Authors: Sonal Yadav, Neelam Sharma, LalitKumar P. Bhaiya, Virendra Kumar Swarnkar
Certificate: View Certificate
Ransom ware is a kind of malignant malware programming that takes steps to distribute or hinders admittance to information or a PC framework, for the most part by scrambling it, until the casualty pays a payoff expense to the assailant. As a rule, the payoff request accompanies a cutoff time. Presently days and assailants executed new strategies for effective working of assault. The World Wide Web has become an important part of our everyday life for information communication and knowledge dissemination. Malicious URLs host unsolicited content (spam, phishing, drive-by exploits, etc.) and lure unsuspecting users to become victims of scams (monetary loss, theft of private information, and malware installation), and cause losses of billions of dollars every year. To detect such crimes systems should be fast and precise with the ability to detect new malicious content. The current work focuses on developing a model using convolutional neural networks for efficiently preventing ransom wares.
Ransom ware assaults are assault that scrambles or locks your documents or frameworks with the assistance of one of the cryptographic calculation like AES, RSA and request that the client pay a payoff to get back your records or framework in working. The assault is exceptionally famous and having one of the most assaulted lately on network security. Ransom ware attack identification frameworks are exceptionally famous and extremely valuable in the Attack Countermeasure methods in the organization security. A few instances of Ransom ware incorporate :
The major approaches for detecting and preventing ransom wares are as given below:
A. Local Static Information
A location calculation dependent on nearby static boundaries is fit for recognizing malware before it runs. A powerful calculation dependent on nearby static boundaries is the best and keeps away from any deficiency of client information. The static data got from the documents is connected with text strings or capacity calls.
B. Local Dynamic Information
Dynamic data can be measurable in nature; thusly, it requires gathering tests of ransom ware activities during a specific timespan. Disregarding genuine malware (bogus negative) and hindering harmless programming (bogus positive) should be considered as lethal calculation blunders. It tends to be assembled into three classes :
C. Information Extracted from Network traffic
Network traffic can be acquired at a contaminated host or at the nearby organization Internet access interface. Against malware programming can break down this traffic and recognize ransom ware activity. On the off chance that the activity is past to the information encryption stage, it can hinder the ransomware before it makes disastrous moves.
II. RELATED WORK
An early detection structure for detecting crypto-ransomware families has been proposed . The structure includes 3 modules, especially pre-processing, including design and identification modules. The pre-processing module uses a sliding window convention, FCM calculations are used for salience extraction, and anomaly-based findings are used for structure formation.  Proposed a framework that uses sample sequential matching computations for optimal element selection to orchestrate ransomware from benign applications. Using Locky (517 samples), Cerber (535 samples) and TeslaCrypt (572 samples) three kinds of ransomware tests, the detection accuracy on Goodware is close to 100%, and the accuracy in localization reaches 96.5%. The detection time of less than 10 seconds was tested using J48, MLP, Sacking and Random Backwoods grouping calculations. Another approach is to use AI methods combining static and dynamic investigations to identify ransomware, namely RansHunt . The framework separates the most relevant highlights from ransomware and ranks ransomware using Goodware's Support Vector Ransomware Machine Calculations. Additionally, 93.5%, 96.1%, and 97.10% of the 1,283 ransomware, goodware, and scareware samples, respectively, implemented static, dynamic, and hybrid methods to detect ransomware attacks. Use the Malware-O-Matic investigative phase to create an arrangement that validates the actions of the document framework, i.e. data-aware defenses, to gather ongoing information. They attempted measurable ransomware identification tests on more than 798 ransomware family samples and reported 99.37% accuracy, with each test losing up to 70MB 90% of the time and reaching 7MB 70% of the time. Testing was performed with PNG, ZIP and PDF documents. . Introducing REDEMPTION, an original protection method that creates a working framework to quickly recover from ransomware attacks. The framework examines all I/O usage requests under each process premise for possible signs of ransomware attacks. Assuming the I/O request shows signs of a ransomware attack, the I/O request will be terminated. This allows for zero information incidents. The dataset used for the localization process consisted of ransomware tests and benign samples, 504 samples from 12 dynamic ransomware families were used as ransomware families, and more than 230 GB of innocuous information was collected.
