RANDES: A Ransomware Detection System based on Machine Learning

Abstract

Ransomware is one of the most prevalent cybercrimes where an attacker steals or freezes the organizational data through the data encryption. Thus, the task of ransomware detection has great importance in the field of cyber security. One thing in common with the existing models today is that they treated the assemblies as one long text. While in the execution of real code, the program counter may jump in between lines, making it more like graph traversal than linear. Thus, we proposed a new deep learning model for ransomware detection based on the executable file disassembling analysis. We split the assemblies into non-branching sequences and apply per-sequence embedding. Then, we employed Graph Attention Network (GAT) to classify whether a suspect executable file is a ransomware. Finally, we conducted experiments to show that our proposed system is efficient for real deployment.