Skip to main content

Research Repository

Advanced Search

Majority Voting Ransomware Detection System

Davies, Simon R.; Macfarlane, Rich; Buchanan, William J.

Authors



Abstract

Crypto-ransomware remains a significant threat to governments and companies alike, with high-profile cyber security incidents regularly making headlines. Many different detection systems have been proposed as solutions to the ever-changing dynamic landscape of ransomware detection. In the majority of cases, these described systems propose a method based on the result of a single test performed on either the executable code, the process under investigation, its behaviour, or its output. In a small subset of ransomware detection systems, the concept of a scorecard is employed where multiple tests are performed on various aspects of a process under investigation and their results are then analysed using machine learning. The purpose of this paper is to propose a new majority voting approach to ransomware detection by developing a method that uses a cumulative score derived from discrete tests based on calculations using algorithmic rather than heuristic techniques. The paper describes 23 candidate tests, as well as 9 Windows API tests which are validated to determine both their accuracy and viability for use within a ransomware detection system. Using a cumulative score calculation approach to ransomware detection has several benefits, such as the immunity to the occasional inaccuracy of individual tests when making its final classification. The system can also leverage multiple tests that can be both comprehensive and complimentary in an attempt to achieve a broader, deeper, and more robust analysis of the program under investigation. Additionally, the use of multiple collaborative tests also significantly hinders ransomware from masking or modifying its behaviour in an attempt to bypass detection. The results achieved by this research demonstrate that many of the proposed tests achieved a high degree of accuracy in differentiating between benign and malicious targets and suggestions are offered as to how these tests, and combinations of tests, could be adapted to further improve the detection accuracy.

Citation

Davies, S. R., Macfarlane, R., & Buchanan, W. J. (2023). Majority Voting Ransomware Detection System. Journal of Information Security, 14(4), 264-293. https://doi.org/10.4236/jis.2023.144016

Journal Article Type Article
Acceptance Date Aug 13, 2023
Online Publication Date Aug 16, 2023
Publication Date 2023-10
Deposit Date Aug 16, 2023
Publicly Available Date Aug 16, 2023
Journal Journal of Information Security
Print ISSN 2153-1234
Electronic ISSN 2153-1242
Publisher Scientific Research Publishing
Peer Reviewed Peer Reviewed
Volume 14
Issue 4
Pages 264-293
DOI https://doi.org/10.4236/jis.2023.144016
Keywords Ransomware

Files








You might also like



Downloadable Citations