Speaker: Jinsoo Hwang Location: B105 Date and Time:
About the Speaker: Dr. Jinsoo Hwang
Adjunct Professor, Dept. of Applied Mathematics and Statistics | SUNY Korea
Dean, College of Natural Sciences| Inha University
Assistant Professor, Department of Mathematical Sciences| Arizona State University
Ph.D. in Statistics| Purdue University
M.S. in Statistics| Seoul National University
B.S. in Statistics & Computer Science| Seoul National University
Abstract
Detecting ransomware is harder than general malware because of the ever-increasing number of ransomwares with different signatures, which makes traditional signature-based detection technique powerless against ransomware. Current ransomware detection techniques usually build a complex model that incorporates various behavioral traits. The traits include suspicious file activities, API call pattern or frequency, registry keys, file extensions, etc.
In this paper, we build a two-stage mixed ransomware detection model, Markov model and Random Forest model. First, we focus on Windows API call sequence pattern and build a Markov model to capture the characteristics of ransomware. Next, we build Random Forest machine learning model to the remaining data to control both false positive (FPR) and false negative (FNR) error rates. As a result of our two-stage mixed detection method we can achieve overall accuracy 97.3% with 4.8% FPR and 1.5% FNR.