IEEE Access (Jan 2020)

Avoiding Future Digital Extortion Through Robust Protection Against Ransomware Threats Using Deep Learning Based Adaptive Approaches

  • Shaila Sharmeen,
  • Yahye Abukar Ahmed,
  • Shamsul Huda,
  • Bari S Kocer,
  • Mohammad Mehedi Hassan

DOI
https://doi.org/10.1109/ACCESS.2020.2970466
Journal volume & issue
Vol. 8
pp. 24522 – 24534

Abstract

Read online

Digital extortion has become a major cyber risk for many organizations; small-medium enterprises (SME) to large enterprises business and individual entrepreneurs. Ransomware is a kind of malware that is the main threat to digital extortion and has caused many organizations to lose huge revenue by paying much bigger ransom demands to the cybercriminals in recent years. The explosive growth of ransomware is due to the existing large infection vector such as social engineering, email attachment, zip file download, browsing malicious site, infected search engine which are boosted dramatically by easily available cryptographic tools, Ransomware As a Service (RaaS), increased cloud storage and off-the-self ransomware toolkits. The large infection vector and available toolkits not only grew ransomware extremely, but also made them more obfuscated, encrypted and varying patterns in the new variants. This, in turn, caused the conventional supervised analysis and detection engine to fail to detect the new variants of ransomware. This paper addresses the limitations of conventional supervised detection engine and proposes semi-supervised framework to compute the inherent latent sources of the varying patterns in the new variants in an unsupervised way using deep learning approaches. The proposed framework extracts the inherent characteristics in the varying patterns from the unlabelled ransomware obtained from the wild which is scalable to accommodate upcoming malicious executables. Then the unsupervised learned model is combined with supervised classification, thus constructing an adaptive detection model. The proposed framework has been verified using real ransomware data with a dynamic analysis testbed. Our extensive experimental results and discussion demonstrate that the proposed adaptive framework can successfully identify different variants of ransomware and achieve higher performance than existing supervised approaches.

Keywords