Peeler: Profiling Kernel-Level Events to Detect Ransomware
- Authors
- Ahmed, M.E.[Ahmed, M.E.]; Kim, H.[Kim, H.]; Camtepe, S.[Camtepe, S.]; Nepal, S.[Nepal, S.]
- Issue Date
- 2021
- Publisher
- Springer Science and Business Media Deutschland GmbH
- Keywords
- Deep learning; Fileless malware; Machine learning; Malware behavior analysis; Ransomware detection; Screen-locker
- Citation
- Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), v.12972 LNCS, pp.240 - 260
- Indexed
- SCOPUS
- Journal Title
- Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
- Volume
- 12972 LNCS
- Start Page
- 240
- End Page
- 260
- URI
- https://scholarworks.bwise.kr/skku/handle/2021.sw.skku/92853
- DOI
- 10.1007/978-3-030-88418-5_12
- ISSN
- 0302-9743
- Abstract
- Because the recent ransomware families are becoming progressively more advanced, it is challenging to detect ransomware using static features only. However, their behaviors are still more generic and universal to analyze due to their inherent goals and functions. Therefore, we can capture their behaviors by monitoring their system-level activities on files and processes. In this paper, we present a novel ransomware detection system called “Peeler” (Profiling kErnEl -Level Events to detect Ransomware). Peeler first identifies ransomware’s inherent behavioral characteristics such as stealth operations performed during the attack, processes execution patterns, and correlations among different kernel-level events by analysing a large-scaled OS-level provenance data collected from a diverse set of ransomware families. Peeler specifically uses a novel NLP-based deep learning model to fingerprint the contextual behavior of applications by leveraging Bidirectional Encoder Representations from Transformers (BERT) pre-trained model. We evaluate Peeler on a large ransomware dataset including 67 ransomware families and demonstrate that it achieves a 99.5% F1-score. © 2021, Springer Nature Switzerland AG.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - Computing and Informatics > Computer Science and Engineering > 1. Journal Articles
![qrcode](https://api.qrserver.com/v1/create-qr-code/?size=55x55&data=https://scholarworks.bwise.kr/skku/handle/2021.sw.skku/92853)
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.