본문 바로가기 사이드메뉴 바로가기 대메뉴 바로가기

Applied Mathematics and Statistics

News & Events

[Seminar] Two-Stage Ransomware Detection Using Dynamics Analysis and Machine Learning Techniques

AuthorApplied Mathematics & Statistics REG_DATE2024.04.15 Hits251

Speaker: Jinsoo Hwang  
Location: B105
Date and Time: 

About the Speaker: Dr. Jinsoo Hwang

  • Adjunct Professor, Dept. of Applied Mathematics and Statistics | SUNY Korea
  • Dean, College of Natural Sciences Inha University
  • Assistant Professor, Department of Mathematical Sciences | Arizona State University
  • Ph.D. in Statistics Purdue University
  • M.S. in Statistics | Seoul National University
  • B.S. in Statistics & Computer Science Seoul National University

Abstract
Detecting ransomware is harder than general malware because of the ever-increasing number of ransomwares with different signatures, which makes traditional signature-based detection technique powerless against ransomware. Current ransomware detection techniques usually build a complex model that incorporates various behavioral traits. The traits include suspicious file activities, API call pattern or frequency, registry keys, file extensions, etc.


In this paper, we build a two-stage mixed ransomware detection model, Markov model and Random Forest model. First, we focus on Windows API call sequence pattern and build a Markov model to capture the characteristics of ransomware. Next, we build Random Forest machine learning model to the remaining data to control both false positive (FPR) and false negative (FNR) error rates. As a result of our two-stage mixed detection method we can achieve overall accuracy 97.3% with 4.8% FPR and 1.5% FNR.