Key points are not available for this paper at this time.
Abstract Ransomware continues to pose a persistent threat to computer systems, leading to substantial data breaches and financial losses. Detecting advanced ransomware attacks that employ anti-analysis techniques presents a significant challenge for existing technologies, leaving systems vulnerable. In response to this critical cybersecurity gap, this research endeavors to enhance ransomware detection by effectively countering anti-analysis measures. Acknowledging the limitations of current methods, particularly in the context of dynamic and polymorphic malware, this study directs its focus towards the crucial pre-encryption phase of ransomware attacks. Herein lies the novel contribution of our approach: leveraging enhanced temporal data correlation to identify ransomware before encryption by meticulously analyzing timestamps and detecting advanced analysis evasion techniques such as API hooking and dynamic code variations. Using a range of conventional machine learning classifiers including K Nearest Neighbor, Random Forest, Logistic Regression, SVM, and Decision Tree, we evaluate the efficacy of enriched features for early detection. Our results demonstrate superior performance, notably achieving a remarkable accuracy of 0.98 with the SVM classifier. Evaluation metrics such as recall, precision, and F1 score corroborate the effectiveness of our methodology in detecting anti-analysis ransomware. This research underscores the paramount importance of dynamic analysis in enhancing accuracy and resilience, particularly in the face of evolving ransomware strains. It highlights the necessity for ongoing research to refine feature extraction techniques and explore advanced machine-learning strategies. By addressing a critical component of cybersecurity challenges, our methodology represents a significant step towards the early detection of anti-analysis ransomware in today’s dynamic threat landscape.
Aftab et al. (Thu,) studied this question.