lives annually. Wound classification is a key step in wound diagnosis that would help clinicians to identify an optimal treatment ...
Highlights
- Deep Learning-based methods can be used for wound analysis.
- DCNN-based ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

AISS '21: Proceedings of the 3rd International Conference on Advanced Information Science and System

November 2021

526 pages

ISBN:9781450385862

DOI:10.1145/3503047

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 January 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

AISS 2021

AISS 2021: 2021 3rd International Conference on Advanced Information Science and System

November 26 - 28, 2021

Sanya, China

Acceptance Rates

Overall Acceptance Rate 41 of 95 submissions, 43%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
124
Total Downloads

Downloads (Last 12 months)37
Downloads (Last 6 weeks)2

Reflects downloads up to 19 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hadi HCao YAhmad NAlshara M(2024)Ransomware Defense Empowered: Deep Learning for Real-Time Family Identification with a Proprietary Dataset2024 8th International Conference on Cryptography, Security and Privacy (CSP)10.1109/CSP62567.2024.00020(77-83)Online publication date: 20-Apr-2024
https://doi.org/10.1109/CSP62567.2024.00020
马飞(2023)Research and Implementation of Abnormal Product Identification Model Based on StabilityHans Journal of Data Mining10.12677/HJDM.2023.13302513:03(244-253)Online publication date: 2023
https://doi.org/10.12677/HJDM.2023.133025
Vehabovic AZanddizari HGhani NShaikh FBou-Harb EPour MCrichigno J(2023)Data-Centric Machine Learning Approach for Early Ransomware Detection and AttributionNOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium10.1109/NOMS56928.2023.10154378(1-6)Online publication date: 8-May-2023
https://doi.org/10.1109/NOMS56928.2023.10154378

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents