Ransomware Detection using

machine learning
Wisal Ejaz
&
Nauman Nasir
(BS-CS 7th C)
Department of Computer Science
(Date: 31/07/2020)

Supervisor: Mr. Nasir Ayub

Federal Urdu University of Arts science & Technology
Outline
 Outline
 Introduction
 Related work
Introduction
 Introduction(01)

Ransomware:

 Ransomware is a type of malware that attempts to extort money from a computer

user by infecting and taking control of the victim's machine, or the files or documents
stored on it.

 Typically, the ransomware will either 'lock' the computer to prevent normal usage, or
encrypt the documents and files on it to prevent access to saved data.
 Introduction(02)

 The ransomware attacks has grown exponentially over the past 4 years.

 According to Trend Micro research 2016 saw a record 400% rise in new ransomware
families (roughly 150 new families).

 57% of medium-size organizations.

 53% of large organizations.

 Willingness to pay is surprisingly high.

 IBM found that 20% of executives pay over $40,000.

 25% would shell out $20,000-$40,000.

 11% would pay $10,000-$20,000.

 Introduction(03)

Types of Ransomware:

 Locky Ransomware:
i. Ransomware locks the system from being logged in by its victim.
ii. It is resolved quite easily.

 Crypto Ransomware:
i. Ransomware encrypts specific file types that are considered valuable
to the victim.
ii. such as documents, spreadsheets, pictures and databases.
Related Work
 Related Work(01)

Ransomware Detection Technique

 Many different machine learning mechanisms.

 Used today for both detecting and protecting

your data from a ransomware infection.
 Related Work(02)

Signature Detection:
 signature-based detection was the de facto standard at detecting malware threats
 The problem with signatures is they work relatively well for known malware.
 But they do not cover threats they do not know about.
 Related Work(02)

Abnormal Traffic Detection:

 Abnormal traffic detection is considered a step up from signature-based detection.

 Anomalous traffic is detected based on many different metrics including network intrusion detection.

 Main downside of using the abnormal traffic detection mechanism is the high false-positive rate.

 A good chance that legitimate network traffic may get classified incorrectly as
ransomware or other malicious traffic.
 Related Work(01)

File behavior detection:

 When Machine Learning is implemented in the realm of file behavior detection, this
can create an extremely powerful solution for detecting ransomware.

 One of the powerful tools that machine learning brings to the fight against ransomware
is the ability to predict. Machine Learning is much like human learning in a sense.

 Machine Learning Legitimate normal code execution and applications present a certain type of
behavior. Over time, ML “learns” how legitimate, normal programs act by taking in massive amounts
of data points.
 Behavioral Analytics Systems
The Best Method for Detecting Ransomware

 Machine Learning is used to build behavioral analytics systems that are trained
to detect anomalous file behavior. These systems provide a great way to recognize
and stop ransomware infections from progressing through the file system.

 Solutions that make use of ML are able to recognize anomalies in file behavior that

may include changes being made by ransomware.