{"title":"Static Detection of Ransomware Using LSTM Network and PE Header","authors":"F. Manavi, A. Hamzeh","doi":"10.1109/CSICC52343.2021.9420580","DOIUrl":null,"url":null,"abstract":"Ransomware is a type of malware from cryptovirology that perpetually blocks access to a victim’s data unless a ransom is paid. Today, this type of malware has grown dramatically and has targeted the computer systems of some important organizations such as hospitals, banks, and Water Organization. Therefore, early detection of this type of malware is very important. This paper describes a solution to ransomware detection based on executable file headers. Header of the executable file expresses important information about the structure of the program. In other words, the header’s information is a sequence of bytes, and changing it changes the structure of the program file. In the proposed method, using LSTM network, the sequence of bytes that constructs the header is processed and the ransomware samples are separated from the benign samples. The proposed method can detect a ransomware sample with 93.25 accuracy without running the program and using a raw header, so it is suitable for quick detection of suspicious samples.","PeriodicalId":374593,"journal":{"name":"2021 26th International Computer Conference, Computer Society of Iran (CSICC)","volume":"77 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 26th International Computer Conference, Computer Society of Iran (CSICC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSICC52343.2021.9420580","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4
Abstract
Ransomware is a type of malware from cryptovirology that perpetually blocks access to a victim’s data unless a ransom is paid. Today, this type of malware has grown dramatically and has targeted the computer systems of some important organizations such as hospitals, banks, and Water Organization. Therefore, early detection of this type of malware is very important. This paper describes a solution to ransomware detection based on executable file headers. Header of the executable file expresses important information about the structure of the program. In other words, the header’s information is a sequence of bytes, and changing it changes the structure of the program file. In the proposed method, using LSTM network, the sequence of bytes that constructs the header is processed and the ransomware samples are separated from the benign samples. The proposed method can detect a ransomware sample with 93.25 accuracy without running the program and using a raw header, so it is suitable for quick detection of suspicious samples.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
