RAPPER: Ransomware Prevention via Performance Counters
Manaar Alam, Sayan Sinha, Sarani Bhattacharya, Swastika Dutta, Debdeep, Mukhopadhyay, Anupam Chattopadhyay
TL;DR
RAPPER is a two-step unsupervised ransomware detection framework that uses neural networks and Fourier analysis to accurately identify ransomware activities with minimal traces, including disk encryption processes.
Contribution
It introduces a novel two-step detection method combining neural networks and Fourier analysis for reliable ransomware detection with minimal data.
Findings
High detection accuracy demonstrated
Effective identification of disk encryption processes
Robust against various ransomware scenarios
Abstract
Ransomware can produce direct and controllable economic loss, which makes it one of the most prominent threats in cyber security. As per the latest statistics, more than half of malwares reported in Q1 of 2017 are ransomwares and there is a potent threat of a novice cybercriminals accessing ransomware-as-a-service. The concept of public-key based data kidnapping and subsequent extortion was introduced in 1996. Since then, variants of ransomware emerged with different cryptosystems and larger key sizes, the underlying techniques remained same. Though there are works in literature which proposes a generic framework to detect the crypto ransomwares, we present a two step unsupervised detection tool which when suspects a process activity to be malicious, issues an alarm for further analysis to be carried in the second step and detects it with minimal traces. The two step detection…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Network Security and Intrusion Detection · Security and Verification in Computing