scholarly journals Ransomware Detection Based On Opcode Behavior Using K-Nearest Neighbors Algorithm

2021 ◽  
Vol 50 (3) ◽  
pp. 495-506
Author(s):  
Deris Stiawan ◽  
Somame Morianus Daely ◽  
Ahmad Heryanto ◽  
Nurul Afifah ◽  
Mohd Yazid Idris ◽  
...  
Keyword(s):  
Detection Method ◽  
Nearest Neighbors ◽  
Information Privacy ◽  
Control Flow ◽  
Experimental Results ◽  
Control Flow Graph ◽  
K Nearest Neighbors ◽  
Flow Graph ◽  
Behavioural Characteristics

Ransomware is a malware that represents a serious threat to a user’s information privacy. By investigating howransomware works, we may be able to recognise its atomic behaviour. In return, we will be able to detect theransomware at an earlier stage with better accuracy. In this paper, we propose Control Flow Graph (CFG) asan extracting opcode behaviour technique, combined with 4-gram (sequence of 4 “words”) to extract opcodesequence to be incorporated into Trojan Ransomware detection method using K-Nearest Neighbors (K-NN)algorithm. The opcode CFG 4-gram can fully represent the detailed behavioural characteristics of Trojan Ransomware.The proposed ransomware detection method considers the closest distance to a previously identifiedransomware pattern. Experimental results show that the proposed technique using K-NN, obtains the best accuracyof 98.86% for 1-gram opcode and using 1-NN classifier.

scholarly journals A Detection Approach for Vulnerability Exploiter Based on the Features of the Exploiter

2021 ◽  
Vol 2021 ◽  
pp. 1-14
Author(s):  
Jinchang Hu ◽  
Jinfu Chen ◽  
Sher Ali ◽  
Bo Liu ◽  
Jingyi Chen ◽  
...  
Keyword(s):  
Computer Security ◽  
Detection Method ◽  
Control Flow ◽  
Experimental Results ◽  
Control Flow Graph ◽  
System Software ◽  
Flow Graph ◽  
Software Vulnerabilities ◽  
Detection Approach ◽  
Control Flow Integrity

With the wide application of software system, software vulnerability has become a major risk in computer security. The on-time detection and proper repair for possible software vulnerabilities are of great importance in maintaining system security and decreasing system crashes. The Control Flow Integrity (CFI) can be used to detect the exploit by some researchers. In this paper, we propose an improved Control Flow Graph with Jump (JCFG) based on CFI and develop a novel Vulnerability Exploit Detection Method based on JCFG (JCFG-VEDM). The detection method of the exploit program is realized based on the analysis results of the exploit program. Then the JCFG is addressed through combining the features of the exploit program and the jump instruction. Finally, we implement JCFG-VEDM and conduct the experiments to verify the effectiveness of the proposed method. The experimental results show that the proposed detection method (JCFG-VEDM) is feasible and effective.

A Detection method based on Control Flow Graph for Cisco IOS Security

2014 ◽  
Vol 12 (3) ◽  
Author(s):  
Sheng-li Liu ◽  
Xiang Gao ◽  
Xiang Gao ◽  
Cheng Zeng ◽  
Cheng Zeng ◽  
...  
Keyword(s):  
Detection Method ◽  
Control Flow ◽  
Control Flow Graph ◽  
Flow Graph
Sign in / Sign up

Export Citation Format

Share Document