IIT researchers develop solution for dreaded malware

Researchers of the computer science and engineering department of IIT Delhi have developed a multi-layered solution, implemented for Microsoft Windows, for a dreaded type of malware called Ransomware. Ransomware encrypts a user's files and asks for a ransom in order to decrypt files. Recent worldwide cybersecurity attacks caused by Cryptographic Ransomware, called WannaCry, massively crippled organizations across the globe.

The solution, called RansomWall, based on analysis of an extensive dataset of Ransomware families, uses a type of Artificial Intelligence called Machine Learning to defend against RansomWare. It follows a Hybrid approach of combined Static and Dynamic analysis to generate a novel compact set of features that characterizes the Ransomware behaviour. RansomWall was presented as a research paper recently at COMSNETS 2018.

“Most of the existing Ransomware detection techniques are effective against known and already analyzed samples but very weak against polymorphic, obfuscated and zero-day attacks which are extensively used by modern-day Cryptographic Ransomware. Indicators used for tracking are often large in number and similar to generic malware, but they do not completely capture the specific behaviours shown by Ransomware families,” says researcher Saiyed Kashif Shaukat, one of the authors of the paper.

“Based on the analysis of an extensive Ransomware dataset, this paper presents a layered defence mechanism with monitoring of a novel compact feature set that characterizes Ransomware behaviour. Strong Trap layer (early detection), Machine Learning layer (zero-day intrusions) and File Backuplayer (preserving user data) helps RansomWall to attain a detection rate of 98.25% with near-zero false positives usingGradient Tree Boosting Algorithm,” the paper titled RansomWall: A Layered Defense System against Cryptographic Ransomware Attacks using Machine Learning, maintains.

“Ransomware has grown to become the most dangerous and aggressive malware of recent times. RansomWare has become so sophisticated that it outwits antivirus solutions, by staying one step ahead of them. Our solution uses Artificial Intelligence in addition to other standard techniques for malware detection, and even makes copies of files before they are attacked by Ransomware, to make the defence much stronger. Wedo all this without burdening the CPU by more than 1 – 2%. Testing on large scale setups is part of future work,” says Vinay Ribeiro, Associate Professor in the Computer Science and Engineering Department and the second author of the paper.