Key points are not available for this paper at this time.
Recent statistics show that in 2015 more than 140 millions new malware have been found. Among these, a large portion is due to ransomware, the of malware whose specific goal is to render the victim's system unusable, particular by encrypting important files, and then ask the user to pay a to revert the damage. Several ransomware include sophisticated packing, and are hence difficult to statically analyse. We present EldeRan, machine learning approach for dynamically analysing and classifying. EldeRan monitors a set of actions performed by applications in first phases of installation checking for characteristics signs of. Our tests over a dataset of 582 ransomware belonging to 11, and with 942 goodware applications, show that EldeRan achieves an under the ROC curve of 0. 995. Furthermore, EldeRan works without requiring an entire ransomware family is available beforehand. These results suggest dynamic analysis can support ransomware detection, since ransomware exhibit a set of characteristic features at run-time that are common families, and that helps the early detection of new variants. We also some limitations of dynamic analysis for ransomware and propose solutions.
Sgandurra et al. (Sat,) studied this question.