III. PROBLEM IDENTIFICATION
Signature-based, behavior-based, and specification-based techniques are commonly used to detect malware. Signature-based detection techniques maintain a database of known malicious program signatures and use those signatures to identify the presence of an attack by matching signatures stored in the database. This technique provides fast malware detection and requires less computing resources. However, it cannot detect new or unknown malware. Behaviour-based detection techniques analyse various characteristics, such as the source and destination of malware, attachment types, and statistical characteristics. Behaviour-based methods can detect both known and unknown malware, but they require significant computing resources, such as memory and CPU time.
Attackers additionally use emails and social media systems to distribute ransom ware with the aid of using placing malicious hyperlinks into messages. To inspire customers to click on at the malicious hyperlinks, the messages are generally worded in a manner that inspires a feel of urgency or intrigue. Clicking at the hyperlink triggers the down load of ransom ware, which encrypts the gadget and holds your records for ransom. Current technique makes use of CNN to stumble on Ransom ware malware.
A convolution neural community has a couple of hidden layers that assist in extracting information. The four important layers in CNN are:
The major steps in recognizing malicious URL are:
The CNN model comprises of following major modules:
V. RESULTS AND DISCUSSION
The current methodology uses a third-party dataset that is a amalgamation of the following malicious URL databases.
There are 2 output classification labels, benign or malicious. This work contains a simple proxy server that can work with browsers to detect malicious URLs. It as a filter for malicious URLs. It works with both HTTP and HTTPs requests. In your browser settings (firefox, for example), set the proxy settings to 127.0.0.1:8080.
Ransom ware assaults are exceptionally well known to the assailants as they are made or delivered income for aggressors. Additionally Ransom ware assault becomes most impressive danger to individual and associations as they stop the working of frameworks by assaulting and encoding records or frameworks. The current work attempts to detect the malicious url which are major medium through which a ransom ware spreads using CNN. The main advantage of CNN compared to its predecessors is that it automatically detects the important features without any human supervision. The future work aims to explore the uses of CNN in detection of ransom ware plugins.
 Anti-Phishing Working Group (APWG) Phishing Activity Trends Report, 1st Quarter 2021, Anti-Phishing Working Group, Inc. (2021), https://docs.apwg.org/reports/ apwg_trends_report_q1_2021.pdf.  Cooper, M., Levy, Y., Wang, L. and Dringus, L. Heads-up! An alert and warning system for phishing emails, Organizational Cybersecurity Journal: Practice, Process and People, 2021, 1–22.  Akdemir, N. and Yenal, S. How Phishers Exploit the Coronavirus Pandemic: A Content Analysis of COVID-19 Themed Phishing Emails, SAGE Open, 11(3), 2021, 1– 14,doi: 21582440211031879.  Mourtaji, Y., Bouhorma, M., Alghazzawi, D., Aldabbagh, G.andAlghamdi, A. Hybrid Rule-Based Solution for Phishing URL Detection Using Convolutional Neural Network, Wireless Communications and Mobile Computing, 2021, 1–24.  ] Mourtaji, Y., Bouhorma, M., Alghazzawi, D., Aldabbagh, G.andAlghamdi, A. Hybrid Rule-Based Solution for Phishing URL Detection Using Convolutional Neural Network, Wireless Communications and Mobile Computing, 2021, 1–24  Evans, K., Abuadbba, A., Ahmed, M., Wu, T., Johnstone, M., and Nepal, S. RAIDER: Reinforcementaided Spear Phishing Detector, arXiv preprint arXiv:2105.07582, 2021, 1–19.  D.Warren Fernando, N.Komninos, T.Chen,A Study on the Evolution of Ransomware Detection Using Machine Learning and DeepLearning Techniques, www.mdpi.com/journal/iot,Dec .2020  HR, M. G., Adithya, M. V. and Vinay, S. Development of anti-phishing browser based on random forest and rule of extraction framework, Cybersecurity. 3(1), 2020, 1–14.  El Aassal, A., Baki, S., Das, A. and Verma, R. M. An indepth benchmarking and evaluation of phishing detection research for security needs, IEEE Access, 8, 2020, 22170– 22192, doi: 10.1109/ACCESS.2020.2969780.  Mohammada, G. B., Shitharthb, S. and Kumarc, P. R. Integrated Machine Learning Model for an URL Phishing Detection, International Journal of Grid and Distributed Computing, 14(1) , 2020, 513–529.  DanielGibert,CarlesMateu,JordiPlanes,” The rise of machine learning for detection and classification of malware: Researchdevelopments, trends and challenges”,2020, Journal of Network and Computer ApplicationsVolume 153, 1 March 2020, 102526.  Bander Ali Shah Al-rimy , Crypto-ransomware early detection model using novel incremental bagging with enhanced semi-random subspace selection,Future Generation Computer SystemsVolume 101Issue CDec 2019 pp 476–491https://doi.org/10.1016/j.future.2019.06.005.  SajadHomayoun, AliDehghantanha, DRTHIS: Deep ransomware threat hunting and intelligence system at the fog layer,Future Generation Computer Systems Volume 90, January 2019, Pages 94-104  M.Ijaz, M.Hanif Durad, M.Ismail , Static and Dynamic Malware Analysis Using Machine Learning, 2019 IEEE.  Sahingoz, O. K., Buber, E., Demir, O. and Diri, B. Machine learning based phishing detection from URLs, Expert Systems with Applications, 117, 2019, 345–357, doi: https://doi.org/10.1016/j.eswa.2018.09.029.  Zhu, E., Chen, Y., Ye, C., Li, X. and Liu, F. OFS-NN: an effective phishing websites detection model based on optimal feature selection and neural network, IEEE Access. 7, 2019, 73271–73284, doi: 10.1109/ACCESS.2019.2920655.  Mao, J., Bian, J., Tian, W., Zhu, S., Wei, T., Li, A., and Liang, Z. Phishing page detection via learning classifiers from page layout feature, EURASIP Journal on Wireless Communications and Networking, 1, 2019, 1–14, doi: https://doi.org/10.1186/s13638- 019-1361-0.  Adebowale, M. A., Lwin, K. T., Sanchez, E. and Hossain, M. A. Intelligent web- phishing detection and protection scheme using integrated features of Images, frames and text, Expert Systems with Applications. 115, 2019, 300– 313.  Patil, D. R., Patil, J. B. Malicious web pages detection using feature selection techniques and machine learning, International Journal of High Performance Computing and Networking., 14(4), 2019, 473–488., doi: 10.1504/IJHPCN.2019.102355.  T. Boczan. (Jul. 2019). The Evolution of GandCrab Ransomware.Accessed:.[Online]. Available: https://www.vmray.com/cyber-security-blog/gandcrab-ransomware-evolution-analysis/  Zabihimayvan, M., Doran, D. and Solouk, V. Fuzzy Rough Set Feature Selection to Enhance Phishing Attack Detection, arXiv preprint: 1903.05675. (2019) 1–6.  Babagoli, M., Aghababa, M.P, M.P. and Solouk, V. Heuristic nonlinear regression strategy for detecting phishing websites, Soft Computing. 23(12), 2019, 4315– 4327.  Sahoo, D., Liu, C., Hoi, S. C., and Solouk, V. Malicious URL Detection using Machine Learning: A Survey, arXiv preprint arXiv:1701.07179. 2019, 1–37.  Ding, Y., Luktarhan, N., Li, K. and Slamu, W. A keywordbased combination approach for detecting phishing web pages, Computers & Security. 84, 2019, 1–6, doi:10.https://doi.org/10.1016/j.cose.2019.03.018.  Aurélien Palisse, Data Aware Defense (DaD): Towards a Generic and Practical Ransomware Countermeasure, TAMIS - Threat Analysis and Mitigation for Information Security Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL,2018  S. K. Shaukat and V. J. Ribeiro, ‘‘RansomWall: A layered defense system against cryptographic ransomware attacks using machine learning,’’ in Proc. 10th Int. Conf. Commun. Syst. Netw. (COMSNETS), Jan. 2018,pp. 356–363.  Omar M. K. Alhawi, James Baldwin, and Ali Dehghantanha, “Leveraging Machine Learning Techniques for Windows Ransomware Network Traffic Detection”, Springer International Publishing AG, part of Springer Nature 2018, Cyber Threat Intelligence,Advances in Information.Security 70, https://doi.org/10.1007/978-3-319- 73951-9_5.  Patil, D. R., Patil and J. B. Malicious URLs detection using decision tree classifiers and majority voting technique, Cybernetics and Information Technologies, 18(1), 2018, 11–29, doi: https://doi.org/10.2478/cait-2018-0002.  Dae-Youb Kim, Geun-Yeong Choi, and Ji-Hoon Lee, “White List-based Ransomware Real-time Detection and Prevention for User Device Protection”, 2018 IEEE International Conference on Consumer Electronics (ICCE), 978-1-5386-3025-/18/$31.00 ©2018 IEEE  Bander Ali Saleh Al-rimy(&), Mohd Aizaini Maarof, and Syed Zainuddin Mohd Shaid, “A 0-Day Aware Crypto-RansomwareEarly Behavioral Detection Framework”, Springer International Publishing AG 2018, Recent Trends in Information and Communication Technology, Lecture Notes on Data Engineering and Communications Technologies 5, DOI 10.1007/978-3- 319-59427-9_78.  M. AL-Hawawreh, N. Moustafa, E. SitnikovaIdentification of malicious activities in industrial internet of things based on deep learning modelsJournal of Information Security and Applications, Journal of Information Security and Applications, 41 (2018).  Niakanlahiji, A., Chu, B. T. and Al-Shaer, E. PhishMon: A Machine Learning Framework for Detecting Phishing Web pages, In : IEEE Int. Conf. Intelligence and Security Informatics (ISI), (Miami, FL, USA, 2018), pp. 220–225.  Yuan, H., Chen, X., Li, Y., Yang, Z. and Liu, W. Detecting Phishing Websites and Targets Based on URLs and Webpage Links, In: Int. Conf. Pattern Recognition (ICPR), (Beijing, China, 2018), pp. 3669–3674.  Patil, D. R.Patil and J. B. Feature-based Malicious URL and Attack Type Detection Using Multi-class Classification, The ISC International Journal of Information Security (ISeCure). 10(2), 2018, 141–162, doi:10.22042/ISECURE.2018.0.0.1.  Mishra, A. and Gupta, B. B. Intelligent phishing detection system using similarity matching algorithms, International Journal of Information and Communication Technology. 12(1-2), 2018, 51–73.  Md Mahbub Hasan, RansHunt: A support vector machines based ransomware analysis framework with integrated feature set,December 2017 DOI:10.1109/ICCITECHN.2017.8281835 Conference: 2017 20th International Conference of Computer and Information Technology (ICCIT).  Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks - Amin Kharraz , William Robertson , Davide Balzarotti , Leyla Bilge , EnginKirda,2017  Arab, M., and Sohrabi, M. K. Proposing a new clustering method to detect phishing web- sites, Turkish Journal of Electrical Engineering and Computer Sciences. 25(6), 2017, 4757–4767  B Jyothi Kumar, Naveen H, B Praveen Kumar, Sai Shyam Sharma,Jaime Villegas,”Logistic Regression For Polymorphic Malware Detection Using ANOVA F-Test,2017 International Conference on Innovations in information Embedded and Communication Systems (ICIIECS).  B. Athiwaratkun, J.W. StokesMalware classification with lstm and gru language models and a character-level cnn2017 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) (March 2017).
Copyright © 2022 Sonal Yadav, Neelam Sharma, LalitKumar P. Bhaiya, Virendra Kumar Swarnkar. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.