Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory
作者:
Highlights:
• A solution for trusted detection of unknown ransomware in VMs is proposed.
• Valuable data is extracted from the VM's memory dump using the Volatility framework.
• General descriptive features are proposed and successfully leveraged by ML algorithms.
• The solution was rigorously evaluated using notorious and professional ransomwares.
• The Random Forest classifier successfully detected known and unknown ransomware.
摘要
•A solution for trusted detection of unknown ransomware in VMs is proposed.•Valuable data is extracted from the VM's memory dump using the Volatility framework.•General descriptive features are proposed and successfully leveraged by ML algorithms.•The solution was rigorously evaluated using notorious and professional ransomwares.•The Random Forest classifier successfully detected known and unknown ransomware.
论文关键词:Ransomware,Volatile memory,Forensics,Memory dumps,Virtual machine,Private cloud,Machine Learning,Detection,Malware
论文评审过程:Received 24 October 2017, Revised 26 February 2018, Accepted 27 February 2018, Available online 28 February 2018, Version of Record 19 March 2018.
论文官网地址:https://doi.org/10.1016/j.eswa.2018.02.039
