IIT Home Page CNR Home Page

Phylogenetic Analysis for Ransomware Detection and Classification into Families

The widespread of ransomware experienced in the last years has been caused also by the ability of attackers to introduce changes and mutations that make the malware hard to identify from antimalware software. In this paper we propose a two-phase method based on machine learning on API-level analysis aimed (i) to effectively detect ransomware despite the applied techniques for obfuscation and introduced variations, (ii) to provide a tool for security analysts to track phylogenetic relationships exploiting the binary tree obtained by the classification analysis. We preliminary experimented the proposed method on real-world ransomware applications belonging to three widespread families (i.e., petya, badrabbit and wannacry), obtaining encouraging results in ransomware detection and family identification. A discussion about the ransomware-related phylogenetic relationships is also provided.
Proceedings of the 15th International Joint Conference on e-Business and Telecommunications, {ICETE} 2018 - Volume 2: SECRYPT, Porto, 2018

Autori IIT:

Tipo: Contributo in atti di convegno
Area di disciplina: Computer Science & Engineering

File: Example.pdf

Attività: Sicurezza nel Cloud Computing