# Prevention of Crypto-Ransomware Using a Pre-Encryption Detection Algorithm

^{1}

^{2}

^{*}

## Abstract

**:**

## 1. Introduction

## 2. Literature Review

## 3. Proposed Pre-Encryption Detection Algorithm (PEDA)

#### 3.1. Phase-I: Learning Algorithm (LA)

#### 3.2. Phase-II: Signature Repository

## 4. Results and Discussion

#### 4.1. Discussion

#### 4.2. Methodology

- TP – True Positive
- TN – True Negative
- FP – False Positive
- FN – False Negative

## 5. Conclusions and Future Work

## Author Contributions

## Funding

## Conflicts of Interest

## References

- Tailor, J.P.; Patel, A.D. A Comprehensive Survey: Ransomware Attacks Prevention, Monitoring and Damage Control. Int. J. Res. Sci. Innov.
**2017**, 4, 2321–2705. [Google Scholar] - Askarifar, S.; Rahman, N.A.A.; Osman, H. A review of latest wannacry ransomware: Actions and preventions. J. Eng. Sci. Technol.
**2018**, 13, 24–33. [Google Scholar] - Mathur, A.; Idika, N. A Survey of Malware Detection Techniques; Department of Computer Science, Purdue University: West Lafayette, IN, USA, 2007. [Google Scholar]
- Shakir, H.; Jaber, A.N. A Short Review for Ransomware: Pros and Cons. In International Conference on P2P, Parallel, Grid, Cloud and Internet Computing; Springer: Cham, Switzerland, 2018. [Google Scholar]
- Celiktas, B.; Karacuha, E. The Ransomware Detection and Prevention Tool Design by Using Signature and Anomaly Based Detection Methods. Ph.D. Thesis, Istanbul Technical University, Istanbul, Turkey, 2018. [Google Scholar]
- Alhawi, O.M.K.; Baldwin, J.; Dehghantanha, A. Leveraging Machine Learning Techniques for Windows Ransomware Network Traffic Detection. Adv. Inf. Secur.
**2018**, 70, 1–11. [Google Scholar] - Homayoun, S.; Dehghantanha, A.; Ahmadzadeh, M.; Hashemi, S.; Khayami, R.; Choo, K.K.R.; Newton, D.E. DRTHIS: Deep ransomware threat hunting and intelligence system at the fog layer. Future Gener. Comput. Syst.
**2019**, 90, 94–104. [Google Scholar] [CrossRef] - Branche, P.O. Ransomware: An Analysis of the Current and Future Threat Ransomware Presents. Ph.D. Thesis, Utica College, Utica, NY, USA, 2017. [Google Scholar]
- Hull, G.; John, H.; Arief, B. Ransomware deployment methods and analysis: Views from a predictive model and human responses. Crime Sci.
**2019**, 8, 2. [Google Scholar] [CrossRef] - Torres, P.E.P.; Yoo, S.G. Detecting and neutralizing encrypting Ransomware attacks by using machine-learning techniques: A literature review. Int. J. Appl. Eng. Res.
**2017**, 12, 7902–7911. [Google Scholar] - Pektaş, A.; Acarman, T. Classification of malware families based on runtime behaviors. J. Inf. Secur. Appl.
**2017**, 37, 91–100. [Google Scholar] [CrossRef] - Zhang, H.; Xiao, X.; Mercaldo, F.; Ni, S.; Martinelli, F.; Sangaiah, A.K. Classification of ransomware families with machine learning based on N-gram of opcodes. Future Gener. Comput. Syst.
**2019**, 90, 211–221. [Google Scholar] [CrossRef] - Alzahrani, A.; Alshehri, A.; Alshahrani, H.; Alharthi, R.; Fu, H.; Liu, A.; Zhu, Y. RanDroid: Structural Similarity Approach for Detecting Ransomware Applications in Android Platform. In Proceedings of the 2018 IEEE International Conference on Electro/Information Technology (EIT), Rochester, MI, USA, 3–5 May 2018; pp. 892–897. [Google Scholar]
- Kumar, A.; Kuppusamy, K.S.; Aghila, G. A learning model to detect maliciousness of portable executable using integrated feature set. J. King Saud Univ. Comput. Inf. Sci.
**2016**, 31, 252–265. [Google Scholar] [CrossRef] - Cimitile, A.; Mercaldo, F.; Nardone, V.; Santone, A.; Visaggio, C.A. Talos: No more ransomware victims with formal methods. Int. J. Inf. Secur.
**2018**, 17, 719–738. [Google Scholar] [CrossRef] - Surati, S.B.; Prajapati, G.I. A Review on Ransomware Detection & Prevention. IJRS
**2017**, IV, 86–91. [Google Scholar] - Kardile, A.B. Crypto Ransomware Analysis and Detection Using Process Monitor. Ph.D. Thesis, The University of Texas at Arlington, Arlington, TX, USA, 2017. [Google Scholar]
- Kharraz, A.; Robertson, W. Techniques and Solutions for Addressing Ransomware Attacks. Ph.D. Thesis, Northeastern University, Boston, MA, USA, 2017. [Google Scholar]
