Adaptive Approach for Detection of Ransomware Attack using Learning Techniques

Abstract

newline Every electronic device is extremely prone to different threats, such as malware of various kinds. Ransomware is one type of malware that is primarily used to generate significant financial gains. Ransomware attacks have become a serious cybersecurity threat, causing damage to people, businesses, and governments all over the world in terms of money and productivity. These attacks pose a severe threat to the integrity and availability of digital assets, making the development of effective detection mechanisms crucial for mitigating the impact of such incidents. To get back access to the system and data, the attacker demands a ransom payment. During last few years, there are well-known and publicized ransomware attacks like WanaCry, NotPetya, REvil RaaS, etc. have been reported. To avoid these attacks, there is a significant need to detect the ransomware attacks in the early stages of the attack. newlineThere are two main types of ransomware analysis and detection techniques. They are static and dynamic. The static detection technique is based on the signature of the malicious code. Static technique requires a repository of code patterns for detection. The limitations of the static detection technique are that it cannot detect new variants of ransomware. The solutions that are available are primarily for static detection. The dynamic analysis and detection techniques do the analysis and detection by executing the code. The malware sample file is executed in a controlled environment, in the sandbox, and its activity is recorded continuously during dynamic analysis. The advantage of the dynamic detection technique is that it does not require a repository of the code pattern and, hence, can detect new variants. There is a significant need for research work on dynamic detection techniques for early detection of ransomware attacks.