Publication

Abstract : Malware has become a significant hazard in cyberspace, especially with the exponential growth in Internet adoption and dependence. Among the various types of malware, ransomware stands out as a particular threat, capable of targeting both individuals and businesses by encrypting and extorting sensitive data for ransom. In recent years, ransomware has become increasingly prevalent, and the encryption deployed in ransomware-infected devices is often considered practically irreversible. Despite the existence of numerous ransomware deterrent systems, the resulting damages remain substantial. This situation is further exacerbated by the recent surge in adversarial attacks, where ransomware is engineered to evade these deterrent systems. There are sophisticated attack kits in place which can generate ransomware with code level variations to evade detection. Consequently, establishing effective early detection and mitigation methods against these sophisticated ransomware strains is imperative. The proposed research presents a novel ransomware detection system based on the Attributed Control Flow Graph (ACFG). This system detects ransomware by extracting structural features from ACFG and distinctive behavioural characteristics of ransomware. This comprehensive feature set significantly enhances the system's ability to detect ransomware samples and increases its resilience against adversarial samples. Adversarial samples are generated through Graph Embedding and Augmentation (GEA) techniques, which manipulate the structural features of ransomware while retaining its malicious behaviour. The efficacy of the proposed approach has been validated, yielding impressive results against ransomware samples and potential adversarial samples.