- Monika; Zavarsky, P.; Lindskog, D. Experimental Analysis of Ransomware on Windows and Android Platforms: Evolution and Characterization. Procedia Comput. Sci.
**2016**, 94, 465–472. [Google Scholar] [CrossRef] - Mulders, D.A.C. Network Based Ransomware Detection on the Samba Protocol. Master’s Thesis, Eindhoven University of Technology, Eindhoven, The Netherlands, 2017. [Google Scholar]
- Scaife, N.; Carter, H.; Traynor, P.; Butler, K.R.B. CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data. In Proceedings of the 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), Nara, Japan, 27–30 June 2016; pp. 303–312. [Google Scholar]
- Shaukat, S.K.; Ribeiro, V.J. RansomWall: A Layered Defense System against Cryptographic Ransomware Attacks using Machine Learning. In Proceedings of the 2018 10th International Conference on Communication Systems & Networks (COMSNETS), Bengaluru, India, 3–7 January 2018. [Google Scholar]
- Ami, O.; Elovici, Y.; Hendler, D. Ransomware Prevention Using Application Authentication-Based File Access Control. In Proceedings of the 33rd Annual ACM Symposium on Applied Computing, Pau, France, 9–13 April 2018. [Google Scholar]
- Song, S.; Kim, B.; Lee, S. The Effective Ransomware Prevention Technique Using Process Monitoring on Android Platform. Mob. Inf. Syst.
**2016**, 2016, 2946735. [Google Scholar] [CrossRef] - Gómez-Hernández, J.A.; Álvarez-González, L.; García-Teodoro, P. R-Locker: Thwarting ransomware action through a honeyfile-based approach. Comput. Secur.
**2018**, 73, 389–398. [Google Scholar] [CrossRef] [Green Version] - Tandon, A.; Nayyar, A. A Comprehensive Survey on Ransomware Attack: A Growing Havoc Cyberthreat; Springer: Singapore, 2018. [Google Scholar]
- Kok, S.H.; Abdullah, A.; Jhanjhi, N.Z.; Supramaniam, M. Ransomware, Threat and Detection Techniques: A Review. Int. J. Comput. Sci. Netw. Secur.
**2019**, 19, 136–146. [Google Scholar] - Fawagreh, K.; Gaber, M.M.; Elyan, E. Random forests: From early developments to recent advancements. Syst. Sci. Control Eng.
**2014**, 2, 602–609. [Google Scholar] [CrossRef] - Chen, S.; Xue, M.; Fan, L.; Hao, S.; Xu, L.; Zhu, H.; Li, B. Automated poisoning attacks and defenses in malware detection systems: An adversarial machine learning approach. Comput. Secur.
**2018**, 73, 326–344. [Google Scholar] [CrossRef] - Sgandurra, D.; Muñoz-González, L.; Mohsen, R.; Lupu, E.C. Automated Dynamic Analysis of Ransomware: Benefits, Limitations and Use for Detection. arXiv
**2016**, arXiv:1609.03020v1. [Google Scholar] - Kok, S.H.; Abdullah, A.; Supramaniam, M.; Pillai, T.R.; Hashem, I.A.T. A Comparison of Various Machine Learning Algorithms in a Distributed Denial of Service Intrusion. Int. J. Eng. Res. Technol.
**2019**, 12, 1–7. [Google Scholar] - Lim, M.; Abdullah, A.; Jhanjhi, N.Z. Performance optimization of criminal network hidden link prediction model with deep reinforcement learning. J. King Saud Univ. Comput. Inf. Sci.
**2019**. [Google Scholar] [CrossRef] - Olaniran, O.R.; Abdullah, M.A.A.B. BayesRandomForest: An R Implementation of Bayesian Random Forest for Regression Analysis of High-Dimensional Data. In Proceedings of the Third International Conference on Computing, Mathematics and Statistics (iCMS2017); Springer: Singapore, 2018; Volume 1, pp. 95–102. [Google Scholar]
- Taddy, M.; Chen, C.-S.; Yu, J.; Wyle, M. Bayesian and Empirical Bayesian Forests. arXiv
**2015**, arXiv:1502.02312v2. [Google Scholar] - Kok, S.H.; Abdullah, A.; Jhanjhi, N.Z.; Supramaniam, M. A Review of Intrusion Detection System using Machine Learning Approach. Int. J. Eng. Res. Technol.
**2019**, 12, 9–16. [Google Scholar]

