Ransomware is one of the worst forms of Cyberattack. Often it escapes the detection of traditional signature-based antivirus (AV) solutions or so-called legacy AV solutions through the use of obfuscation, polymorphism and exploit kits that exploit zero-day vulnerabilities. In response, we propose ANOMALIX, the static analysis-based ransomware detection framework. The framework uses both Portable Executable (PE) metadata as well as machine learning techniques to determine whether the intent is malicious or not before the execution takes place. Structural attributes - like import tables, sections, resources and memory configuration - were transmuted into discriminative features. A set of classifiers including Random Forest (RF), Decision Tree, Logistic Regression and XGBoost classifiers were trained on the resulting feature set extracted from a Kaggle PE malware dataset and the Random Forest classifier was found to be the best of the classifiers evaluated. The system is implemented as a web based service with functionality provided include confidence scoring, interpretability of AI, Automated reporting and email notification. Empirical evaluations have shown that static analysis of PE metadata is a safe, efficient and scalable solution to provide early detection of ransomware threats.
S et al. (Thu,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: