Dynamic Opcode Analysis of Ransomware

Research output: Chapter in Book/Report/Conference proceedingConference contribution

296 Downloads (Pure)

Abstract

The explosion of ransomware in recent years has served as a costly reminder that the malware threatscape has moved from that of socially-inept hobbyists to career criminals. This paper investigates the efficacy of dynamic opcode analysis in distinguishing cryptographic ransomware from benignware, and presents several novel contributions. Firstly, a new dataset of cryptoransomware dynamic run-traces, the largest of its kind in the literature. We release this to the wider research community to foster further research in the field. Our second novel contribution demonstrates that a short runlength of 32k opcodes can provide highly accurate detection of ransomware (99.56%) compared to benign software. Third, our model offers a distinct advantage over other models in the literature, in that it can detect a form of benign encryption (i.e. file zipping) with 100% accuracy against not only ransomware, but also the non-encrypting benignware in our dataset. The research presented here demonstrates that dynamic opcode tracing is capable of detecting ransomware in comparable times to static analysis, without being thwarted by obfuscation tactics.
Original languageEnglish
Title of host publicationProceedings of International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2018)
Publisher IEEE
Number of pages4
ISBN (Electronic)978-1-5386-4683-0
ISBN (Print)978-1-5386-4684-7
DOIs
Publication statusPublished - 07 Dec 2018
EventInternational Conference on Cyber Security and Protection of Digital Services (Cyber Security 2018) - Glasgow, United Kingdom
Duration: 11 Jun 201812 Jun 2018

Conference

ConferenceInternational Conference on Cyber Security and Protection of Digital Services (Cyber Security 2018)
CountryUnited Kingdom
CityGlasgow
Period11/06/201812/06/2018

Fingerprint Dive into the research topics of 'Dynamic Opcode Analysis of Ransomware'. Together they form a unique fingerprint.

  • Cite this

    Carlin, D., O'Kane, P., & Sezer, S. (2018). Dynamic Opcode Analysis of Ransomware. In Proceedings of International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2018) IEEE . https://doi.org/10.1109/CyberSecPODS.2018.8560667