**Figure 6.**Comparison of RF, PEDA, Correlation-based Feature Selection + Random Forest (CFS+RF) and Principal Component Analysis + Random Forest (PCA+RF).

No. | Data | Count |
---|---|---|

1 | File | 8 |

2 | API | 3 |

3 | I/O | 3 |

4 | Registry | 2 |

5 | Network | 2 |

6 | Opcode | 1 |

7 | Process | 1 |

8 | Text | 1 |

9 | Image | 1 |

10 | PE header | 1 |

11 | Android | 2 |

Sample | ID | Quantity |
---|---|---|

Goodware | 0 | 942 |

Critroni’ | 1 | 50 |

CryptLocker’ | 2 | 107 |

CryptoWall’ | 3 | 46 |

KOLLAH’ | 4 | 25 |

Kovter’ | 5 | 64 |

Locker’ | 6 | 97 |

MATSNU’ | 7 | 59 |

PGPCODER’ | 8 | 4 |

Reveton’ | 9 | 90 |

TeslaCrypt’ | 10 | 6 |

Trojan-Ransom’ | 11 | 34 |

No. | Category | Quantity |
---|---|---|

1 | API | 232 |

2 | Registration Key | 346 |

3 | Dropped File | 6622 |

4 | Files and Directory Operation | 7500 |

5 | Embedded String | 16,267 |

Total | 30,967 |

Predicted Class | |||
---|---|---|---|

Negative (Normal) | Positive (Attack) | ||

Actual Class | Negative (Normal) | True Negative (TN) | False Positive(FP) |

Positive (Attack) | False Negative (FN) | True Positive(TP) |

© 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Kok, S.H.; Abdullah, A.; Jhanjhi, N.; Supramaniam, M.
Prevention of Crypto-Ransomware Using a Pre-Encryption Detection Algorithm. *Computers* **2019**, *8*, 79.
https://doi.org/10.3390/computers8040079

**AMA Style**

Kok SH, Abdullah A, Jhanjhi N, Supramaniam M.
Prevention of Crypto-Ransomware Using a Pre-Encryption Detection Algorithm. *Computers*. 2019; 8(4):79.
https://doi.org/10.3390/computers8040079

**Chicago/Turabian Style**

Kok, S. H., Azween Abdullah, NZ Jhanjhi, and Mahadevan Supramaniam.
2019. "Prevention of Crypto-Ransomware Using a Pre-Encryption Detection Algorithm" *Computers* 8, no. 4: 79.
https://doi.org/10.3390/computers8040079